Catch all for Metadata storage in SQL database
Hi, the https://doc.dovecot.org/configuration_manual/imap_metadata/ sample uses mail_attribute_dict = file:%h/Maildir/dovecot-attributes which stores all keys=value pairs in the file. http://dovecot.2317879.n4.nabble.com/Dovecot-v2-3-9-3-HTTP-API-Endpoint-for-mailbox-cryptokey-operations-td70801.html uses a SQL dict, however very specific ones. How can I use a SQL dict to store _all_ keys, as with a file based storage? I cannot find a documentation for "pattern" specification, that works as "catch all", in order to store anything not catched by patterns into the database. https://wiki.dovecot.org/Dictionary does not give any hint (in my eyes). -- Steffen Kaiser
more generic approach as for userdb? (was: Dict issue with PostgreSQL for last_login plugin (duplicate key))
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 May 2019, John Fawcett via dovecot wrote: an update when insert fails seems to be a MySQL specific extension to standard Sql. So I think that it's clear that support for PostgreSql and Sqlite needs to be implemented. The same issue likely exist in other plugins too, for example expire. My doubts are around the right solution to adopt. Initially I thought that there was a PostgreSql syntax similar to MySQL which could be easily added to the code, but closer inspection shows that the PostgreSql syntax requires specification of either a constraint name or the index column(s) for the primary/unique keys. You mean the "target" in ON CONFLICT target action, right? http://www.postgresqltutorial.com/postgresql-upsert/ Constraint names are nowhere specified in the dictionary map syntax and it's not possible either to identify with 100% certainty the primary key column(s). One could dive into Postgres-specifics to get it, but there are other SQLs, too; the quota plugin advertises to use TRIGGERs to turn an INSERT into an UPDATE silently, which is no general approach either. https://wiki2.dovecot.org/Quota/Dict 1) logic which always tries to update and falls back to insert if the update fails (or viceversa) for all sql dictionaries. 2) updates to the map syntax so that either the constraint name or primary key columns can be specified. Ideas are welcome. Maybe, one should drop the automatic at all and let the user specify the commands manually like with the userdb/passwd. Hence, the generic SQL preparation code is already present. There could/should/would be documented lots of "best practice" settings for various backends. In fact, this approach would better fit into the open and more "general" base idea Dovecot uses in other places, IMHO. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXOY0bsQnQQNheMxiAQKNOQgAmRzNVJTNn3XpHBBGnZOtZ5Ku9Cp9UZIY 70HukeDKdR6rg7XNFGhwTDGa30QRGABByoospMHLAIabZ7j9WFaajAKI01roXotc skD+T8orvpk7BH/2+f2v5f67xa3GU6LJE330yZJubFb87NFq4otdtXGjhPjCf16j /wREiuSi0CqDTMtSOXjHXtViI9EL/e+CoJtEgK+gaXINCdCP7Cb2OEjtXHpItuqm tUAQoh418wWfVt6k6NgpDVX/hD+RyRfxKI4dste0VJZ9OEhH1mpPGaRB/BIkhEh4 OJ18upVhIXbJPDyAPofSB1YGDkPl/HlChmh+QuOpVm9rolmt9SyZQg== =unPo -END PGP SIGNATURE-
Re: Dovecot not connecting to OpenLDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 15 May 2019, Elias Falconi via dovecot wrote: 2019-05-15 16:27:43 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext: ldap_start_tls_s() failed: Can't contact LDAP server 2019-05-15 16:39:36 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext: ldap_start_tls_s() failed: Connect error 2019-05-15 16:39:43 auth: Error: LDAP /etc/dovecot/dovecot-ldap.conf.ext: ldap_start_tls_s() failed: Local error # Space separated list of LDAP hosts to use. host:port is allowed too. hosts = 139.147.9.135 # Use TLS to connect to the LDAP server. tls = yes # TLS options, currently supported only with OpenLDAP: #tls_ca_cert_file =/etc/ssl/certs/ldap.crt tls_ca_cert_file =/etc/ssl/certs/ldap6_cacert.pem # is still used, only the password field is ignored in it. Before doing any # search, the binding is switched back to the default DN. auth_bind = yes # For example: # auth_bind_userdn = cn=%u,ou=people,o=org # #auth_bind_userdn = are you sure these settings fit each other? a) IP address, but force tls with cert - -> is the IP address part of the alternate subjects of the cert? you seem to use STARTTLS https://docs.oracle.com/cd/E22289_01/html/821-1273/testing-ssl-starttls-and-sasl.html b) once you've sorted TLS out looks like auth_bind conflicts with auth_bind_userdn - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXNz+EsQnQQNheMxiAQI8eggAh8bjcL6FQJgZBUd10bWBzPhR1UQmyUHx 6waUF02hPX2FJW/HnXcyHCcT/lR6sq1fIOYtT+IFniBmXt/MNb9cRi1PwGEdVWgs 6d7QNwRhesHLkfDnuK4WIt2J9/RXoWcUK/KW1DQ4cGPwXDCsDzAJnaFoqYqlN9DF PjnZKyKaKoGvstDLTM0tFk87iHDue4SkWsw72o2sWEhOxgSdVGfN0taLh1nh Spwdz03mTpZwJJW5MyDplklGofWLEZD8jiclsWsaSOb7A0+05gK7nl4YsLrnCIH7 9lADo4LNmCr4g90Xf6zO4T5HlpUjvQNME3OwiI+mIeoXPvU7wjYinA== =6QRq -END PGP SIGNATURE-
Re: Trying to track down source of duplicate messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 Apr 2019, Timo Sirainen via dovecot wrote: succeeded eventually. You might see these differences in Received headers. yep, post the Received lines - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXKNd4sQnQQNheMxiAQI8pAf+M0SIuJ2qeqEJVluvGixTXyG8LgApMfAg 8r4irnUQryWmvg8jRUp/xVtVLtzhC3eI6Suz0RQoo6ggFoxgnaVKEeVDLSSBugmb RV1yjngjW0G4kiGTLcUc2yak3avvGnmWQmX2BgoadpWJ2e7Rn5j1VhuYBz9sQg2j UYqFqhIZBHz7sjuhWfJY7ApMGf0C4Rttbi4/8O8gaGw/y9Z3xJO1WBOXElW39J71 S7V3GKjI/xY3dvRffjstw3n4Hf3qVGAn1Q3fEx/aXc7UVJ3mBM+Jg6LIXMux2YSw 6v+w5k5W28EA9MMZlfiJYzgi0y/U1T1PE0SQmBzDefOvok5KifUrBg== =gL5U -END PGP SIGNATURE-
Re: I have a question.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 1 Apr 2019, 김태용 via dovecot wrote: Can I limit the maximum number of messages I can sync per mailbox? That's a client setting if available. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXKHzT8QnQQNheMxiAQIflwf+J6UXc5fRZ+eIx1IlitW7Mc6GIGW2B8bY c7DJAG03Q/Hcs5a4AqaEJOhNSyZ8FmKy9V0S95372w9n0hBq52c+RpDsSlE0eGse EcSuR419lts+G42kEgVj0cEJ7LtuPPvjs5fEJYhKMZ9PjnN9VbjQG4iSYFt13rlv dOoaxPs7prvqfg5rHbGIxx7H5KLecxSwjrxRDRDEDkBrtvVeWVp/NQFj4utBLOre qahQb8K7iltm3NxUxlRyL3YaWoH3W4/CmQ94uDGx/GKS3QMVDxGkkGWjHUdVs96a BhrueZ6MtMPvPtiax1IdGEK5uu9kQ3jNfZs2FMzHM5slgl6uZtZlFg== =JsyX -END PGP SIGNATURE-
Re: dovecot.sieve shows up as a mailbox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Mar 2019, Drexl Spivey via dovecot wrote: This did solve my problem, and created a little hiccup. Namely, all the users that had email account LOST their mail. I am just starting migrating to this new mail server setup, so mostly just insignificant testing emails. I am sure there is a way to recover the old mails? Doesn't matter, not really much there. if you didn't removed files, check out https://wiki2.dovecot.org/MailboxFormat/Maildir to get familiar with the Maildir format. You had the mailboxes in: maildir:/var/mail/vmail/%d/%n hence, there should be "new" and "cur" directories of the INBOX and some files, like indexes. And subdirectories starting with ".", which contain "new" and "cur" directories. If your mailboxes are located at maildir:~/Maildir now, the content of the "new" and "cur" directories belong into this subdirectory. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXJSJGMQnQQNheMxiAQKygAf+JEJ6afk5OPwGRHl/+J9MxGFsT1G7OquI bgHfZlMj1esvzuxyjpINLxT5NUfD/qzgQ5mnTiu3oFdC83gmx1MsyCkss40hjb5i Ube1SDNbKRNyfiQfrFXpblPA/0z9bJsqt8eXMuZVwLCNl1fiU3nlmYNf9dUUHRgh QHLYu9lU68tyIq7i0dxOkUXC51h6Y8gW+VN6K0sa+fJUqQdu5yCaf1NWOjPAkz+d ac8N1MaJHs0lfYcrJBUuHPRCeDVZ2nf06VufKCAQtSfpGwMsjH6YTaLzNoH+m2xg xLsOwCO0z7mPxLWerGU3nmYfGoAbz7e7aUYgXXQOr0Id6sr1EcjBvg== =vVxr -END PGP SIGNATURE-
Re: dovecot.sieve shows up as a mailbox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Mar 2019, Yassine Chaouche via dovecot wrote: On 3/21/19 4:13 PM, Aki Tuomi via dovecot wrote: On 21 March 2019 17:05 Yassine Chaouche via dovecot wrote: [...] While not very intuitive, I have : mail_home = /var/mail/vmail/%d/%n/dovecot mail_location = maildir:~/.. Which works for me ^^' Yassine. Except it would have the same problem, but with 'dovecot' as folder under some configurations. Aki Well, none of my users have reported they can see that folder. I myself use webmail, thunderbird on my PC and k9 mail on my phone and don't see that folder in any of these clients. Because the "home" directory is a subdir of the mail location, some storage backends try to interprete any entry as some sort of mailbox. This is not the case with Maildir, because mailboxes start with a ".", unless you use the FS layout, I think. Then there is the potential naming conflict, that "dovecot" might become a reserved filename in a Maildir. Because of these if's and whether's it is safer to configure the mail location as subdir of the home dir. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXJSHisQnQQNheMxiAQJsngf9EXzlERrtLizct+RV+Cn1OgIgxZqikb6e 8nR+wYmG1Ni8Ct8AiUiqfoJPD18PaykXoE4QQmzTrF70W+/6orc7bnk52fktk9DF Vdd+t8GQ4ZvfZnw3/RAVlnQfxPTQuw5C8F8btWWK86DTnQ7hEvBM4NiF0YUaL+nG J+AK0MnkIVFUAM3bD7HuJaH24B+lDLjbsM0oF+5ATRghzpgkTqpG/tbNc2TBx/4o 5yi/nTANgWd3EDIhO+/YLWnAS2vnR+Ym7A7PSJGfQDIygAx0t/SKbO+A8s7n7a9n 3aE1hJw4E/HAOUzefEmvJHnaMjAv/xND5Jdme/5bbcqlZ9qj/KEwSw== =A15Z -END PGP SIGNATURE-
Re: Shared instance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Jan 2019, Stepan Khlebalov via dovecot wrote: and another private namespace used for archiving namespace archive { prefix = archived/ inbox = no type = private location = maildir:/mailStorageArchive/%Ld/%Ln:LAYOUT=fs mailbox Archive { auto = subscribe special_use = \Archive } mailbox Archive_Sent { auto = subscribe special_use = \Archive } } namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:/mailStorage/%%d/%%n:INDEXPVT=/mailStorage/%d/%u/shared/%%u subscriptions = yes list = children } it works. 1st: I think you must replicate the "location" with all options, that means at least LAYOUT=fs, maybe %L as well. When I create shared namespace like this namespace { type = shared separator = / prefix = shared/%%u/ you already have such prefix, as far as I understand it, you must choose another, unique prefix. Try prefix = shared_archive/%%u/ location = maildir:/mailStorageArchive/%%d/%%n:INDEXPVT=/mailStorageArchive/%d/%u/shared/%%u I think, you'll need LAYOUT=fs here as well subscriptions = yes list = children } it does not work. I want to share mailbox Archive from namespace archive. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXErw+sQnQQNheMxiAQLNrQf/Ul+ulVdM3AG8/NUhk5jpM8aCD8n5qDT/ xbOWGH5EuCRAX6I6hBLW1iesWU9pQroF5fKyUiVlgzjmkRWL4+XH7kuzu5eNmzjQ 5bR+BLywMN3HULxcWN1PCyGx6Ey1zuWqYZVF3itMtaoNIOrEWoLy7nb41E4V4HgG Lhq/0F9WudmAA3tmttpXE0L6JwH8qCVjpbP3xXE+VheFERHMAsnoYBpT5U+Kduk6 QiUSve7GuUFsP5CA33PPy5Jcyt0Deyy5Z1ZKo3qe6VJSBsHZuECQY8N4T8ywndEF o47cy2CBNR7B/b9xVJonYx1qMgfpwww/z9WzVfODbOJBRvBfev8fkw== =7JNF -END PGP SIGNATURE-
Re: BUG: sieve does not set seen-Flag
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Dec 2018, Jakobus Schürz wrote: Am 05.12.18 um 22:19 schrieb Ralph Seichter: * Jakobus Schürz: Does it matter, if the keyword-files do not match? I think it does not matter. 6 Seen This does not look right to me. AFAIK, "Seen" should not appear in this list, because it is one of the predefined flags, but that is also a Ok. I use dovecot as a service... i did nothing, which is not said in the official dovecot doku... so... Seen is in this file... Dovecot must write it down there... because i did it not... i work with thunderbird, gmail and horde... so dovecot must wrote it itself... Yes, Dovecot write it there, but a client instructed Dovecot to do so as keyword (tag or whatever it is named), maybe the Sieve script was it. Seen in this file is not the "seen" status of IMAP. To get deeper into the problem, I would: 1) edit the dovecot-keywords files to spell "Seen" as "XSeen", in order to make sure this setting (local keyword) does not interfere with \Seen (global IMAP flag) 2) change (I know it should not matter) addflag "Junk \\seen"; into addflag "Junk"; addflag "\\Seen"; 3) use a file dump tool to verify that "what you see is what you've typed", meaning that "\\Seen" is really ASCII \\Seen, e.g. in Linux: hd sieve-script - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBXAjx48QnQQNheMxiAQKaFgf+NLsYdX83pDDj0JDRjXzot/jGDWSEm3Ec IhCmFtaKf/nE2WQsgZct4pHPicGgjRX6BrLWbGlQepiQY3yMp5qlZYu6rk1wkk8q qtmkL5mgGL53KtaHPdHGBp20+ATGVF7eAQbnaNFBK3UEBddKbq/QNbeChrHtxXuF kbVLYN+6nyX9YGBayo1CT05jwhu77Taflx6jIxRXncY1kEYkdGz8E7K/AqSNkYBn KTHhYfuRUL69vJrJMUpzlnJWtV7H3BCv1yLxYMAOqJFFa4pAOcezGIh2mUIOFl2L wdzwOQ0LQKekdV5m36K2UrcxTJ94j22/g2N5H6OO3zLh0i/uXT3FNA== =gt8A -END PGP SIGNATURE-
Re: Copying from a previous Dovecot server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 30 Oct 2018, Peter Lindgren wrote: Hello! I have installed a new dovecot server on a new server, using imap and Maildir. The old Maildirs are accessible on a mounted disk. I have tried to copy a few folders manually, by first creating the folder on the new server through the a-mail client, and then copying the contents of the cur folder from the old to the new. Works fine, but is a manual process. I'm looking for a way to script this. if you do not change the names of the mailboxes, copy the whole Maildir directory from old to new. Dovecot updates all files. At the first access of a mailbox, you probably see a "broken" warning and the repair takes place. The warning and repair can probably be forced by doveadm index. If you already added ACLs or something like that, you probably need to backup some files from the new Maildir. Is it safe to copy a template folder to a new folder, and then copy the cur folder contents? The files that Dovecot creates in an empty folder have different contents, will Dovecot update them when the user retrieves the mails in that folder? Or, can I just make a symlink to the old Maildir somewhere? Peter - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW9lNBcQnQQNheMxiAQKrAggAvrcWrBuf9H72U4aOQd8SoiZTzuLpVuTV lZah7ccYzQS62sfun+y49XndNiWWEIVLP3t7C6HPqiW1b4mr8+Hs56GhZOUac9kx wih4CxROR4/75/Gzs3varoDYVaR1MmMkc15YE/sglmw4RbDhuX6PK3mct5Z7QzVr sObSL+TuhLhGvzJiLJftknoiov3w44NeLKLNYweeISJ8D1vW/Xzc4B3LItPwXI/n bhlZ619GdzHO5mSJmXZYTOEirn10XYMsesV3UKEy6ncr2txeprkTCaGe9CyPNXKf giQm17LfgdGUpLEKQDx6BkCviMQWDOiw7Z60R9QDTS7YoeylIiZ8Gw== =+S4G -END PGP SIGNATURE-
Re: immediate delete of mails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 9 Oct 2018, Selmeci Tamás wrote: On Tue, 9 Oct 2018 12:08:00 +0200 Sami Ketola wrote: How do you deliver then mails to the server? also mbox is very unoptimised mailbox format for this. Each time mail is deleted from mbox mailbox the whole mbox while needs to be rewritten to remove the mail. OpenSMTPD and Dovecot run on the same machine. OpenSMTPD receives incoming mails and stores them in a mailbox (/var/spool/mail/user). Dovecot then fetches mails from this mailbox file. Mailbox file is indeed very unoptimal, but at this moment I'm more curious about the reason why I can't expunge mails... perhaps it'd simpler with maildir, where it just means a simple file deletion. try out pure IMAP via telnet: https://wiki2.dovecot.org/TestInstallation?highlight=(telnet)#Check_out_some_other_IMAP_commands telnet server 143 1 login user pwd 2 select inbox 4 CREATE Trash 5 COPY 1 Trash 3 STORE 1 +FLAGS \Deleted 4 EXPUNGE Try with another mailbox, 7 select Trash 3 STORE 1 +FLAGS \Deleted 4 EXPUNGE - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW7ywrsQnQQNheMxiAQJKNgf/SqbCxUHv7Ga6COtUVeFxv51e5YGBJzrE IDjD1bG/DAweaYDkWG+sJvwihpcYU7LRIX7nGGx7LiCOuFatWoQ2r/yIh1FSnMny SBjRdaDP/V+JaM3t+wAQ8AS8ObLi3RSy5GXrSbQvxrXzillVC6lKl37jQ4vbxevm MEazFDFubV9OSVs1n8oAUdKTvQVFL19xc2PYn8jkxXZMtED8a9Z7EAlwXFIbCQ/M WMkRE2G2WFy5sxchEgxDdrXwHnr7fe6mIEm1fyp+1ed6NytDNEwXDCryh0PmR5p5 XT95amjqRlCc3YVB+Q3R8W5AcrG9/bWfaPTglA3o3MBR8iH7xkbQPg== =znSD -END PGP SIGNATURE-
Re: Authenticate users using their firstname
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 29 Sep 2018, Fady AL HAYALI wrote: I'm setting up a Postfic and Dovecot with LDAP email server. My users in LDAP is like this: dn: uid=firstname,ou=People,dc=domain,dc=com uid: firstname uidNumber: 4025 gidNumber: 4025 givenName: firstname objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: organizationalPerson objectClass: inetOrgPerson loginShell: /bin/bash homeDirectory: /home/firstname cn: firstname lastname mail: firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com> This is how I connect Dovecot with LDAP hosts = ldapserver ldap_version = 3 base = ou=People,dc=domain,dc=com deref = never scope = subtree user_attrs = user_filter = (&(objectclass=inetOrgPerson)(uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) default_pass_scheme = SSHA When I enter a user's email address and password as the following: email: firstname.lastn...@domain.com<mailto:firstname.lastn...@domain.com> password: password and according to my setting which I used "%n" as you see above, the username used to authenticate is "firstname.lastname". I checked the Dovecot variables but I couldn't find something useful in this case to manipulate the "%n" variable. I would like to keep using email addresses as "firstname.lastn...@domain.com"<mailto:firstname.lastn...@domain.com> but authenticate users using their first name. I really hit a wall here and any help will be much appreciated. Well, for me, this sounds strange, using firstname only. Why not let your users enter the firstname only? Or: pass_filter = (&(objectclass=inetOrgPerson)(|(uid=%n)(mail=%n@*))) If firstname is unique, mail should be unique as well. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW7IQ7MQnQQNheMxiAQIqtwgAkswe2jx7rXSJsGI8sh6Bd5d2f0MVx9nw 8IcW23vZlqpZOq9jGe8wD937IwKU1PSmMw7Ac2RiGUDts8rUWLp829DtwgovxGpj iP6qwxhfp8HcFaH0LE8oqWUnlaxh8Df9Nrwg7DPr/qebepUJAzQU6CAkODUy+osl z799U6RoI74fZyIT8gaAJ1mI+swOFcdawNMqv8S7+Iab7jtzTdHYN7J/YYM0rvzF amt+kad1OayunRl7OhV1j0BPqdIFDHaC08KAf2cN+GKAWzWNY/ZWe9Y0nloq++fh IAHZSDe8CSTS/fT+4IiHXT10aJJQob3AnbJ3264+JZ9cIZjpnn/KnQ== =sof6 -END PGP SIGNATURE-
Re: How to send mail to mailbox with disabled domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Sep 2018, Kai Schaetzl wrote: Gerald Galster wrote on Tue, 11 Sep 2018 20:49:17 +0200: Is this a dovecot problem on your side? dovecot usually accepts mail from MTA like postfix, so it would be better to remove example1.com from postfix relaydomains (mailbox domains, alias domains, ...). Then there is no delivery to dovecot. Most MTAs ignore MX records - if a domain is configured locally, it gets delivered. Thanks for your reply. I don't want the MTA to deliver that domain. As an email address. But I want to deliver to the virtual mailbox of that name. That's the point. I make a distinction. lmtp doesn't ;-) I don't want some.addr...@example1.com getting delivered. But I want some.otheraddr...@example2.com getting delivered. Which just happens to be aliased to the mailbox "us...@example1.com". And example1.com is disabled for mail. "aliased to" seems to be a job for the MTA, hence, it will never deliver to Dovecot, if the domain is disabled there. I used to have mailbox names of "user1" (system accounts), not of "us...@example1.com" (virtual mailboxes). There doesn't seem to be a way to have virtual mailbox names like "user1". Not a problem - until you remove the mailbox domain from the accepted domains. Then it suddenly doesn't deliver although it's not getting used as an email address. Delivery is done via postfix/lmtp which actually is dovecot lmtp if I understand correctly. And lmtp resolves "everything". I can't deliver to a virtual mailbox named only "user1" it seems (I tried it some months ago and hit several weird problems, so I stopped that). I have to use a "user@domain" combination mailbox and the domain has to be in the local- host-names table or postfix/lmtp won't understand it's local. But then it will try to file all mail for this domain locally and it will also accept mail for this domain from outside. You can configure multiple userdb's in Dovecot. Also, a userdb of LDAP or SQL can use %u, %n and %d. Hence, you can configure Dovecot to "find" the user by "user1" and "us...@example1.com". However, you must ensure that only one entry is found. However, can you configure Postfix to pass one kind of users without domain and the other kind with domain? So far I came up with two ways to work around this problem: 1. use another domain for example1.com mailbox names (for instance example1.localmail) and put everything in place that it resolves locally and is in the local-host-names table. It works, I tested it. But this requires changing all the already created mailbox names. And change the code behind the web interface. This depends on the userdb. You can use the dummy domain as key and return specific mail locations. 2. set example1.com to be deliverable again and don't setup any addresses (aliases) for this domain. As the mailboxes are not directly deliverable to, only if they are aliased, there is no way to send to this domain from outside. And I have to put up a few aliases for it that forward mail externally to some subdomain that isn't locally configured. Or just have it sent right-away this way. Both things are not the real deal, though. Kai - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW5ijTMQnQQNheMxiAQKBOQgAtxitoGR1lHLIEGi7WANWDa/N7QbrRypt LVel1D6xrbEyDZva8eRiapuf9O0LRpjEdOCPLkxQZPu45a/kzL7/ohcYnYsP7zW+ 7Xt0zKArFvQ/NS+7wrYL6gh/mYQwtpF53/R1jnOG6qvR1T6MZtvDfcTl8FTWftG5 WVdafzUka20caxicRHX/zLSYhpOBpycCoUezEm3msXb1RrTywat8qiagFhS2Ui5q teHwwQQUPDCizhkoLi1rOrgn715oNQKI+5YkTMVgmrCygYCsURRN5M0p6uyOzJAp GNYFGjbgbWqCtrYXPkac5/y9PCuhPQn/yUHVIraLjzGd/1OL8wyK/Q== =Z5Mu -END PGP SIGNATURE-
Re: doveadm mailbox delete not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 14 Aug 2018, Ralf Becker wrote: Date: Tue, 14 Aug 2018 15:13:12 +0200 From: Ralf Becker To: dovecot@dovecot.org Subject: doveadm mailbox delete not working I have a user who has several folders in his mailbox, which we can not delete, neither via IMAP nor via doveadm: root@ka-nfs-mail:~# doveadm mailbox list -u | grep hbereiche | cat -v INBOX/[Fachbereiche ^M Any ideas? I haven't seen this idea and you've wrote nothing about the ^M: The ^M means that there is a "\015" / \r at the end of the output. Where does this char come from? In "normal" output, this char is almost invisible, esp. at the end of a line. I don't know how Dovecot handles this char internally. The char should show up in the JSON formatted list, Aki suggested, too: doveadm -fjson mailbox list -u user INBOX/* But I haven't seen the output in your replies. Can you verify in the filesystem, if the char is there, too? E.g. ls -1 | cat -v Maybe doveadm mailbox delete -u 'INBOX/Fachbereiche '"\015" Would help? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW3QxbcQnQQNheMxiAQJ1vggAmYnlV4xnMJmec34RnpkQpHlz+NK+JnPY JYB3HsI4RwShJwFp7kDpa8GQDub4Hml249v2Hy2TAd270j7QYJn258vyLMJjrIzy Gi82Q/M65mF6seYtOXsR6sl9qqXcEZaVPsSUmHTpP+JfNEGye1RCfuqoaoV0pSuu Kdv8naUDtdTvXVqJfe3McPRbx/+PZouMGLk1AuH3ol0fM+K4SMM65eZDp4VlbZvb ZBklQleH7K8bz2p1rV6yhsJ/1KooS/QgaGz4Ejfm5U2FVFb2dpuAkVFNMu1LpJP9 gD9Y5cH6CbuPYlp2t/8xrozIUpZ/q7CBfdRZVdm3DsaiEnRtq4g4Lg== =OaBM -END PGP SIGNATURE-
"For end user, only PGP or similar provides sufficient security against admin." (was: [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 11 Aug 2018, Aki Tuomi wrote: While this is true, it can be useful to encrypt messages in-rest at 3rd party storage. For end user, only PGP or similar provides sufficient security against admin. Nice, short, pinpointed words I will file away for upcoming discussions. And I will file M's response, too, for the management. Thanks both of you. Original message From: "M. Balridge" Date: 11/08/2018 13:56 (GMT+02:00) To: Dovecot Mailing List Subject: Re: [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time Quoting Joseph Tam : Another privacy plugin that assumes the server operator is unmotivated or respects your privacy anyways, and won't just skim your password right off the top to look at your mail. A vault with steel walls and a dirt floor. *SIGH* As usual, you're right on the money, Joseph. I used to let things like this "slide", but somewhat recently I've had some clients badgering me to implement something like this. It takes longer than it should to explain how pointless the exercise is. Given that: 1) Email transactions, from submission, to delivery, to final reception by a MUA, are done with plaintext contents. Those who want security, will undergo the additional steps and hassles with using PGP to encrypt the contents, providing the only demonstrably secure (against "Evil SysAdmins") means of cloaking your content. The submission, delivery, and final reception is still performed as "plaintext", albeit with an attachment that is encrypted, a process done (and undone) by the ultimate endpoint clients. 2) Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases into a log, it's trivial for various tools, many of which were hastily cobbled together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on mail servers. Tools like "milter-bcc" and friends which automatically clone all email submitted to or arriving through SMTP, etc. It doesn't matter if your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant crypto, when it has the decrypted contents in its spool. I imagine this is an exercise in buzzword collection, and to be seen to be "doing something" to improve security and/or privacy. If privacy is desired, there are only end-to-end encryption/signature schemes to ensure anything at all, and even there we're at the mercy of mathematical gods greater than we. Looking to a "magical" oracle on your server to do it for you, whilst keeping all of the leaky, plaintext, and promiscuous protocols (DSN, bounces, intermediate MXer hosts that eruct contents to various envelope addresses, etc) that will betray you behind your back without a moment's notice is a Fool's Errand. Think it over. =M= - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF 24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A== =cbbG -END PGP SIGNATURE-
Re: doveadm who reverse dns lookups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 24 Jul 2018, Michael Grant wrote: Perhaps this is a feature request... It would be nice if the ‘doveadm who’ command printed out the reverse dns name of where the user was logged in from. Would it be possible to either add some option to doveadm who for this, or make it the do it by default and add a ‘-n’ option (like many of the other programs that look up ip addresses by default) and take a -n option to not do that? Not sure if that would break some existing thing which is why I hesitate. Might be safer to add, say, a -r option to do the rDNS lookup. Hmm, use the Unix construction kit: doveadm who| perl -np -MSocket -e 'sub addr { my $i = shift; my $iaddr = inet_aton($i); return gethostbyaddr($iaddr, AF_INET) || $i; } s/((?:\d+\.){3}\d+)/addr($1)/eg' - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW1gMSsQnQQNheMxiAQJaLgf/UYjZaKZU4yUN9YdGhFdq+4+6GKk/UFpG tT99rNSwYVnk1rBwaW07fkDMV0HcuFmB6gDpDx6D2hVW/yNJWvi1PQTb+GZvbB9P QRXamrB0WRVBcq5v4FM7QuNiMW921pJ6MWt03vDzhPHSMd/y99B3ZCz2gbMQuUVG rj3X+YxhMoQUGTgvPEsZ2TGbRE5VNWojUEbCnlSUGOuRtwKMrmaahzKGHsrf8Dub fzNrEJ8mxrySgC79+2FdLInv+YiguE3Xv6rN2c1tygC7sDeETfloe0GL3kWnUw4L bhhf+mcpzyqoutfcGCM9ggHieXBQk9xKsMBhftT3dAZ/f3Rok/eZHA== =2JK3 -END PGP SIGNATURE-
Re: Dovecot pop3d and imapd problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 23 Jul 2018, John Paul Iglesia wrote: Recently, i had issues on dovecot. All packages of dovecot were installed on my system then suddenly when I checked yesterday the packages for dovecot-pop3d and dovecot-imapd were no longer on the list of app installed. Because of this dovecot service stop running. I checked the apt history log, term log and even dpkg log, there were no information about removing the packages. It just shown on my apt list the packages were not longer there. I had to reinstalled these 2 packages just to make dovecot run and for me to be able to receive and send messages. What do you think is the problem, is it dovecot bug? Dovecot does not entangle itself with the package management of the system. So: No, it's no Dovecot bug. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW1V1hMQnQQNheMxiAQK8jAf/X+tVqkO8HTAeF6gxRtKBTvv+oczRizxl BzaKZAfJyvtY21hO0TTViDzk2vDjYUo9tQEMK+qvwFTg8ZclIisRwgDeJcwQa1by irtRAY/djuagcKkVUdGZRXFauECFnnTxJvN5HPO8udwbfe1gzg6iQIpD0eJ/ppgh Qo7JRY6qCh9hzFRaoaEBdd2YF4qlHAbrwygaLHDrq5wzJphqTgTCDMAU542/IdZO irN3PsFXvaNISXF4XPn5nYPY6H6qBYgNK6hlsNNTyagBSqXiDVVD8i68G8BP/bFQ oSTnE+h2kjGYdMcvfltSOjGNesTPRH1yzTBcfmaXe3aZDNglJh9C3w== =4G9A -END PGP SIGNATURE-
Re: folders not visible on copied mail folders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Jul 2018, Mark Foley wrote: On Wed, 18 Jul 2018 07:23:06 +0200 Steffen Kaiser wrote: On Tue, 17 Jul 2018, Mark Foley wrote: On Tue, 17 Jul 2018 08:06:24 +0200 Steffen Kaiser wrote: On Mon, 16 Jul 2018, Mark Foley wrote: We had a user quit recently. Three days ago I copied his entire Maildir folder to another user to that user's Maildir/.JoesEmail. I changed ownership and made the permission 'chmod -R og-rwx .', just like all the other files/directories of the new owner. This didn't work to show the new folder. Today, in his Thunderbird client, I subscribed to the 'JoesEmail' folder. I restarted dovecot and restarted Thunderbird. In Thunderbird, the 'JoesEmail' folder now shows, but it is empty and shows none of the subordinate mail folders. I ran 'doveadm index -u newowner JoesEmail' and 'doveadm force-resync -u newowner JoesEmail'. This didn't help. I did this once before with a previous user who quit and only changed ownership, no subscribing, no doveadm, and that worked. What am I doing wrong? Your description might be interpreted one way or another, esp. "copied his entire Maildir folder ... to that user's Maildir/.JoesEmail". Also, it depends on how you have configured mail_location. If this means that you have: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail/.mailbox/{new,cur,tmp} Maildir/.JoesEmail/.mailbox.submailbox/{new,cur,tmp} now, that will clash with the standard Maildir format: https://wiki2.dovecot.org/MailboxFormat/Maildir You would need to move the subfolders with a leading dot of .JoesEmail into: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail.mailbox/{new,cur,tmp} Maildir/.JoesEmail.mailbox.submailbox/{new,cur,tmp} If you use :LAYOUT=fs to mail_location, .JoesEmail should spell JoesEmail Subscription is needed only, if the mail client "displays subscribed folders only" or does not "display all folders". The meaning of the setting varies from client to client. Another way would to keep the other account and share it via ACLs: https://wiki2.dovecot.org/SharedMailboxes/Shared Steffen Kaiser Steffen, thanks for your reply. I did have the copied folders as shown in your first example. I changed that to what you show as the remedy. The target user's Maildir folder now has: drwx-- 5 mpress domusers 4096 2017-06-28 20:07 .Deleted\ Messages.Junk/ drwx-- 5 mpress domusers 4096 2018-07-16 23:22 .Delta\ Dental/ drwx-- 21 mpress domusers 4096 2018-07-17 16:48 .Dennis\ Email/ drwx-- 5 mpress domusers 4096 2018-07-16 23:15 .Dennis\ Email.Deleted\ Items/ drwx-- 5 mpress domusers 4096 2018-07-16 23:15 .Dennis\ Email.Deleted\ Items.Sent/ drwx-- 5 mpress domusers 4096 2018-07-17 17:02 .Drafts/ drwx-- 5 mpress domusers 4096 2018-07-17 16:35 .ESI/ Where '.Dennis Email' is the folder for the old user. I copied the old user's 'Maildir/.Deleted Items' and 'Maildir/.Deleted Items/Sent' to the target user's 'Maildir/.Dennis Email.Deleted Items' and 'Maildir/.Deleted Items/Sent, respective. That how I understood what you advised. There are more such subfolders, but I thought I'd try this one first. However, still only the "Dennis Email" folder shows in the mail client, empty, no sub-folders even though "Deleted Items.Sent/cur" has plenty of mail files (1522). I did try running 'doveadm index -u mpress "Dennis Email"', again; and restarting dovecot and thunderbird again, but still nothing. First check if Dovecot thinks the folders are there: doveadm mailbox list -u "mpress" | grep Dennis yes: # doveadm mailbox list -u "mpress" | grep Dennis Dennis Email Dennis Email.Deleted Items Dennis Email.Deleted Items.Sent That means: Dovecot sees them, but your client is not. Are you absolutely sure the client is set to "display all folders"? Secondly, make sure Thunderbird rescans the folders. Sometimes you need to collapse *certain* levels and expand them. I mean, collaps the whole tree of the account, then expand it again, see if the triangle in front of Dennis Email appeared, tap there, a.s.o. I have a Thunderbird client, that for whatever reason I don't know, "forgets" about a certain hierarchie (subtree) now and then. As another test, you could speak IMAP: telnet localhost 143 1 login mpress "pwd" 2 list * * 3 lsub * * You could manually add those to the subscription file, if LSUB does not display the folders. LSUB displays only subscribed folders, LIST displays all. Then make sure that each of the three folders contain the cur, new, tmp subfolders. They do: drwx-- 2 mpress domusers 4096 2018-07-13 14:30 ./.Dennis\ Email/cur/ drwx-- 2 mpress domusers 4096 2018-0
Re: Sendmail Dovecot Trouble
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Jul 2018, John Rowan wrote: /var/mail is a symlink to /var/spool/mail I tried both, neither works. I just wiped out the server, reinstalled from scratch this time I selected e-mail server while selecting packages after specifying GUI-server on the CentOS install. I had previously installed Dovecot after the initial server build. This time Dovecot was installed and active at boot but still can't find my mail in /var/spool/mail. Actually, I would use the LMTP service anyway, https://www.dovecot.org/list/dovecot/2013-August/091799.html On 7/13/2018 11:44 AM, Aki Tuomi wrote: Should your INBOX path be /var/spool/mail/%u then? --- Aki Tuomi Dovecot oy Original message From: John Rowan Date: 13/07/2018 17:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Sendmail Dovecot Trouble I've been struggling trying to get Thunderbird to read e-mail off a CentOS 7 server. Sendmail writes mail in /var/spool/mail I've configured dovecot to try to read from there using Thunderbird (POP3/SMTP). The firewall allows ports 25/110. I verified I have mail in /var/spool/mail but Thunderbird is unable to retrieve that mail. I've googled sendmail / dovecot config, I've looked a the wiki but I just can't figure this out. Please don't suggest using postfix, I just want to get sendmail / dovecot working. [@mail conf.d]# dovecot --version 2.2.10 [root@mail conf.d]# dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.36.3.el7.i686 i686 CentOS Linux release 7.2.1511 (AltArch) auth_mechanisms = plain login disable_plaintext_auth = no mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = ssl_cert = https://www.avast.com/antivirus - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW1AiFsQnQQNheMxiAQKAuwf/WMAPR53fmIhCgKLdzkjpSECzizC0cWoV WZMKIwFHmVftPISCpGGgaKCci8SOBGAHDTSC0s/sALkQ4czp45NufblP4I0xcXDU lPxu3yEsomGqcyNpdWT0L0mDvc5XdWB1wj57fvLUqcdupOJ0D6UbHQmbmaXfrLhQ yT3SFe8ylhBtLgAV3uIWs4VXR4Pb8lQC+iFjIiTqCcfhti9DalROTAbw4MGdYeSc eqMMLOI+1ejAlPiiWmC9t1tPc+sSmUFmH+W4xX7wPYORHKCASkFYFmu2SkWTNFT5 y1/8IcZVJQ1wy9CkYmparb8FbqCa/o++BPoYIsC76wbaFSEKwmb5Bg== =ewMN -END PGP SIGNATURE-
Re: folders not visible on copied mail folders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 17 Jul 2018, Mark Foley wrote: On Tue, 17 Jul 2018 08:06:24 +0200 Steffen Kaiser wrote: On Mon, 16 Jul 2018, Mark Foley wrote: We had a user quit recently. Three days ago I copied his entire Maildir folder to another user to that user's Maildir/.JoesEmail. I changed ownership and made the permission 'chmod -R og-rwx .', just like all the other files/directories of the new owner. This didn't work to show the new folder. Today, in his Thunderbird client, I subscribed to the 'JoesEmail' folder. I restarted dovecot and restarted Thunderbird. In Thunderbird, the 'JoesEmail' folder now shows, but it is empty and shows none of the subordinate mail folders. I ran 'doveadm index -u newowner JoesEmail' and 'doveadm force-resync -u newowner JoesEmail'. This didn't help. I did this once before with a previous user who quit and only changed ownership, no subscribing, no doveadm, and that worked. What am I doing wrong? Your description might be interpreted one way or another, esp. "copied his entire Maildir folder ... to that user's Maildir/.JoesEmail". Also, it depends on how you have configured mail_location. If this means that you have: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail/.mailbox/{new,cur,tmp} Maildir/.JoesEmail/.mailbox.submailbox/{new,cur,tmp} now, that will clash with the standard Maildir format: https://wiki2.dovecot.org/MailboxFormat/Maildir You would need to move the subfolders with a leading dot of .JoesEmail into: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail.mailbox/{new,cur,tmp} Maildir/.JoesEmail.mailbox.submailbox/{new,cur,tmp} If you use :LAYOUT=fs to mail_location, .JoesEmail should spell JoesEmail Subscription is needed only, if the mail client "displays subscribed folders only" or does not "display all folders". The meaning of the setting varies from client to client. Another way would to keep the other account and share it via ACLs: https://wiki2.dovecot.org/SharedMailboxes/Shared Steffen Kaiser Steffen, thanks for your reply. I did have the copied folders as shown in your first example. I changed that to what you show as the remedy. The target user's Maildir folder now has: drwx-- 5 mpress domusers 4096 2017-06-28 20:07 .Deleted\ Messages.Junk/ drwx-- 5 mpress domusers 4096 2018-07-16 23:22 .Delta\ Dental/ drwx-- 21 mpress domusers 4096 2018-07-17 16:48 .Dennis\ Email/ drwx-- 5 mpress domusers 4096 2018-07-16 23:15 .Dennis\ Email.Deleted\ Items/ drwx-- 5 mpress domusers 4096 2018-07-16 23:15 .Dennis\ Email.Deleted\ Items.Sent/ drwx-- 5 mpress domusers 4096 2018-07-17 17:02 .Drafts/ drwx-- 5 mpress domusers 4096 2018-07-17 16:35 .ESI/ Where '.Dennis Email' is the folder for the old user. I copied the old user's 'Maildir/.Deleted Items' and 'Maildir/.Deleted Items/Sent' to the target user's 'Maildir/.Dennis Email.Deleted Items' and 'Maildir/.Deleted Items/Sent, respective. That how I understood what you advised. There are more such subfolders, but I thought I'd try this one first. However, still only the "Dennis Email" folder shows in the mail client, empty, no sub-folders even though "Deleted Items.Sent/cur" has plenty of mail files (1522). I did try running 'doveadm index -u mpress "Dennis Email"', again; and restarting dovecot and thunderbird again, but still nothing. First check if Dovecot thinks the folders are there: doveadm mailbox list -u "mpress" | grep Dennis Then make sure that each of the three folders contain the cur, new, tmp subfolders. Does the Dovecot log contains something? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW07OusQnQQNheMxiAQLf+Qf+N1Itpq1Zfa94rgIslD5ZaH8dTNVZDMil rBKD7bAQw9pVW4nzSfhPPWtSi07JgSgOkp+Z2UCeRFH5ehRtEs8js8vrUBelJ9UE mcKiI+3EjfSKbFEI1N8lqA1g+0LT5mrPgFzuglXBlTTM0QWe/XxT2bWYza+k+n95 ifLunVhlDYuedZQyY5vl5Vz+Q943RuDKMOqfL519dXqSXlUtDw8lP2eiu+H5BL/g dK2ihgfXqffBmz9wBttJsczSBJhDgXrLEIeSBwiuSBONa4SCllBBzNEzs9aMyruI pzswT/HK/8xT6T4s14ktQRAi1ZAnQdgAmPs/7YutG0MeuQjZ5yjKtw== =jXNX -END PGP SIGNATURE-
Re: folders not visible on copied mail folders
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Jul 2018, Mark Foley wrote: We had a user quit recently. Three days ago I copied his entire Maildir folder to another user to that user's Maildir/.JoesEmail. I changed ownership and made the permission 'chmod -R og-rwx .', just like all the other files/directories of the new owner. This didn't work to show the new folder. Today, in his Thunderbird client, I subscribed to the 'JoesEmail' folder. I restarted dovecot and restarted Thunderbird. In Thunderbird, the 'JoesEmail' folder now shows, but it is empty and shows none of the subordinate mail folders. I ran 'doveadm index -u newowner JoesEmail' and 'doveadm force-resync -u newowner JoesEmail'. This didn't help. I did this once before with a previous user who quit and only changed ownership, no subscribing, no doveadm, and that worked. What am I doing wrong? Your description might be interpreted one way or another, esp. "copied his entire Maildir folder ... to that user's Maildir/.JoesEmail". Also, it depends on how you have configured mail_location. If this means that you have: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail/.mailbox/{new,cur,tmp} Maildir/.JoesEmail/.mailbox.submailbox/{new,cur,tmp} now, that will clash with the standard Maildir format: https://wiki2.dovecot.org/MailboxFormat/Maildir You would need to move the subfolders with a leading dot of .JoesEmail into: Maildir/.JoesEmail/{new,cur,tmp} Maildir/.JoesEmail.mailbox/{new,cur,tmp} Maildir/.JoesEmail.mailbox.submailbox/{new,cur,tmp} If you use :LAYOUT=fs to mail_location, .JoesEmail should spell JoesEmail Subscription is needed only, if the mail client "displays subscribed folders only" or does not "display all folders". The meaning of the setting varies from client to client. Another way would to keep the other account and share it via ACLs: https://wiki2.dovecot.org/SharedMailboxes/Shared - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW02HYMQnQQNheMxiAQKykggAsmr3CfQNaw0K+vx/OhyH5VUbJ/RI5vvG 92ZmNdrkQf0qB8/NADCljz7vYa5aRGFlEjOjEn5Piww6238uQBce/m/aN1v7ax4+ asF22sPF5G+Q2DZhBVvm4sGrWvgzNt2xhPF3jedF0oRZ5PZ0GEH88ZO1JEy/Xj/p 1IJuFlU8b8kUNDmaR2cZcIucJLBp7067UJWY/4VPfA19yK9HJKIY0IkeDeFBG/pT Sg7Au9MiiIxxhmqRbmOi4nbUkc8mZ9WpCAxEVhDIDeOjn8d+o/xzJ7Cdv9EA2Rj4 1ViL2ET0yIsaiSvL95sMr3kO0eRutAXP6aHV5arjfGkXQWDD5zthmA== =gn2m -END PGP SIGNATURE-
Re: Dovecot and Sieve setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Jul 2018, Will Merkens wrote: I thought I had sieve working I could create the rules in TB and it says it's communicating properly and saves the file but the sieve rules do not seem to be working. when I look at /var/spool/maildir/domain/user I see Maildir Maildir =uid=1000 inside Maildir =uid=1000/sieve I see my sieve script I created Test.sieve and a tmp directory Should not this be in the main Maildir/sieve directory. See https://wiki2.dovecot.org/VirtualUsers/Home "Home vs. mail directory", first you should make sure that mail dir != home dir, hence, "sieve" is no longer below Maildir. 2nd: make sure that you have enabled "sieve" as shown on https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration . As you see, Sieve works only, if you use Dovecot's LMTP or LDA. 3rd: verify ManageSieve https://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration . If you want to have an opinion about your configuration, you ought to post it. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW02ETMQnQQNheMxiAQLX+QgAipteOUjkk3M0qGRBjfAk0x1+plGTU9de d6ETnIXX6XB0EeIHAfCYhxil8cMvc3e8XnHjf4ltoQ6JiYBUHLw9b7bMG9CTNzHX th6euh6Jtf+LlL9QPslG6C6z4g/6OBc5xulfE218W2ivx5oGxeD6/tnDIbS/Rhev lkGcmeG9Z9WUr6GfwIW3beLMO7FiCHsAlpB2rwUxTavX4kUzn3HBq2vmVzXAJsJu WB/NSY7lBmjAlR2skdljoHEWOK2CYPCDN3ogRKqDU/wS6rxiDDsbtOh6L+iEXEL6 RUnx4HkYN9kpHRgn1dwH39D+nHitTNFpgsPrOEnhp/0osqAR5v5uKw== =i7XU -END PGP SIGNATURE-
Re: Authentication failure with OpenLDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 10 Jul 2018, Anushka Bandara wrote: * Error: User initialization failed: Namespace '': mkdir(/home/users/"user"/Desktop/Maildir) failed: Permission denied (euid=1000(myuser) egid=5000() missing +w perm: /home, we're not in group 100(users), dir owned by 0:100 mode=0775)* Well, what is >>"user"<<, >>myuser<< and "". Which information did you modified? Where is the correct data? Which permissions does /home/users/"user"/Desktop usually have? Is the uid/gid of /home/users/"user"/Desktop correspond to euid=1000 and egid=5000 ? How should I give the permission to overcome this error. This is a dovecot error. LDAP authentication is successful. And also, I don't know the default user whom is creating mail directories for mail users. I think the problem will be solved if I grant user the permission. But I don't know how to grant. Maybe, maybe not. On Tue, Jul 10, 2018 at 2:54 PM, Aki Tuomi wrote: Turn on auth_verbose=yes and auth_debug=yes and post logs. --- Aki Tuomi Dovecot oy Original message From: Anushka Bandara Date: 10/07/2018 08:53 (GMT+02:00) To: dovecot@dovecot.org Subject: Authentication failure with OpenLDAP Hi all, *Dovecot version: 2.2.22 (fe789d2)* *Ubuntu version: 16.04* *OpenLDAP version: openldap-2.4.42+dfsg* Configurations *# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf# Pigeonhole version 0.4.13 (7b14904)# OS: Linux 4.10.0-28-generic x86_64 Ubuntu 16.04.3 LTS disable_plaintext_auth = nolisten = *log_path = /var/log/dovecot.logmail_location = maildir:~/Maildirnamespace inbox { inbox = yes location = mailbox Drafts {special_use = \Drafts } mailbox Junk {special_use = \Junk } mailbox Sent {special_use = \Sent } mailbox "Sent Messages" {special_use = \Sent } mailbox Trash {special_use = \Trash } prefix = }passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap}protocols = pop3 imapservice auth { unix_listener /var/spool/postfix/private/auth {mode = 0666 }}ssl = nouserdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap}* I am having "*Authentication failed" *problem with dovecot-ldap. Before it, I had binding error and I fixed it. Now I am having authentication problem when I am trying to log dovecot (usign telnet localhost 110) using a user which is created in ldap server. I can provide any configuration file and I did this configurations according to this " https://help.ubuntu.com/community/DovecotLDAP";. Now I am having an authentication error. Thank you - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBW0XKBsQnQQNheMxiAQIa/wf+NaN70/blWGeyOWyqiEwLap/OY1V69QyU RzKmz6ui+xCo/ULn5JUdH60t5Ye+sUPQg5TfVCSANR1Tl7in8rv0ZFmMglUquNUW gVXR9McSePdZYp/1ZO2Z8Rkz4YM0Ou9jDzolruWI1Qlcoz/QJNFheWP4LzlxFbzb su2uTUJwUAD8yj0yU2UNuOdoeoexn/YI8tlAzJtaIIKf2Zr1Hq7+EdsDKLC8U2xL EA6/lGknCM+K2fAnPdU14T2jjSeCyKU5ciUwQ3RlO6Vcm8U127+CTk4WbSdyNdgB 2f56zT3yXrH4lYAMtRsHTDjRWRRMg0y5G9OfsFlislIyjlaHv4N8Dg== =v6my -END PGP SIGNATURE-
Re: Sharing Mailbox between users using IMAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 29 Jun 2018, Remko Lodder wrote: On 29 Jun 2018, at 09:42, Luca Bertoncello wrote: Hi list! I have an account (let's say i...@mydomain.com) that should be read from more people. These people does NOT have an account on the server. Currently i...@mydomain.com is a forward to their addresses, but of course this solution has a huge problem: if info@ receives spam that the server does not recognize, the server forwards spam... Now I want to solve this problem and I had the idea to change info@ from "forward" to "local account". Then, I can read the E-Mails via IMAP. Now the question: if I have 5-6 people accessing the account via IMAP, has Dovecot (2.2.13 from Debian repositories) problems? Is there other solution, if the users don't want to have an account on the server? Emails can only be read if they are authenticated / authorized in someway to access the store. That means you might need to share the info@ credentials with the other people so that they can read it over imap or webmail etc. As Remko points out, you need some sort of authorization to access the messages. The easiest is an account on the server, the messages are located at. I would suggest one account for the "info" role, that shares its mailboxes to one account per (natural) person. That way, if one person is to deny the access, you do not have to change the password and give it to the other persons. If you have other ways of authorization, such as: IP address (remote side of connection), think about using those implicit ones. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWzXp4cQnQQNheMxiAQIJgwf+POvM8AN47w8fOypRZHjZN8izQgs0dAtB HCN6dXK8TNCEVrvNQhRW/zcKVzYp69N+hxcRbjUxK7JT57y/GqgrQX8byV8PSqtC G2SxmMZD82xYxt1TVe0Er54lj+TFU26kms2CiV2jNstJbK3hlTYTSNLsPACo1fSt x0bMn27zZnqBnBBdiO5hb+gAPzs2vJGGjAVrwoNI4qBISp09rQ+xxyweD7KgjUR3 Gn2kKZKTux+42Wil5R060BgmjC9kTBM17ZQexFjxKAvOxgkRZ4uzwxWNk1VEDft8 aV6ztCJE01IwjImqUF1BxHZn/M3NPmFCTOg3m4bj44p1h1U/Y3xMsw== =hAvM -END PGP SIGNATURE-
Re: new problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 14 Jun 2018, Walter Ulmke wrote: 1) my inbox is "Posteingang". should I officially declare it somewhere? I now get the following error messages: Jun 14 00:23:32 ulmke2 dovecot[3981]: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: Error: opendir(/u/ulw/Mail) failed: Permission denied (euid=503(ulw) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?)) https://www.dovecot.org/list/dovecot/2014-November/098808.html Jun 14 00:23:32 ulmke2 dovecot[3981]: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: Error: opendir(/u/ulw/Mail) failed: Permission denied (euid=503(ulw) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?)) Jun 14 00:23:32 ulmke2 dovecot[3981]: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: Error: Couldn't create mailbox list lock /u/ulw/Mail/mailboxes.lock: file_create_locked(/u/ulw/Mail/mailboxes.lock) failed: safe_mkstemp(/u/ulw/Mail/mailboxes.lock) failed: Permission denied Jun 14 00:23:33 ulmke2 dovecot[3981]: Error: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: open(/u/ulw/Mail/dovecot.index.log) failed: Permission denied (euid=503(ulw) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?)) Jun 14 00:23:33 ulmke2 dovecot[3981]: Error: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: Mailbox INBOX: file_dotlock_create(/u/ulw/Mail/dovecot-uidlist) failed: Permission denied (euid=503(ulw) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?)) Jun 14 00:23:33 ulmke2 dovecot[3981]: Error: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: Mailbox INBOX: open(/u/ulw/Mail/dovecot-uidlist) failed: Permission denied Jun 14 00:23:43 ulmke2 dovecot[3981]: Error: imap(ulw)<3997><4O/Xbo1uotLAqGQd>: open(/u/ulw/Mail/dovecot.index.log) failed: Permission denied (euid=503(ulw) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?)) Also, when I start Thunderbird I get the following error message: "der aktuelle Vorgang in "Posteingang" ist fehlgeschlagen. Der Server des Kontos antwortete (Serverbug) Internal error ocurred. Refer to server log WHERE IS THE SERVER LOG? What you've posted amd what contains a detailed error description. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWyH30cQnQQNheMxiAQJXkQgAybOI2jhLcRgIlEXOSuLq9tP3d3epkVHO QUZ3Ehd415NyVeXW4f7npOuycyRWpa0d8bwwnLwYITbHeNDtJMeVUWqfDMq6JIA3 x9I++9EifRlOacfcFrd24w1Ivtu2mNxs261Ii1wLDxEDaB6D8UvWPUS3vKZ+DPt8 oM7r5XS5M9NhedgmXcL+pnAiGSqUz+ucvuYSUf7ghsJZg/gJTE2Ogz+YOI+5O5HS YYt+6vqqrxUA3qcHc3iXLrf0U3AbMxXAIxaBVlxlOLkeFucyLL0R3jC6ubgB/AzL tpNqmoM7ftD0l7oJGM3fofFGaC6DrB2L8kFS2MRx263K291Z1KLFPQ== =sNJL -END PGP SIGNATURE-
Re: cant login to Dovecot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 12 Jun 2018, Walter Ulmke wrote: Date: Tue, 12 Jun 2018 14:23:30 +0200 From: Walter Ulmke To: dovecot@dovecot.org Subject: Re: cant login to Dovecot On 2018-06-12 13:14, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 12 Jun 2018, Walter Ulmke wrote: un 12 12:30:06 ulmke2 dovecot[5814]: auth: Fatal: APOP mechanism can't be supported with given passdbs Config error. "Fatal" sounds fatal ;-) see below. Update your mechs stats: open(old-stats-user) failed: Permission denied There is no stats config. Likewise config error, but not fatal. Post your config auth_mechanisms = plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi https://wiki2.dovecot.org/Authentication/Mechanisms?highlight=(apop) APOP: This is a POP3-specific authentication. Similar to CRAM-MD5, but requires storing password in plaintext. But PAM does not offer access to plain/text, IMHO. managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl = no ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWx/IGsQnQQNheMxiAQLZaQgAwqOE59dZoXqcBkYYmdgiej4glYRhjaSl kwZeY6aFHjoErXK9B2VmrL9atmcMWoI3cocoCzpk5lib5CDuAXdQujCWluT/B/CK 5597D/OG77GhlWhG73Dptytkc03qjx3l4XipkcVrNKtuKVtKO1POFnldfIyUb0mr v73XsTo6trbQu9+S+oK9nZGrUUnirGivz+aVj6Xe2JNke69H8Et6LOJdmQdDxKqR gmGKXwtPMspX5yKOb/4oOLnc6yzif+RVSdC8wcMyGc3dQapVIRKtFOceal5B3eu9 PopaPlTmLTA27GmbxlNbQYP/YZnAxlZTTCvls28fegm1mVfpQeQ9qg== =HFv8 -END PGP SIGNATURE-
Re: cant login to Dovecot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 12 Jun 2018, Walter Ulmke wrote: un 12 12:30:06 ulmke2 dovecot[5814]: auth: Fatal: APOP mechanism can't be supported with given passdbs Config error. "Fatal" sounds fatal ;-) stats: open(old-stats-user) failed: Permission denied Likewise config error, but not fatal. Post your config - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWx+rFMQnQQNheMxiAQL4kgf+NIOIf/sUgrloibuBz2HyTEwsdFma7/OS jb7ibn9GkG5Q+72Jlfei/O6CG/v6t0poUgGrRhEOU6JTMLwkHB5PQgip8Spu4C1S K16HMRBHOibOjAhoS2JB/On2KRTb6qH3gNd//xuPbkM3tjTT3s+YoI3+Yg+2dVbp 3L4Bfb9ajosYzD3fb2L+UH1EFIyXY73GqUriXJCxApMbTTCGrvZQ6mEqObVCUqiR 8mbx72v4Es/RgXpXJT1DAvoJanGEbUk7YE7SWTHYUzQ3JyN9KtUYIgn6pca9mmWI y8GRn3nIHOI6ny2HCDp5SyFKQ7A0GJeVHLECUjD8Wv/uXF/8tpADWQ== =gFZM -END PGP SIGNATURE-
Re: Problem in Pigeonhole sievec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 May 2018, Thorsten Hater wrote: I stumbled upon the following behaviour of Pigeonhole, which I consider to be problematic. A user deployed a Sieve script similar to the following snippet if not anyof (address :is ["from","cc"] ["...", ..., "...@... GARBAGE", ...] { fileinto "inbox.Trash"; stop; } Note the extra line break before GARBAGE. This script is obviously broken, but gets accepted by sievec and only fails later, at runtime with line X: error: found stray carriage-return (CR) character in quoted string started at line X. So, the question is whether line breaks in strings are allowed in general and the runtime error is unavoidable, or should sievec return an error? https://www.ietf.org/rfc/rfc3028.txt first hit of quoted-string quoted-string = DQUOTE *CHAR DQUOTE ;; in general, \ CHAR inside a string maps to CHAR ;; so \" maps to " and \\ maps to \ ;; note that newlines and other characters are all allowed ;; strings So, it's correct. But the address should reject the CR. I guess, Pigeonhole triggers the error for sanity purpose? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWwvuQsQnQQNheMxiAQILoAgAyRjSObVJkrAmxzyLau9gIvvMOM2R++HP pwsptIQ72xoYJOO/Lnd1TmfKTE9QYwtOGkSKr8tiJVD8JOpL5fUbB6mZNOTXkAv0 TOW2gA7v06nXq6K0ETum8anoKTIF0o4j5aQJ5yQ5CrzlVQqUwTsf4mVVNqK0hn/L X5RAuCVQyx6sdvCB+lSOGmLv/fT8+xHS03U6jzCp/Yov5OKsT29oOOF6dXWR49Iw BL+DOd9T37hHF6ENp4A5wxX6iCMKLsWL0f5xTcxwRK5GOiCDoUH6ZpiywD0PtCuT VlusmbIByGON7foNlCPusTVcfq8GenMhOrgFcbp1PfRrShIQgsjWSg== =vgR1 -END PGP SIGNATURE-
Re: Cannot delete folder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 21 May 2018, Yves Goergen wrote: May 21 10:36:14 mond2 dovecot: imap(yg@.de): Debug: Namespace : /var/mail/virtual/.de/yg/.Test doesn't exist yet, using default permissions May 21 10:36:14 mond2 dovecot: imap(yg@.de): Debug: Namespace : Using permissions from /var/mail/virtual/.de/yg: mode=0700 gid=default May 21 10:36:23 mond2 dovecot: imap(yg@.de): Debug: Namespace : /var/mail/virtual/.de/yg/.Trash.Test doesn't exist yet, using default permissions That's it. Thunderbird shows an error message with: [CANNOT] Renaming not supported across conflicting directory permissions (0.000 + 0.000 secs). Well, there is the first error, too: yg/.Test doesn't exist yet is it possible, that you are subscribed to a non-existant folder? Thunderbird (or some versions anyway) will display any subscribed folder, regardless if it exists or not. Dovecot fails to both delete or rename non-existant folders. Checkout the local file "subscriptions" in your mailbox storage. (Close any mail client before). - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWwPXicQnQQNheMxiAQLGFAf/Wzy0BkUBTROoi5qxzk+kjCdLVfpWkuth l5ubst9ktPmMbE1M3TFyL05ovAH1FPn+ebYTYOAS6ge2qrtgZoejzvtOxZ34hCnV gHR7P6fDA/Kj+NCO0xRzS522K/Y42JSgkg1MDGkauiJ4R+RoUabo6Fbi+EToUOGy b/oE8iDvG2toL06zUj1vptpq1kCjNDO3WKfb9DeNJQq186fpudSuz2VaHgr8lpCF zbKooIPPLLn+0QIYPpusoJMz3nAqGNrZC+gKdmdB83nhogUi5jAzwBNGmA9I/5yn g3mx68jM9cdWquHJWpJpgAlvAMys0fqz5dnZx/zNNd6d2X5pYzRRtA== =UED3 -END PGP SIGNATURE-
Re: end-to-end encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 15 May 2018, Gandalf Corvotempesta wrote: I was looking at protonmail.com Is possible to implement and end-to-end encryption with dovecot, where server-side there is no private key to decrypt messages? Maybe the term "end-to-end encryption" has changed, but usually that means that clients are the "end". Hence, there are no keys on the server. There are some approaches to automatic key discovery and hosting with GnuPG's WKD / WKS. If I understood properly, on protonmail the private key is encrypted with user's password, so that only an user is able to decrypt the mailbox. When the encryption takes place on the server, the server admin is able to tinker the process, hence, this is no end-to-end. But, read Aki's fine answer about this. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWvvNJcQnQQNheMxiAQKGvggAmTSJypn1AnTbarajkEoTWw3q3ciBjDFP Ivv7ENlbXLVVEurx+KWCvP/eO3OnMunUKQjBcTqc9q4fuaDD8GK8CssP1I31oi1i FC4FPOU2U3WGlOjGmgCUsAJuQpdO3kyy28UGWZgmWLFOqDrGtBh3xEGJxOpxI3MH w1Sqhig9M//CBVT+cT5+jcQy2YxuHJODFQj0rhimdRXmK+xSsQioxlUrKpXihw1U n594pw9ogXkZPm5MoEsOahtqxwtXtWbzUqnQZiq3mPDWTtHj0YsSz2HoSAix8oJ/ mGOazhZwLTKYyRLjjTfzmKtT6XMvuHINqXIcrG78t7L9bJwIjdfpnQ== =VBMS -END PGP SIGNATURE-
Re: Sieve "redirect" changes envelope sender in 2.3. / pigeonhole 0.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 20 Apr 2018, Olaf Hopp wrote: On 04/20/2018 02:53 PM, Olaf Hopp wrote: On 04/20/2018 02:01 PM, Olaf Hopp wrote: Hi (Stephan?), is it a new feature of dovecot 2.3 /pigeonhole 0.5 that a sieve "redirect" changes the envelope sender of a redirected mail or simply a bug ? A sends mail to B, B redirects to C C sees B (not A!) as envelope sender. It is not a problem if C gets the mail but if that mail bounces for various reasons it goes back to B and A will never know about this. That's just one problem these days. Envelope *senders* should never ever be modified. If the domain of sender A has SPF records installed and B redirects to C, but keeps the envelope sender A, the SPF check will fail on C. Looks like any redirect has potential to fail, unless to establish some sort of SRS as well. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWt1u98QnQQNheMxiAQISqgf+JsHAG9PRFJ+A2XMOTgFN6fCeVHAHDA9+ bmoQV89lbU60TXyrEIsAsVafCZgNWpIeqI9x4gfkAEXkw9TW1AY0Sk7pk07K8Wbw G3aSpNI2VKFrgQ21ysLbiLn2urGapQzavmkV1UmWq4iIKfnNKPocFW+EXLWm7Gdx 7lXK9nMFwG0n8M3uLN8+p+quh6COF7cW0UKQmELcgYMBIiwZWbyTt9xo5Tj9eqsk blUaBHxREKQhs+FsgQPEaWsnE73wRUsWzt7yRRw+kZFa3r3OLUc1io9duc+AKJ2Y j3dkqq5bqHlDVoiprtdFVEicWhWgJ1t4YQWOZ8iLwprq2kwkHgk+gA== =cbC3 -END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Mar 2018, Andre Rodier wrote: In fact, I am using the otherMailBox attribute, from the standard OpenLDAP distribution, which is also IA5String. - Is there any way in Dovecot to encode the fields in base 64, to send queries? as the query is "eq", this would be enough, I think. Check out: https://wiki2.dovecot.org/Variables?highlight=(base64) However, I never used this modifier and Aki pointed out, that UTF8 usernames are not (100%) supported, yet. - Or is the LDAP server is supposed to store attributes as UTF8, and in this case, how to configure it that way? To achieve this, you must/can extend the schema with your own attribute that uses: https://www.ldap.com/understanding-ldap-schema "Directory String "The directory string syntax is basically a catch-all syntax for UTF-8 strings. It allows values with this syntax to have any combination of one or more UTF-8 characters (empty directory string values are not allowed, although some directory servers ignore this constraint). "The directory string syntax is defined in RFC 4517 section 3.3.6, and has an OID of "1.3.6.1.4.1.1466.115.121.1.15"." Otherwise, you could _misuse_ an exiting attribute of this type unused in your directory otherwise. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWrC/hcQnQQNheMxiAQLV+wf+P/gzADRyNSIQtILNKoN7eHEVPNGt9iVd TzHl5rka9XB89eUE2lsGjlURH3PIVqDKjtTEAl27CYiBr9OI66u+PvhE1o2lvY7R YBG1Z/R3n8FWF58HpxwJGBbY4iiPQKSvvRM43/Q2mYnEveyIBvNZawNo0okTNMOM bMSmpUhxGKsqmAeEoUQHOKrujAK0qfucZDI7nuSGjJeej7L2HXm3sEEKTEuYmUDQ E2ox5fAyIMURA+NINzdmk7chXu30DfWuHNY8jwezM3SEds5xlAy4x6qD6EZ4f7qP KnYEfxnYyISDqcXSy9AL20srIzn2OXiTA3/TiVOKFXpHrrst8kVCeg== =+Me+ -END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 19 Mar 2018, André Rodier wrote: I had to use base64 encoding to store email addresses, because they are rejected otherwise, with an error message of illegal characters. I also you are using the stock "mail" attribute in LDAP as: olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) http://www.oid-info.com/get/1.3.6.1.4.1.1466.115.121.1.26 https://en.wikipedia.org/wiki/IA5STRING IA5 :- 7bit noticed that some of the fields, like 'dn' and 'cn' where automatically encoded in base64 when stored when including accentuated chars. you mean when you use ldapsearch or similiar tool to export data? LDIF traditionally encode all data in 7bit ASCII, which is noted by the double "::" after the LDAP attribute name. The data in LDAP is UTF8 and binary connections need not encode it either. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWq9lWMQnQQNheMxiAQL3ywgAtbWsT1U+PQgdK0D3StI9c44r8KgEG7dr AXhIvFPowuD3U0KH0ZJ8VHc+/WN0DMqCONvuaUyueaGY8bgqx+cNw8z01zMC9hTF xfs8x1lQsgikacyyjo3o9WehOJzgnlGvt33LLwjsI62WOLFE8PXnkZFXpkAWI1f4 yTWoTFOxPnAA90CDBS4aBHdBaFI0TwbiGP5oIyjGCvI1aHJSTy5lNKfwUkvTdI+L tH4Z0JDkB3YBnRVIL6ST5W7p0VvBAQo+ia+UXpsZ4b1t3/xYCKtNV0ls9jIoqVzg dEFeyUoKQe8k5N8k6/vVVElzwtW6fxzQUJQXj01u03udqVMmTqXhrw== =8rp9 -END PGP SIGNATURE-
Re: Accentuated email addresses stored in LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 18 Mar 2018, André Rodier wrote: Every other alias works, but not those with accents. They are correctly stored in the LDAP database, using base64. Despite Aki's answer, whether it works at all, I would expect the enconding in LDAP is UTF8 instead of base64. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWq9ac8QnQQNheMxiAQIDPggAs2T7WwPYoHhIjl8r0Iyt00VFLnlqwECD IqFYL+aznVC2KXWzhK8Q9wZyQk1NyjNtEZnPUmsET0YUF9CK2P7WfruKLhqIH6VU ebLC7GXrCOeweaFsd81KFANyJ4XlsIkETceA6Myyzn6cgvYiaFptVa3n1y7LHx3P 6cmkCG0qwxM90+ucsZZkddkqCyaPQ8RbyFXTVp08ygAHIVhXALN5CWAR76B3KE1i q9WBh4PMTxu50gJDYBPHwONrz6qJ8JznnSwOKpxu7cTVPmMrwunqd4+s4EfqLl85 k+4DKOyUYIUeNTILAZ4kutXBf796ZFXAd4ADybVV9Q1ghltvbVTE/Q== =etDA -END PGP SIGNATURE-
Re: extra IMAP folders: how to make all clients use the same Sent folder?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 28 Feb 2018, Stanislaw Findeisen wrote: I have just setup IMAP with Maildir, but unfortunately some clients create their own folders instead of using those specified in 15-mailboxes.conf . What could be the reason? Because the clients do so. Here's what it looks like: B list "" * * LIST (\HasNoChildren \Sent) "." "Sent Messages" * LIST (\HasNoChildren) "." Gesendet * LIST (\HasNoChildren) "." Entw&APw-rfe * LIST (\HasNoChildren \Trash) "." Trash * LIST (\HasNoChildren) "." Papierkorb * LIST (\HasNoChildren \Drafts) "." Drafts * LIST (\HasNoChildren \Sent) "." Sent * LIST (\HasNoChildren) "." Ausgang * LIST (\HasNoChildren \Junk) "." Junk * LIST (\HasNoChildren) "." INBOX B OK List completed. Here for example "Gesendet" (meaning "Sent" in German) is a folder created by some Android client app. This app uses it to store its sent mail, while another client uses the Sent folder. Yeah. If the blue traffic sign with the bicycle on it tags the left road, many bicycles will choose this way, but some still choose the right road with the blue traffic sign with the pedestrian on it. The "\Sent" is a hint for client, which way to go. Either force your users to use another client, re-configure their client manuelly, or - sometimes - - the mail client needs to refresh its configuration. Also, is it correct that all those folders (both pre-made and extra) get created directly in the user's maildir, alongside cur, new, tmp and Dovecot index files? Shouldn't there be any subdir? Yes. What kind of subdir do you expect? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWp++r8QnQQNheMxiAQKA+gf9FbHKK8aOvmK2wMKw7KCG2M/tIP/jG3th 5aGdiEzWAoiU9RNlAhW+7I8mzRknnmdoUI5wOGNLUdvlXxbYm0MBUuL8JJufNOCl 7eJ15/J03MWgPMKdANs2TePZNyNEtvkLxKNQJbYw4QY1AtaUXS1brPa8/qaIiHmo Nts9UWs1c/to1MzMPjWbBjkmlQ6ftKs8q6UkhQ+xv1YdfqD9ObV3xWIJHzWiUDFL zU7SnpwEm3m8Vj+z47NVFvtDDSk23CarFx3XnVXH56ThFPZU5VXqfsNxdwkY7gRz 3hs3dicwWNLf87jtTDL9o2d0cYj3KqZvgmmMAOapoY/dnq0U993mAA== =NbrQ -END PGP SIGNATURE-
Re: requiring a full fqdn for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Mar 2018, David Mehler wrote: Thanks. Can you elaborate? post your sql config of Dovecot. On 3/6/18, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2 Mar 2018, David Mehler wrote: dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue? If I need to provide my sql password query let me know. your SQL query in passdb allows both usernames. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -END PGP SIGNATURE- - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWp+YQsQnQQNheMxiAQJTmwf9GMcFCQT0wZmBjJom7Ni3UHTz0eHyYEHS aCQ0aJ0VFz7WRxuHjlyfCaTkcwtMNQ3chos/wcLpNZ6gsSb4LIMLTXFkO6ibioWS f1IUVlcQ1EefekyZh/AC8DvH3pw+mejLsG7eUzUwNerbQ7bhh49q2lDZNjaBVlPu O48t8HV4Jt2X84GTo8vNkNmTc0PCs0ul+Y2Hg9H7WjTl8HMGH+YR/P1cTC6yk8dU JfQ1jhvBpdvXG8lccSehHrpJ7f76yuB9i7QUDVHy+193ECwkFHOfhFVwsm54Edpb nPJrygwyciDz57ItMABbDsaek66tZyVmUNEnLyaeKbkCw1XH3B7tuw== =3UkM -END PGP SIGNATURE-
Re: requiring a full fqdn for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2 Mar 2018, David Mehler wrote: dovecot to require a complete email address as a login. Currently I can log in by either a username or fqdn. I've got the below what is the issue? If I need to provide my sql password query let me know. your SQL query in passdb allows both usernames. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWp6JisQnQQNheMxiAQKuuggAjNcedq1DVGWbe/3vpKHUHdgBJVzmmEsI seSm/NFfR6/Fw8c4fCz0BAiIBUkmo7LEowFFo6M9Yf+ZJHP1IDt6N7gWTgral2Vh pMrNn+mv9okzL2UvJzUlkCA4ntBJVG3BrG9ZUJfk/1f8IKS090nNpu4F79Ag0TG2 MiobX5XtIRvpwSTCteVzQaIanpNhmW/BSvA2smPcdt58AmVI6HUslxcsv9A1XZLP q47pYucUTyPdsNcK4OrzitRH2+0HNTw70kClP/dfUWEvL4ssw3drCXhO7LjN+Crq IpdfHp0k7bkfIv/e5Lfg4ZZs4uV5obEyqaa+UP0IUTLrEau1syZd9Q== =lhft -END PGP SIGNATURE-
Re: stats-writer failed: Permission denied
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Feb 2018, Jakobus Schürz wrote: Since i compile my own dovecot (not using dovecot from debian), i get this error on each startup dovecot with systemd Feb 07 11:16:35 aldebaran dovecot[7455]: imap: Error: net_connect_unix(/usr/local/var/run/dovecot/stats-writer) failed: Permission denied Feb 07 11:16:35 aldebaran dovecot[7455]: imap: Error: net_connect_unix(/usr/local/var/run/dovecot/stats-writer) failed: Permission denied I can change the owner and/or permissions of the file, than it works till the next reboot. How can i set this correctly in my configs? check out something like: service stats { fifo_listener stats-mail { user = vmail mode = 0600 } } https://wiki2.dovecot.org/Services#unix_listeners_and_fifo_listeners - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWnwNqcQnQQNheMxiAQLyVwf8DBEV27Nz5VXG3ENcjkkTblDS1/7dkTHc ZWbBY9VfRMp8VzjCCFHRNcHiPB26Y9qeXlVjOnDkBJXtl+XvmH+2Stg+LALp5Elh mS4GZNbu2ydYz4w35DbDY1+3Yg29LTp6kzLbn6s9wWLci0CiJCxbHuHvXKhBPMNE VGTBoGRhh+VOLJmN5lduVPHz0BDMUzeB74I3vWLNrYgIlXG7+vezEMPG4SgiX0b7 pggzrUEcQPPGnFDGDzuGtK7XWVJUoYEnJ81BYBplf/p6dB9ExqlOLl9c8jmeglwb JsBI2UNp2BSANggKG0oCRfbkAUgeCPpIIejGnhNFGKujBNdz1lYDNA== =49Ge -END PGP SIGNATURE-
Re: LDAP userdb and dovecot LDA/LMTP - different requirements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Feb 2018, Franta Hanzlík wrote: I want to use Dovecot LDA (or rather LMTP) use as local deliver with Postfix MTA. Users are in LDAP DB with structure as: dn: cn=username, ou=rank, o=myorg cn: username objectClass: Person gidNumber: uNNN uidNumber: gNNN userPassword: (somehow hashed, can only bind verification) homeDirectory: /Home/$rank/$username mailActive: 0/1 mail: usera@OneDomain mail: userb@SecDomain (not all users have 2+ addresses] uid: username groupMembership: group DN (can be multiple times for different groups) ... where: - cn = uid = expected IMAP login username (which hasn't @domain part) - user1 (and user2) isn't always same as username ?? What means this requirement? Now I not know, how to solve IMO diferent requirements to userdb: - LDA/LMTP need LDAP userdb unit, that can retrieve the name from an email address (ie for "usera@myDomain" returns cn/uid (as dovecot "username"). For LDA, just use another config. - IMAP server need LDAP userdb unit, that will have the user login (username) as the input parameter, and which returns information whether or not the user exists. user_filter = (&(|(mail=%n)(uid=%u))(mailActive=1)(objectClass=person)) this assumes that usera (without @domain) is not the username of another entry and that there is one entry for each mail address only. Users may login with their mail address. On the other hand, can you solve the aliases in LDAP into usernames by Postfix: http://www.postfix.org/ldap_table.5.html user_attrs = \ =home=%{ldap:homeDirectory}, \ =uid=%{ldap:uidNumber}, =gid=%{ldap:gidNumber}, =quota_rule=*:bytes=%{ldap:quotaBytes}, =namespace/default/separator=%{ldap:mailSeparator} Can anyone explain how these constructions work? And what do mean attribute notations in the form '=attr=' or '@attr=' or 'quota_rule=*:storage=100M' ? Nowhere have I found a sufficiently comprehensible description of these constructions... https://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb?highlight=%28%40mail%29 - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWnqnY8QnQQNheMxiAQKihgf/bNNeVf+I4k75Buub0y1i46SIfqLdVdpb /qRTMz/ZJKZcNM5yu4st6HS/z8adZU5/UGC/sSrjTyYajtsXsXpKjKm+vzi25ylU X+C3Eq2Z6V07ijr20uqJVcO0JxoQ86aqVEoN+gP1IkvymjFPJdAZKXwooaAevX44 /cwCvykYeYlAYhF2ONGbcES+rwirQkBQOebzOuA+ncyiKhbjjwjzRfy6kdMMHtGn 06AKeENBjsXIHkoMdR+AyKFWN4lGcOqEYK56g231CwsMHz5VQCskRo6ZyIlKwKjx BFU/N4Wy1V4jQ56czLCEq+bM3wGDjMvmkh2xuHFPeX8xL/JOCt9Rhg== =czTH -END PGP SIGNATURE-
Re: Cannot delete IMAP Mail-Folder in Trash
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 1 Feb 2018, Gabriel Kaufmann wrote: I've noticed an annoying problem. Trying to delete a folder that has been deleted on IMAP and is moved to trash has problems being deleted. Thunderbird does you have subscribed a probably non-existant subfolder of that folder? Check out the subscription file. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ?? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWnqiYcQnQQNheMxiAQIMGQf/VBzyNrx9VPMKdiYa78iQSE4WMJ6PVj+H ZkMITFxvVP+3MRIfWM3I7QSkCXimgUm9aYeYIGtQNJuuvP3Zo+PGmOrsstXXGaUo 9xe0af3ETo8zo/2k1ec8Hg5QYQZAecsAyJWuTR6J9bEDfRZcU1Kw28pIKevL6HGd 9Wg1ITD5z/8+8zRPTfzhZvBAE8agUZnuI5NeqSz5F+9uCFzkDeC5iQBahUP8AojP maSNrjg2okU8l5mc2qz4sZEvOWgsLe+iEJJ0qOqxpS+nMC68SIjWph9tLpxRxKhX VIDZ1zlegULVI1Ji7ZR/9xaltvN0UdlZ2aSiYNbXNR3h2jhT/AH5bw== =wJBG -END PGP SIGNATURE-
Re: How to set autoexpunge rule for single user mailbox in dovecot conf?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 23 Jan 2018, Alexey Murz Korepov wrote: I need to set autoexpunge rule only for one single user and one mailbox (mail folder), so apply it only for user al...@example.com mailbox INBOX. How can I set namespace in dovecot config, that will apply only to single user? https://wiki2.dovecot.org/Namespaces#From_userdb However, I don't know if you can limit the setting to mailbox INBOX. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWmcddsQnQQNheMxiAQJo+ggAwMC4m6obuK8GHQE8b8FkGkTVlkJZhixr EyJmphdbtFwSKFTKPQsC+k64Kg8zmuBzPAgN5I513FWhiSQATy2iMSKzsIxGCdy2 pQ8P6XzaLFx+lwMWoARpEz8SS7S8H+amaF4JBYG+p0Y497vDxFVmDCt1G2ubVX68 UrZGIpvtUf+i+O3pBKJFLSYS+GQnrPV0RV9eUZuZjGcHrvP+AqTjY79Owvket9Eh 9C4QLar3GSj9kihwDarPTnPBC0tpDsl/Rzt8mU4qEni2Rv2r4N1f7cr3qDl3j4mC E2yaEkGGA+6ywflRMoSAsLhb7hg1xdR36uj6lpUEjS0DpnMVmY6khQ== =ldIj -END PGP SIGNATURE-
Re: rewrite copy to trash->delete->expunge mail with move??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Jan 2018, Chi Min Wang wrote: When user got quota exceed and trying to delete mail. Most MUA's default "move to trash folder" will proceed by copy mail to trash folder,then by delete/expunge it(copy before expunge). Unfortunately this will not success due to quota exceed. Is there any way to let dovecot proceed it by IMAP MOVE instead of "copy to trash folder"->delete/expunge,Thanks!! when your MUA uses COPY, why/how should the server mangle it into MOVE? Should it forsee the later expunge? The server must reply to the COPY before it sees the later commands. If you buy lemons and water, what would you think, if the shop gives you lemonade, because it (computer, roboter or shopkeeper) forsees that you want to put both together anyway? The work around would be: https://wiki2.dovecot.org/Quota/Configuration search for Trash The problem however is, that some MUAs use other mailboxes than "Trash". "move to trash folder" is bad thing and painful, I agree with you. Add the other aspect: Delete in another namespace. *** CONFIDENTIALITY NOTICE:This e-mail and any attachments are confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, and (ii) please notify immediately the sender by reply mail, and (iii) please delete all copies of the email from your system. Failure to follow this process may be unlawful. We greatly appreciate your cooperation. Well, a public mailing list ... - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWmbgH8QnQQNheMxiAQKp/Qf/aKk5Sn7mlzoJU2C5DjMrU3p+BxeSeWjw 5ePNIHxs1zmpC8XEBcEMpikXzvz+1XBKFrmDrYzQv6iibNNMFcXkcHE+FWDeJ/eb 4rdsjb2Eovo3gAIg8fT+LcKrUNXMPDb6FoWl94YyIu4BUzysrhpkWTdHmU3pH1Fu 520NaOSVOASSqMKYaO8t3AGZYK6CMinfFCyO+PSFt/CiBc642adzaqnRdtiNkMeY VBhF8wf4WEqiyaysbbuSmC5/VZ1NTyVRt9KdWaThAcQVVMUf3rMngu70ssYVhWbZ 1A3KMV4ZGh4W7CQJ0vxJHgLoxu0C9pNu15fTfa3TJtkrZbCJNORt3w== =6ZYx -END PGP SIGNATURE-
Re: Questions about SPECIAL-USE IMAP extension
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 11 Jan 2018, Joseph Tam wrote: I'd like to configure my dovecot service to use the IMAP SPECIAL-USE well, in my experience SPECIAL-USE is just a suggestions to clients. Check RFC 6154 for MUSTs, you'll find only few. Hence, how the client (or the server) behaves in a special case is implementor-defined. I do expect that any client supporting SPECIAL-USE honors the server setting (first time it connects to the server or everytime, but at least once) and creates the mailboxes it uses itself. Otherwise, Dovecot can autocreate the mailboxes regardless of its use: https://wiki2.dovecot.org/MailboxSettings - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWlhV0cQnQQNheMxiAQKgMggAweFTjdisGCIV1anbAJ44GK/dzSBn5Xp3 UUednPv/DwxwOiXBXexY0FNgOrNco7HKU/I62ibHgnLAHvSnJwBFV+l6iIHe4Rwm lM0XxK4OVDNIA8urYsEHTEEiVHvodmnIYQLPczO6VVPIOPWviIO4UQkN7PZRAjev 57UM1dvAfx7VaYfKXLVlVMjs+oJbt6XABzs5F0SJAtesxUuISvJwfaY4D/fgHRQY usW7+rfTuMKyW51+iMy86o2N3q+v1Qv9RNJPKfUMfdQWEQTjyr7o30HCK4GVf/62 68EKbHxhl0haK+0M9cDK17KWZXaWMBWTJzAANRHUFAHPbY9AidHgNw== =DYph -END PGP SIGNATURE-
Re: Managesieve and virtual users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 11 Jan 2018, CP wrote: I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. Hmm, your conf contains just one passdb and one userbd: mail_location = maildir:/home/vmail/%d/%n/Maildir sieve = file:/home/vmail/%d/%n/sieve;active=/home/vmail/%d/%n/.dovecot.sieve userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir driver = static } So, how does the real user authentificate? Second, you've violated: https://wiki2.dovecot.org/VirtualUsers/Home?highlight=%28home%29|%28mail%29 make home and mail_location distinct. I guess, above should read: home=/home/vmail/%d/%n/ You've wrote "managesieve" is not working. That means, sieve is working? So, has vmail write permission to : /home/vmail/%d/%n/sieve is it a directory? Does your users log into managesieve with domain, too? but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp . doveconf -n included Thanks in advance for any help - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWldLMMQnQQNheMxiAQLwjAf/enwWoeT5Phx1zuFPh3L0Cn2xemt+nJZU N1z0N6bkICBJKty7L8t/KNnA0a3L7suFKw3lCuQnP3O1FS6O9Kb8dtdynZgjkBeI xjdtVMjK1qtNmwdEtWfZ1LwAuPeMe/qNDDMBpsyqPAPN6RwMrFsEwvoGgq+PdVVX 1XQsQkSpJqjv2mzZfHRqS4c7vrUR/6l54+PY6NT8MEGtX4tZs/z7TVd0Oh75yTKn SpQT7cW/4Xmt06k4ddfB+WjR5MMaEtrc14Zr7RGCIuAyyaS3c/j9xCTYm/nRben8 GykXJS8VYY2xHT2Eq7q397EZKjtMISv07qunLaZjONAsIxMt6T6dBA== =I8QQ -END PGP SIGNATURE-
Re: sieve filter move wrong email to Junk folder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 15 Dec 2017, Bill Shirley wrote: This is what I use. Notice the comma: require "fileinto"; if header :contains "X-Spam-Status" "Yes," { fileinto "SystemFolders.SuspectedSpam"; stop; } I would even add the space: if header :contains "X-Spam-Status" "Yes, " { because the list of tests won't contain a space. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWjOKB8QnQQNheMxiAQIdeAgAyL+FDM/DE5J1sRkJ6P8MuIAT3Zx8zfPO Mljn/kswG551jyso2FfGqAw6et5uHrab3Wk22NxQVK6yR4ySZstr3RF9ICeuJVvs pNFzyvBf0BivihWZLMWiVum0/B0LfpW6T7B93Yvbl/JXei2C6+uy8Mk2zFo/5jWP lpKdIxWs/SMmsjFE2QccfP7Id1aUw+tYM+9P/fzc0/kGkNRs5UCodeo/e30opdvv tJ8QpwPV/873uhk9p5m2NB/0bi4i9Rg5VMC2ui5trVlyOR2q2WpYVZ1gV2tvVpEA B3QY8vrzDf9xb1zDoVi8hMDCqynZZGQ++nSfIux/7DBDJvvYx5sYKg== =sUdv -END PGP SIGNATURE-
Re: dovecot (+sendmail) fails to get email into thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Dec 2017, jo land wrote: I use 143 Imap to connect which i have tested with telnet and was able to login. But if i select the inbox with telnet it returns "0 EXISTS" like so: telnet 192.168.1.13 143 Trying 192.168.1.13... Connected to sub.domain.net. Escape character is '^]'. oper2 select INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1513093097] UIDs valid * OK [UIDNEXT 1] Predicted next UID * OK [NOMODSEQ] No permanent modsequences oper2 OK [READ-WRITE] Select completed. Mail location set to: /var/mail/ Well, /var/mail typically contains a bunch of mbox files, one per local users. They are considered an INBOX for each user. You have configured this for Dovecot: https://wiki2.dovecot.org/MailLocation/mbox Each user, that logs in successfully, uses the same files in /var/mail as mbox storage. The "INBOX" is empty, because there does not exist "/var/mail/inbox", I guess. See 2nd example. If you see /var/mail/username, you should at least configure 1st example: # %u is replaced with the username that logs in mail_location = mbox:~/mail:INBOX=/var/mail/%u Note the %u and ~ and make sure, each user has an unique home directory. You could replace ~ with some specific user-specific path using %u as well. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWjIQfMQnQQNheMxiAQIvzggAo4PjphR52C0eHUsKFEojGWaCHPn8gCoA oIJbuqa9DM2zdbYDvDxHmPYXjnnk8zh2210sd6+wvvpCr13+R1Rbm65oXfi++zgk AUu7d/NB+wULafRxl+NY2HQNVDG1dk/1eHhDijmDDqF9A4eKYNjvHhZbRyQ7gEMw CwBOne8R8uP+pWiFjDMyvPJObjFrGflxlwVgqopbEBq7WM6cCx96esY4sJVJzG/B NN9PMHsmPdysngTXlE7DzzCrRrTzuccXCHD40AKh5n8Q5/HKHvl3egvQY/I6x21J jYCEEEGTG0vN8kVQDKSXD0Q0l+yYq1hA6VYpsKS4CI8kL0UpRRo0jA== =yetO -END PGP SIGNATURE-
Re: Howto authenticate smartPhone via Active Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 2 Dec 2017, Mark Foley wrote: I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via ^^ shadow first and. failing that, it does authenticate via GSSAPI. Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the shadow authentication fails, no other methods are tried and no connection is made. What can I do with my dovecot config to fix this? If you are asking about how to auth against AD with plain credentials, see https://wiki2.dovecot.org/AuthDatabase/LDAP You can add another passdb {} . However, this enables any client to use plain credentials, incl. Thunderbird. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWi4pxMQnQQNheMxiAQJeKQf/UmSsc1YRSgPAJKEjB12lJCpCX2oj8Wfd qV9by9tyU942gNsAArBzMaSxgRWYb8yr6lmuPer0/HZJCQyExchjGgzc/HDeMJPU uxt0dOVvY4SXmfwv+phwlDO3UvDt5sagLNNx54v8nal+OIxAZ+juAxs/NiNPTlt+ 78R7TGaRj6Fxoyc/Ssf1CbCVr2ECK6m1YtJ+Jpe6Zi5FPMndx9rwWj/MMp5CW93/ UDUMM2wWoYBavzBXIEVb8Xi9n7PYJH8kdA4YILQdNrYTQR5k6XDLsKH9UYc/n216 CjktUGSC75E3zUk8a665gDJ+D/CjPfJSz/DICgkIeGAzweUfvVZk3Q== =L5oG -END PGP SIGNATURE-
Re: Use multiple mbox locations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 3 Dec 2017, bapt x wrote: With GNU mailutils on Debian 9, we receive mails in /var/mail/ but when we read mails with the "mail" command, they are moved in a file ~/mbox: "Saved 1 message in /home//mbox". I use Roundcube webmail with Dovecot but if I also use use the "mail" command to read emails, Roundcube will not display old messages anymore since they were moved to ~/mbox. Hmm, this is a job for: https://wiki2.dovecot.org/Plugins/Snarf - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWipSjsQnQQNheMxiAQJqQAf/W9DKVJpR+5SX/imTYICgW3fCjj6VR5rl K/0SNROZDj7U8KoaFc4fs0Bgxuq0j/DhflDeNa+9cQF3dm0QJRVfW7UrAgsuLPUU XB3MKwoma270YjKpnChVqFjOIoOIhJm07e8MWaZge3QZByVFMpLCF707cWHav8OQ pURoo4MUXWKMHJO8gbUR+Tn1naSEmK7wBkVdQpINScRLlqS7vKOmYAwkb0h1DBoc C81P8EI5HqPjZvajL63F57aGi8VJGY6AHwR7dhuXT17yitrv0TBCGwcn4Ql9HPXA Wa34L1PXGe6NbEzj0PZvhiBY8+nFZ6ZfN/qOOTkQmj7Oq4ygy96vNA== =L+Yz -END PGP SIGNATURE-
Re: Autoreplies are not sent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 29 Nov 2017, Sergio Belkin wrote: Now, I'd want to every mail was sent to support-...@example.com it triggers an autoreply vacation style. So, I've wrote and compiled a sieve filter, something like that and put in op1@example.local sieve folder. But it fails complaining like that: nov 29 15:55:39 muteriver.example.local dovecot[12549]: lmtp(12675, op1@example.local): CqNdF6sCH1qDMQAAcSFsIQ: sieve: msgid=< ded22f3d-f1e3-157e-0667-ca73d851d...@example.com>: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=, and additional `:addresses' are specified) your MTA does not pass the envelope sender to Dovecot. Do you use LMTP or LDA to deliver the messages? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWh+tI8QnQQNheMxiAQLi4AgAuTja/RGggap3E/EmqoDt42FNfPV/Tx+i wYC/IoM9KG+IZE4YcVVQW15EMt3CYNWf8VFU4ln45yAPuE/QidZLBdV5P0Ob9CLn uh7o02fc4RHQsmLeDNL3A9NpNTJR/Tj013fW2ZFvEA4hNU7f7IM07j28xZMWLI0Z ToRXWptFmw4SYKuK3utPlE2D3H7kqxskY/736qEoW97p6KFzAre36BH1ANe25/dD SygYJNEuh5B1VsKZg/NJjTpPbZwLCsqoP0lOW/tCG/SyPO991jPM1vzuI2A5r9fk OsxjYnb4xnufiu3Xe0EUkFee3fen9EAQ1LZdDHaueKva3TQmPLb4ow== =2Ex/ -END PGP SIGNATURE-
Re: Server migration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 24 Nov 2017, Gandalf Corvotempesta wrote: I've asked this before, but now it's time to move one server to another, I can't delay the operation anymore (the older server is failing) Both server are pretty old: 1.2.15 Probably, faster way would be to rsync all mailboxes from the older server to the newer one. I can start migrating everything while running then, stop the older server and sync only what is changed, keeping downtime at minimum. Any better solution ? No, it would go this way. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhuqEMQnQQNheMxiAQJxDQf/UHW0IdjQclo81XtGIzs2Wo6L/h6Zw1gd BBwpS8KaqKSprxOVJY375ybzvwU+POuujmaN2v8TXPRuJY6ptyy57cqfgPPMN1gG eDp4SoDtQQk0Y1rocM9GdNx5yWb3RLukvpAxLXHaFoQlNRkbIB7kCvNofxiCTcdA 1xcQ7rB1gh+HxCOxf+tLWR/S29EqJeIhxlBUGjTcY42t2hQLBnVwqUJN53GkSWet h+V10iihSkpd3mXPbc49DV0NWUZTVMuspFNWp74sEeJSaOTYbPQU+im60n93ZWBO wotPioiQfES561G2+/SOe0ySvG0h92b2ICZWXKRwSRhcCGI4sNdeiw== =pxDV -END PGP SIGNATURE-
Re: set parameter per user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 23 Nov 2017, A. Schulze wrote: Steffen Kaiser: Is the detail delived to Dovecot by the MTA at all? sure! have to say: I faked that example. In reality I tested the inverse way: My lab setup actually *do* deliver to folders and I saw, setting lmtp_save_to_detail_mailbox to 'no' still deliver to folder while INBOX was expected. so, correct hint: I should really try on an other system ... But from my debug logs it really should not matter if doveconf.conf: lmtp_save_to_detail_mailbox = yes set to 'no' per user from ldap vs. doveconf.conf: lmtp_save_to_detail_mailbox = no set to 'yes' per user from ldap maybe you need: lda_mailbox_autocreate = yes - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhgO8MQnQQNheMxiAQIVxwf+OGigRWAj/EjOl6psAUxFf3EtRi3oWg4A lnF0u3990fqkLZmFF18KUKsnoIKIYkK5Gegp0keHbEZTydULCYozgi7Zks61kiRT tkDq+m9O++89bu6QZkhac2uJrAZx+hNvNFrOSm5htVSZy+IDP1mXfvJlq5vziV62 uQRqigv3OSUukzzhaPCjK8b8bPrqKodW5WKvP2mohX2LQdWsjbIWkY+NY1lkpM5v GTkxab8nZhYBcmEP0bx36aOeB5hgVJMsa+YBcaTTLQKJg560CIE/3YjYqlh5Fcl6 CwmPKf/PXtdMbyD8fWFp5K6g+PaYLMrExi/GS3dup+RnT9VemLqGLg== =9rWz -END PGP SIGNATURE-
Re: Exclude disabled accounts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 23 Nov 2017, Evgeniy Korneechev wrote: We have userdb=passwd. userdb { driver = passwd #server was entered domain Active Directory override_fields = home=/var/vmail/glu_vrem/%u } If I disable in AD user's account, he can not sign in. But he can and will receive letters, which of course is not correct. How can I exclude disabled accounts from 'userdb'? Dovecot uses your system's getpwnam(), so if getent passwd username returns something, Dovecot uses it. There is no notion about "disabled" status in passwd databases. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhaz5cQnQQNheMxiAQJomQgAldUZ2F22x5aoMOkJyyRBi2H7ChRrvTWS THDuYr9SfMoCSaeebrdvDeS7Cqs03/a3G9ffCXsvk15g8rWkEC98vtpUc6NObpLy JhiXU6qL2O+j5jVdR1bCVTqt3IgmC+wQb+2z7C16+PPJMB0uBK3S0e8PBjrqbESI ni/UFXwCUEybNrUiToqCuCvTSujFlnk83oeQhzN/NN1JZefPOixovn+vci1O9zba NVMDrjbC0vb/e+EQkJQmQGjGmhwPsMb1Z0waTQPq5fjV3DgUy1XaPOoP3gMexKpx dB3SPZ2WK3rNc1uR6CyrZrdjObLC6XKjN6xZg070dFX2kRcpJMyZOw== =Dp0N -END PGP SIGNATURE-
Re: set parameter per user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Nov 2017, A. Schulze wrote: in /etc/dovecot/ldap.conf user_attrs = ... =lmtp_save_to_detail_mailbox=%{ldap:lmtp-save-to-detail-mailbox:no}, =... Unfortunately messages to user+extension@domain are still delivered to INBOX/ while they should be delivered to INBOX/extension. I also tried to make the attribute accessible vi pass_attr and userdb_foo = ... because I use prefetch driver as userdb. I also disabled prefetching at all but no luck :-/ Is the detail delived to Dovecot by the MTA at all? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhayysQnQQNheMxiAQKZlAgAwbgQHs46y/g79WjuDN3I5FTxSULOr1c6 hyNmYKC4h+2ZEwyVrOzGZx9debh+idw8iGaCpyqj2mJnBfuJ31ZwXXVjKV6Nvq8C SCntpHW/38vjEKHDiPz9z8O0GE6kPU+nNrqHtaw3RGNygZWH3ZDvMe52HARmGLlz MFqg2s3Uwxx9/bdcfRKjbu98flU9TOv710ZSY5fihWmLYW0u9txoQra1FN+O2cmW sPWomXkJjHHHQi5C9jIp1bvAAFRPzmTKhwdWxlUwlO2iOYcgmFoJ/T+A5UtLOG83 5xLGuVNQBXoui/PixpQn+kBqvw8mpqoY858u0ot2iHFqz8GcVD4JsA== =vpQM -END PGP SIGNATURE-
Re: home folder for virtual users with autoexpunge setting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Nov 2017, fe...@kngnt.org wrote: dovecot-acl-list dovecot.list.index.log dovecot.mailbox.log.2 dovecot-uidvalidity.51e5857f storage dovecot.list.index dovecot-uidvalidity dovecot.mailbox.log mailboxes subscriptions Which ones should I move to / ? these: dovecot.sieve.log dovecot.svbin sieve dovecot.sieve dovecot.sieve.log.0 I'm not sure about this one: spamassassin This is probably used by an plugin or something like that, so it should go into home as well. Thank you! Felix November 21, 2017 9:08 AM, "Steffen Kaiser" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Nov 2017, fe...@kngnt.org wrote: I understand this is correct: as is a virtual user, it does not > have home folder. Is there any way I can set the autoexpunge plugin to > store the lock file in the virtual user email home folder? well, home folder in Dovecot != $HOME (or ~user), but user-specific besides the mail storage root folder: https://wiki2.dovecot.org/VirtualUsers/Home Dovecot however uses ~ as abbrevation for "home directory". - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhPXQ3z1H7kL/d9rAQJBHwf+PjLMPpRPLuNC9NztmJ9G+1xo+vwQBWDM TZZ2+LHg453ojhR/vdZhuhwl/UnMPq+PTyCINwtSzcvHjeRY9GCtUlnPWSH4nHN8 1x7YlsZm6kLa9K0d2e7MJ52s9yUEHlxtvIUxuRMrFfQyc6sHm7Q8WTGNDCH12N8q Ob8sikXdh7+IFJvRP2sjXAb4MldPFudio5CtSfQ0MbrgLEp/pl8BCbrlcycpHCPX s6+cis0GXaKu4ntCyUZAbsckPJ30JFAxhRNltUo+nmCCF4BY1Md87geyUnDr8ehE 4mJP4M4KfZne9i/+XTPuPfw4H3cCNMq3svBJtpLcvqWmnjnLzOhhyQ== =YVgN -END PGP SIGNATURE- - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhQPH8QnQQNheMxiAQJDEQgAv7jPTkGDZSC3iuYWutWcflJE+FbRoC6a T3E932MHUHU0b3kXmzubFyXgKdLIWcWmZD6R+e1x0ys1Hc/4SzcdSPlpyNYCKzUf beQeMQZFa7vvXuLlUaFBMnV5LCl2VlnT5sxm9hcu3mQAP2fj6A2fmJ1d5Mv5eepP id3ILPTs+eO/ms03GJAwTtgqm8XVUhK+idXJEibvGKCuNDZKbq9XGyiHac74tpvX q8EjBwy7VJ1l4B9XTr8GLuqRKApKtu6s9MC5GFeiVU9Qzt5Q4XseUf0ucDfbJ6XP 6MGvLWPLrsanoeDbHrz8P1kNf8luzr6wnu8KwkbFBEKE7QjaE9YhiQ== =b/+T -END PGP SIGNATURE-
Re: home folder for virtual users with autoexpunge setting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Nov 2017, fe...@kngnt.org wrote: I understand this is correct: as is a virtual user, it does not have home folder. Is there any way I can set the autoexpunge plugin to store the lock file in the virtual user email home folder? well, home folder in Dovecot != $HOME (or ~user), but user-specific besides the mail storage root folder: https://wiki2.dovecot.org/VirtualUsers/Home Dovecot however uses ~ as abbrevation for "home directory". - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWhPXQ3z1H7kL/d9rAQJBHwf+PjLMPpRPLuNC9NztmJ9G+1xo+vwQBWDM TZZ2+LHg453ojhR/vdZhuhwl/UnMPq+PTyCINwtSzcvHjeRY9GCtUlnPWSH4nHN8 1x7YlsZm6kLa9K0d2e7MJ52s9yUEHlxtvIUxuRMrFfQyc6sHm7Q8WTGNDCH12N8q Ob8sikXdh7+IFJvRP2sjXAb4MldPFudio5CtSfQ0MbrgLEp/pl8BCbrlcycpHCPX s6+cis0GXaKu4ntCyUZAbsckPJ30JFAxhRNltUo+nmCCF4BY1Md87geyUnDr8ehE 4mJP4M4KfZne9i/+XTPuPfw4H3cCNMq3svBJtpLcvqWmnjnLzOhhyQ== =YVgN -END PGP SIGNATURE-
Re: SMTP and IMAP authentication critically fails out of the blue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 14 Nov 2017, Felix Plapper wrote: Mail.errNov 13 23:59:06 webdev dovecot: auth: Error: PLAIN(acco...@domain2.com, XXX.XXX.XXX.XXX,): Request 29154.1 timed out after 150 secs, state=1 looks like the connection to your passdb (mysql) is not working. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWgqHA3z1H7kL/d9rAQL0kAf/eWMYH6ae6VpVVYyyxTSL3Mv+0iDTXHmV nu/Hi0ldkMgnW7d8hOwLKwxr8a1jOAQwxnWhCNMtbbspC05lrqPN1u2/nd+FqLhE G+vAcAaXvkYTpFqKQsQ8tYJuSBuVJ2zx19+uG48os8oPt6lISQ7ml1s9LTHRVZGe btXVPWHkwh3tWKUSuf+/q3lEGr2MDDuGDkfw6u6ykqWeNifDxBFBNTJYbGl1UeDB sTB0tj7rpKmwy0JR9r1U9QR/MFWT9LlwCfOZqH7Mym/9AJkPDU6ewcrTPOFkt7bF sI+GsmPwJ7+7rU4+hgW8em+wRflphMF8J3BAygVSNWwOJUyZpCiubQ== =NMr4 -END PGP SIGNATURE-
Re: stats module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2 Nov 2017, Jeff Abrahamson wrote: In particular, nothing listens on 24242. service stats { inet_listener { address = 127.0.0.1 port = 24242 } } my conf looks almost identitical. This should do the trick, IMHO. check "doveconf -n" to see, if you have a typo somewhere or any errors show up. Second check out the error log (there might be (re)bind failures). Third, make sure you have restarted Dovecot. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfwVaXz1H7kL/d9rAQJDHgf5AY9MxGxWjEKja9w+DdiSmzSwpNuJ57Fa kbkU8TAWQrrfJ6/uZlA7YZtFqA51HFqIO4vX+kEC2qHXJBq59x00T9CktAWAm0Cj +48fsSiAUi8A28VW+I6GTBpDaoW1d/9aZnIg3Md+QXkD7ydWwKG3V34zXxdUE4Aw mD8iPLCU8zjw9r0Yrwo51OA8yx+J0wRd06br50gDco09oNoQDBJueJyfhC4Dmlcr ELulm5g2D4WOSZpSVF+wAMjgaXeC/Tf97obuGqd7aq5/F6M3Bqo60ZaBPlizUpeY F9NSBGFCkhfSGq/mwXTWaDSveC1fG6RCW4mo85JUkhzb24kSEjEbDg== =/yUC -END PGP SIGNATURE-
Re: LDAP Filters as defined for dovecot UserDB and passDB
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 3 Nov 2017, Aki Tuomi wrote: Check your userdb, is it using same config file? some HOWTOs explicitly want you to use two config files, because Dovecot maintains two different connections for passdb and userdb queries, which is faster. So if you have copied the config file, instead of symlinked them, you might have to change two files. On 02.11.2017 23:59, Will Merkens wrote: I have pretty much everything working fine. I have run into one issue with the filters that I am unsure where this a filter is being set. Dovecot 2.2.32 (dfbe293d4) I have setup dovecot-ldap.conf.ext to control my LDAP query's My current layout used filters based on looking at the posixAccount attributes user_filter = (&(objectClass=posixAccount)(uid=%u)) If I connect to a a ldap account that has no posixAccount attributes set I was getting a failure in the logs Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,): user search: base=ou=People,dc=userful,dc=ca scope=subtree filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,): no fields returned by the server Nov 02 14:15:48 mail2 dovecot[28715]: auth: ldap(sales,192.168.123.39,): unknown user Nov 02 14:15:48 mail2 dovecot[28715]: auth: Error: ldap(sales,192.168.123.39,): user not found from userdb I changed the filters thinking I needed to look at the attributes seen by one of these accounts, I used the apache studio to find out what was visible. From that I saw inetOrgPerson could be used. So I changed the filters. user_filter = (&(objectClass=inetOrgPerson)(uid=%u)) pass_filter = (&(objectClass=inetOrgPerson)(uid=%n)) iterate_filter = (objectClass=inetOrgPerson) Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Y0GBzgVdlorAqHsn lip=192.168.123.236 Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sa...@userful.com,192.168.123.39,): bind search: base=ou=People,dc=userful,dc=ca filter=(&(objectClass=inetOrgPerson)(uid=sales)) Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sa...@userful.com,192.168.123.39,): result: uid=sales; uid unused Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sa...@userful.com,192.168.123.39,): username changed sa...@userful.com -> sales Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,): result: uid=sales Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: ldap(sa...@userful.com,192.168.123.39,): username changed sa...@userful.com -> sales Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client passdb out: OK 1 user=sales original_user=sa...@userful.com so far so good but then I get Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: master in: REQUEST 3851550721 29049 1 519189df600c24c010b57158ac01c867 session_pid=29073 request_auth_token Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,): user search: base=ou=People,dc=userful,dc=ca scope=subtree filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,): no fields returned by the server Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): ldap(sales,192.168.123.39,): unknown user Nov 02 14:26:44 mail2 dovecot[29047]: auth: Error: ldap(sales,192.168.123.39,): user not found from userdb The question then is where did it get filter=(&(objectClass=posixAccount) from since I changed the filters to inetOrgPerson I grep the dovecot settings directory and all My filters are in the one file. The file that hold the ldap settings - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfwUUnz1H7kL/d9rAQI3dggAnmkloeNU+DF1nOeKeZzEMELow9lO1DeA vQ7eUpiXvsD/HkXdAUjF+/bd+AdUEMgZfqn8b/Wd5XhMYkcmx9w1mikYzsX8kZ/P oHRTpfcR+pgp/FfwOeMpg64BXEUwNKcdqVeYrzVKbveWY0wJra9AifpQfFq2TXLI 1Ey4cXkqpafFcEIsjFVGzaZAtyY5+flyD/Hciyf+xP37Mpsi+pXftqzQKiH5ZV93 PVVhW7gMth6jCqIV5rvI/24rjmBqQXV+Il2/3YxLcHpvP8sL+5iis2bWSM06Lvbo wUnMmM7mPFtRWNZfP9ClyUAIt0Qf+pu55BKbdG+bDU/i5TW6dVKs5Q== =esxF -END PGP SIGNATURE-
Re: LDAP authentication and shadowExpire
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 30 Oct 2017, Mantas Gegužis wrote: I am trying to configure Dovecot (2.2.27) with LDAP passdb, specifically with authentication binds (https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds). Atribute shadowExpire has a unix time stamp value. Is there a way to write pass_filter like shadowExpire Or maybe there is better way to implement password expiration in Dovecot? No, I think not. I use another LDAP attribute to deny access to a certain service, using the %s variable. You could think about adding a new variable to Dovecot. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfrONXz1H7kL/d9rAQIL8QgAoNmPOJTE0tQZEHhIQGOZ0cq1tsXPoRTn eOXv+t3uzPJG2xOGq4PmV8fEtJOJANal6k6oW9wAUSqJFYqQhZsO3qXt8ORYjkM8 wM7TBFNGcjPBLkQ9azIJFdIp9FZ6gX76mK67TrJ2kDcALt+KQ5sB0LNs5aAxBDIv EidTm1NHzNuUYHdF2G2dLRl0y0yy/6kKuJNs1hXDhV/qPdl6fWPkeXtMek7ig6q6 RqF9al5F3FzRTem2mL0NcUKMUfb8bjOcyHhhOBfL/f2RJWqDII+3Ucv8bDRdth0Z gy9GmY9ad0d+G54oKSrrykiEQfsK7lJ9RFZfSoMAg3jLs+zLenHxsQ== =glYL -END PGP SIGNATURE-
Re: Dovecot and the Maildir path
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 30 Oct 2017, Will Merkens wrote: But when I look in the mail server at /var/spool/maildir the testuser is not created inside of userful.com but at the same level as userful.com contrary to the %d in mail_location settings. doveadm -D mailbox list -u 'testu...@userful.com' this command bypasses passdb. Oct 30 07:37:12 mail2 dovecot[10722]: auth: Debug: ldap(testu...@userful.com,192.168.123.39,): result: uid=testuser; uid unused Oct 30 07:37:12 mail2 dovecot[10722]: auth: Debug: ldap(testu...@userful.com,192.168.123.39,): username changed testu...@userful.com -> testuser Oct 30 07:37:12 mail2 dovecot[10722]: auth: Debug: ldap(testuser,192.168.123.39,): result: uid=testuser your passdb strips the domain. Any ideas and any settings files that I need to post. Check the LDAP settings for "user" extra field - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfcwcXz1H7kL/d9rAQLpSggAnTWizpyk6wNDRuT//m1r0MaPM/8FriPF NOSdMwOktUblanmlf1OWWsqF/LonTIltscqIhcd8eVz2n/XNcYc9v6Bbe2lhKcLr eQRXX8U901d0TbwMM5c2TRAhyGYAypttTdNnmTwwk9qo4SxW+Dwv3llWx5Rj0OEK ZkOT/2ud/39R5lO4TdR5UirUP2C2MWLS8PDQPXfvUzhiFWJt9hQnrekuuJ7L8P8X 3w+CqUynUIVMI7KeHDc/42P+i6E99aI0YB9G+ctxplICUxLL8XnTdnGHAb20ueHR ym7EQlQx0+qhH1laCtvZZ4lFUCIVmBU3Oqxfyr74KWzryDiwOvlZTQ== =vWu2 -END PGP SIGNATURE-
Re: Initialization failed: Namespace '': mkdir(/var/www/mail) failed: Permission denied
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Oct 2017, tr...@skrilnetz.net wrote: /dovecot: lda(www-data): Error: user www-data: Initialization failed: Namespace '': MKDIR(/VAR/WWW/MAIL) failed: Permission denied (euid=33(www-data) egid=33(www-data) missing +w perm: /var/www, dir owned by 1001:1001 mode=0755//) / I did some troubleshooting and I don't understand where the MKDIR(/VAR/WWW/MAIL) is coming from. Mailboxes are in /var/mail and ^^ /var/mail contains the INBOX only sending/receiving emails is working as it always did. mail_location is still setup to be MAIL_LOCATION = MBOX:~/MAIL:INBOX=/VAR/MAIL/%U Everything else is in ~/MAIL (why uppercase?) Why is it trying a mkdir in /var/www? Because most likely /var/www is the home directory of www-data and you've configured to use $HOME/MAIL as base directory, which is /var/www/mail - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfHv6Hz1H7kL/d9rAQLoHwf+PL52wG8bqOJkfmBeezBdsjOGQN8fF07P 6SjI3PKSPjlo9w9yixRLjXRlGu6MEQj28KouT6bkJibCGMf2GebWX4zw1DiC/F5/ xwc3DU4ISCKUU/SfLGpJFz/1DDL77qtZcPyrpUzkIHz0O275dY912FyJxpPfJzi3 UiWRqmgtGmX6Uzsw0+XzR1zmFJ6o8wHyucxB6tPuy7U89JpRnayvUExN7rfB/Ogs C5pafiv08jq6Ie+HFNkyVowpluVaG2OXclyucGNly3XnY7FSznkKfDYYYrVvP35o jOtrqoToK7+Eg0qQFz9GBJfseI+iuHYBcmjOrBO/Sc1J1BWgDBm5lw== =Nn7R -END PGP SIGNATURE-
Re: authenticate as userA, but get authorization to user userB's account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 25 Oct 2017, Heiko Schlittermann wrote: Jochen Bern (Mi 25 Okt 2017 14:44:26 CEST): … additional account within the mail client (thunderbird) they use. From users perspective it is exactly what they want. But I dislike the idea of sharing the password. ... I didn't seen that someone mentioned user sharing via ACLs. That brings some other idea: We use LDAP authentication. It is possible to have multiple (how many?) userPassword fields per LDAP object. If we are able to track the password hashes (which hash for which user), we can have each user using his very own password to login as another user (provided that other user has an additional userPassword field) Yeah, something like this should work (never tested in this full outline), let's say: 1) you create a new account for the role, "role", 2) you create a new virtual account for each member of the role (Funktionsträger), "user/role", 3) using passdb queries, you associcate "user/role" with "user"'s password, but returning "role"'s user id as Extra Field Because the returning Extra Fields are independed on how the query matched, you need one virtual account (actually doing the mapping of login credentials to Dovecot user, which is the role account) per human impersonating the role. The mechanism is the same, as if you map mail addresses to account names a.s.o However, I have no knowledge, if you can use attribute aliases to have both LDAP account "user/role" and "user" *share* the same userPassword attribute in the "user" account preferrly; or if you need to copy the userPassword from "user" to "user/role" now and then. To create the virtual mapping entries in LDAP (step 2) ), you should utilize a database of some sorts with scripts to automatically create / delete them. Then, your role user can login with: user/role user's password Dovecot logs should contain the passdb query of "user/role", then Dovecot logs would contain "role", because you map the account name. But using the pid of the Dovecot IMAP process, you should be able to still know, to whom a particular Dovecot session belogs to. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWfGMz3z1H7kL/d9rAQJQFgf/X14PuOr7mwxWJDpmBtaRs1+yBPO0zQob ttZ3A6AM/Z7bLrc3vf4A0K7C8Vq5eOcFLeJJzweZbxlwBbTr3LGeZ2UYp7Z2NOP+ P59uUrCMMWb7uG2d8kps5pubCV19wEt67w4r+b+43rke38W5o4fu8shx/Fj+/QPF RINqC4KonY4EpANKYnfaU9O5ArnPyg9FIBw8tq8RAgYBrim2NLHBHDEHtKpoCk5T O+k/oiwd93K1wtv6Os7Z+dR7h35v6LYCSoj1/jp+FjWIuuL+IgB9rxDvQRP+r6CD 6uIHXde+vtVIguCF15nw9rnb07NyQWx4U2PEpANVfIgf7sloVT9B4Q== =APAB -END PGP SIGNATURE-
Re: STAT command failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 23 Oct 2017, Andrew Charnley wrote: Regarding STAT which appears to have an issue with Dovecot:- [23:50:46] POP< +OK Dovecot ready. [23:50:46] POP> USER x [23:50:46] POP< +OK [23:50:46] POP> PASS [23:50:46] POP< +OK Logged in. [23:50:46] POP> STAT [23:50:46] POP< -ERR Unknown command: This response usually has the offending command behind the colon - at least in Dovecot v2.2 BTW: could you launch a secure connection, e.g. from the mail server telnet localhost 110 then type in the commands yourself: user x pass *** stat - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWe7PYHz1H7kL/d9rAQKI4Af7Bn/6d5UQnINGPMSdkQgNyy5h0cWHvsmQ U8guJnwtlEcLe0MdJD++vrM6jVeFBjgNqZrqD5Je9dei2GaNz8ti4iwr3WEi2k3I rkBjznX2Z2bIxpXIFjA3T4I0xSnJ7ohv3qhk1ixebpiNzi9MoA53OYre3r/ghsq8 px6L/vMpuyQ0hiztQKyMpNUBtCE4Y/epG0R5Qy5u1VqQY4giJvSWKWdT0dE4XTkZ MNUt+d+/RlGTFHc6iiw+mDCUEzOnwIhuTEd25TJhh5Gm/8FS4zu1ayqHoRiRE0gB uTE2C842BSEuN0yUVucWc35ZWra4yW59Ugf+9OYJbU5LjBwF4Bkrqw== =H1JT -END PGP SIGNATURE-
Re: quota only for oungoing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 20 Oct 2017, Aidar Kamalov wrote: Thank you! I disabled quota plugin and now if quota exceed I can't send any email, but I can receive new emails. Well, did you verified that your quota does change if a new message arrives? 2017-10-20 8:22 GMT+03:00 Steffen Kaiser : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Oct 2017, Aidar Kamalov wrote: Hello! I setup quota and quota warnings for my mail system(dovecot+exim). By I want to reject only outgoing messages if quota exceeded. Oh, how do you do that? Is it possible to congi dovecot to not reject incoming messages? I use dovecot-lda for mail delivery. If you remove the "quota" plugin from mail_plugins of the lda section, quota is not calculated anymore, I guess. So, I suppose, you need to give unlimited quota for service LDA. How do you configure the quota? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw== =dPdG -END PGP SIGNATURE- - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWemtHnz1H7kL/d9rAQKAMwgAiUsnMgUD4a6kATNFbwvx5fxM+4Vfj5jW 3X9vjjeJw6v1ixRV0Oqz/5kAi7Z4u/Q3jjjspiIhTIX8Dq0mJ7JkZ9PtZM8wol4i qWmYxmemmy87D8xRZt91u0JiZFHICAZt9L5R+ivjZt0b969coyN9NTofK+/5ydu5 3dm78Ni5DX9ed0FJw1XoZzDp6QC/w4L263KyU0H99i/hUR1z7tieP76q6m5N6jJr 0US2hMxG4TwRj6oBcIdGx8R967pA80OW6u0tdnW+IOfx/lg3gU6EnHWe0s/i8sxt 7zrjI0WusXB0wXPiyBZEMLYfnJJhuGetmQTAnqBSfCLjBh5ViJrf/g== =C5Jw -END PGP SIGNATURE-
Re: quota only for oungoing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Oct 2017, Aidar Kamalov wrote: Hello! I setup quota and quota warnings for my mail system(dovecot+exim). By I want to reject only outgoing messages if quota exceeded. Oh, how do you do that? Is it possible to congi dovecot to not reject incoming messages? I use dovecot-lda for mail delivery. If you remove the "quota" plugin from mail_plugins of the lda section, quota is not calculated anymore, I guess. So, I suppose, you need to give unlimited quota for service LDA. How do you configure the quota? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWemIE3z1H7kL/d9rAQLFDAf/VmEMBBYR2lCwrmNs08ReM/XTs0PjXMJo LVH9jKSVJi4PmLqHtiiz99OmmZUWxdTqhOeOGlgh0mCU37EVozRHI3IT+jjEp2mq lJlIG2PlpKns2xxWhLafmnwMnB2FE+B/a516BV1gKjzEagAIYElVc1So0ZrAy2As eYgLMQsatG/Kb3TE10UYVgsC0eN5ev2x89Z3qbKEzpMzMITrv/8x007cFMY8UcoI GWQ4mDrzYpxt4GZ9K1pipAK9DrcBwoClbgLHkHuXqoLeiO/TNWneBmRHSKiSrd0z wfK+C172XHA+E87+u+b+5LSWEzhKi13rK4E3fN9hsgaa5Cokayz9cw== =dPdG -END PGP SIGNATURE-
Re: Iteration for ldap userdb does not work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 19 Oct 2017, Holger A. Brinkhaus wrote: I have a working ldap authentification for dovecot (with ldap based userdb query) for my Active Directory but iterations by doveadm -A runs in timeout. I tried now for three days and get it not to work. Did you verified that ldapsearch runs through? Depending on the number of users AD times out easily by default in my experience. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWemF1Xz1H7kL/d9rAQIGbQf/a9opFEJnAOkPZI2gNmorTbCn7aaovHcK APg1MshnoUuQE2suHAQpLaEd0ZhiXfiaJoV/jGGj1qYmUshQA6OxgjWqvNHU6d9S OotsM/YgbdQAZwSQE41Qljr3S4dlpqIfTXcae9xgO4EKvIgMPToM2bvJEtjDj9v0 nW7EFSo9Nk2n0pK4Ey3dtZ7gh5zWMFJezQ06hAv7oR11foYYgkZWwShHCgFrRgo/ SAWrpvMVoBuxDvUuzLMGJsZoVlBtDadpfNC5vcIurg8Fo/e4WBdCPeSkuKDd+9vV phbeeQmSUb6t5C/wPtS+oS3x3DX2pKkzL8wo0SJy/Kaz3jvr4ca6yQ== =oHda -END PGP SIGNATURE-
Re: How to map email addresses to usernames?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 10 Oct 2017, Andreas Born wrote: For incoming mails via LMTP, my user_query from userdb is being executed with I think from https://wiki2.dovecot.org/UserDatabase you write user_query to accept any spellings of the user, I mean: b...@example.org => user-1 e...@example.org => user-1 t...@example.org => user-2 @catchall.org => user-3 user-1 => user-1 ^ no domain from passdb lookup Then have the extra field "user=" return the correct user string "user-1" along with its data. I'm sort of pretty sure, that I had such setup once ago. Currently, I let the MTA map all email addresses into the user name, your shown examples. I mean, you have to avoid a scenario like: passdb / userdb b...@example.org => use...@example.net use...@example.net => use...@example.net - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWd8VSHz1H7kL/d9rAQIYDAf/fJchwWIigPkDKfUl1L4v0JDERsNO0XiW qu6ubfTTneCd+RvAgXcnT0xDalv2eptN/8ZHkocw2KyfhZBOQZqbThQE4BjE8bA3 QQvegMtndz5rVgN/YpTEUaSw4r2wxzzSg1NZdQs8zXwRx1XrtpGUnO0qa6vGB7Sg Zq9zjWCXMUa5snF6D8oEbSdAQeNGAU9QaLloJXX9byzxC2BtRQv+EHv80ncayNfQ eTmSOX9DjsSTas7AnA9RZF6bCRR6ewsOVkoMAi0m8Nt/RJ3IyjvNlClLmCjkB4GO L6mstfdarQ51vIttbwJAi3hmWk5rUO66xEGjVBGNqDcKgR9fSBe4Tg== =8xoS -END PGP SIGNATURE-
Re: Connection closed reason
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 11 Oct 2017, Miloslav Hůla wrote: we have one user using the old Alpine client with IMAP. Time to time (3 times per day or 3 times per week) he get error: "MAIL FOLDER INBOX CLOSED DUE TO ACCESS ERROR" and he complains, that inbox stops to refresh with new emails. when I get this error, it's a network issue always or I restarted Dovecot. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWd8Qc3z1H7kL/d9rAQKcnQf/Wk6TUua3t0vvk6G8ogQzAL/D7R5Bijsq SM+YH71S2ZqGdibi0eh61xVaOmVWZe2WNS2j0Qp9YVI7gqvTRQJugVFK4snyLD76 EFLGpJ5nZQG9QavF9hkzE4AFX/+Sg24EZWBMkYgP6UoBNN4P0IfFgKIB2W+O97ef JVNqLiVsrHEREJhtsMPin+NFJW4dwmAIMWR0X7wt3F3T/VL6d+uZ2qVN9ADsnqlu IZhNGIDL3AixkTBTnvXIYCzN0Kib8Htf0Eokn7hwTalMPTPagSpWCQn+qmrumrSh C+X2P8Qx3QoUWIxdnc822ZTdw+4LSlwrRDxdHFljuI7lOpuKuDDSew== =Hbjp -END PGP SIGNATURE-
Re: Newbie question...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 11 Oct 2017, Michael Segel wrote: Is there an example of the namespaces settings? Nothing fancy, just the basics… Sort of https://wiki2.dovecot.org/Namespaces ? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWd8PxHz1H7kL/d9rAQIgHAgAyXrFyhO+jzv72XCVO9xDKvVPbBbC1Dpu oW6/e7mZVUTE9GkV0g+zKp7DdmuoZkS5AAQ8PjZT0ckzEDeB0WwF1RADrfGg2M+7 D2/SDsfwlrEbwt6W/9VT86msAPoERrawrTI0n3fjyBdhz0zQ1WunKoNPYJDlMj1g BkYAM+aWVEcSfrUJTf5AOXuEEdmO7puA47GcIIDlNexhiqs136pgPhVJ8L41wInD 2lLdBsG+v+xz50Lpk7zaNoKdOiYhD9cJAbqZi/xCVdSISDWPnMXXtUPX5+F7xn1K HelO4Q6/9wLxQcBiDyJyTOrm6PSAXbx29FHweoIvNhQhpR2E8JdN6w== =jWFq -END PGP SIGNATURE-
Re: Issue with imap folder structure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Oct 2017, absolutely_f...@libero.it wrote: I just migrated spool from another server (by copying filesystem, I use maildir), this is an example of mailbox's content: drwx-- 5 postfix postfix 11 Sep 29 09:27 .Drafts drwx-- 5 postfix postfix 9 Oct 4 10:18 .INBOX.Drafts drwx-- 5 postfix postfix 9 Oct 4 10:18 .INBOX.Sent drwx-- 5 postfix postfix 9 Oct 3 18:01 .INBOX.Trash drwx-- 5 postfix postfix 12 Sep 29 09:27 .Junk drwx-- 5 postfix postfix 8 Dec 9 2014 .Junk E-mail drwx-- 5 postfix postfix 10 Oct 4 12:27 .Sent drwx-- 5 postfix postfix 10 Oct 4 18:01 .Trash -rw--- 1 postfix postfix 96 Oct 3 18:01 subscriptions It seems I have duplicate folder (for example during webmail access, I use Roundcube). You did not explain, which folders are duplicate. Does "duplicate" mean, that they have the some content or just the same name? If copy one message into one folder, is it accessable through the other one? What is wrong with my setup? Well, you mean "Sent" and "INBOX.Sent", which latter is a mailbox named "Sent" as subfolder of INBOX, then they are not duplicates, but have the same name. Eventually, your mail client strips the leading "INBOX" for convience for the user. Possibly, you had mailbox prefix configured in your setup ago, which hid all mailboxes except "INBOX" and below. Perhaps you have entries in your subscriptions files, which are no longer available, because of the other setup. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWdX/3Hz1H7kL/d9rAQIwlQf+N29DnENf2hcXxBiYJdf+/rFpOtHPg5u0 ml7VhtQSBRYk85x0xR/x16FMTqXM/IHRsIjjHwPbFVJ4lHdDJ3LHI4jnLy39v9qX oWjtlWDB88r6/MifJDxkgZXxBbih4tyqI0MNQRObt7mjLSF2POwSU90QZdeFAgCO 3hSooauYMjKCDOfBJpPNa8Uhs1RKw+70YMcgdWKwRZqPgQu5NoudU/5StAFe3cAx Oj4YJSn3NQI7cNLdr6R8Kv2wUbOnPhGvEQcn9NfnpbIROb5pG6Wu2plFmWRNmG9V XeTwtAarIeOHHonW4LNfx4hFPOo2APrm/NcnqDYSFOh14hap3NFGkQ== =oXNE -END PGP SIGNATURE-
Re: Problems to configure IMAP Quota
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 8 Sep 2017, Jacques Belin wrote: 1) It seems that when we use the sql dict, a map contaning the patern "priv/quota/limit/messages" is mandatory. Not specifying it in dovecot-dict-sql.conf.ext issues an error. As we are interested only by the storage size and don't want to process the number of messages, how to get rid of it ? No, not that I know of. The value is calculated and storred. 2) We store the storage value in kilobytes. But the plugin seems to only accept storage in bytes, Is there any way to let know to dovecot that the value stored in the database is in kilobytes ? (of course, I tried to put "size/1024" in the value_field field of the map. It works, but generate a lot of error lines in the dovecot log as it create a syntaxly incorrect MySQL uodate request...) The plugin maintains an internal value in a dict. Don't change it and keep your hands off. If you need to access the current values from the DB, use a view, which transforms the internal value into what you need. The limits can be expressed in any way, have your userdb query calculate bytes from whatever value you have in the userdb. For: We manage a mail server using Dovecot under Debian. Since a long time, we run nightly a script permitting to display the storage usage of each user on the webmail, using internal calls. The usage on each mailbox is stored in a Mysql database. use doveadm to get the values and modify them. If the VIEW does not fit. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWbkvoHz1H7kL/d9rAQLQCQf/c11sxz+iDZM7K5Sj4aNb/jLwewXcijRX LsnOkqfH422Ranue3EA4zBROPHrkTd+82txYQ4NlmJc8QN2Fp+td5Ksz0Jz64X9O 41l8JBIQmQ45F9wA1X4Eu8pIAxJ841DTq5AeAVh5MNlTtcIc1svnLWxPVuqlxd1B Yt6XpkEHwoTJEt9G/kFKjzuuLLpJJn3r/y2O7BtdBbWRT5DGm5NafwxxRoUpWv94 jxcY7SlifFH7prvehUqnYU4cJiyzGMt+vetYOjM0IFhMbKSM3Y0cFuF/wNUFa/Vv +/jCciVmw0LLPlhKpBnVaF3HMV+lqoTgRYgA6nV0tlfLPh4SmEjGFA== =rqXt -END PGP SIGNATURE-
Re: concering dovecot logging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 11 Sep 2017, Rajesh M wrote: had a question concerning dovecot lda logging. deliver_log_format = From:<%f>-<%e> :: Subject:<%s> :: Status:<%$> :: MsgID:<%m> :: Size<%p> :: vSize<%w> am getting %e ie envelope sender as MAILER-DAEMON in the logs Sep 11 08:35:50 lda(n...@xxx.com): Info: sieve: From:- :: Subject: :: Status:> :: MsgID:<> :: Size<12497> :: vSize<12687> what could be the reason ? Well, what was the original envelope from if MAILER-DAEMON is wrong ? Was this message forwarded to nocforw...@y.com by a sieve script and not spooled? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWbktkXz1H7kL/d9rAQLECgf+Nwx+XaFxBIJfnoqN1xsjN1XD9GAkDHY0 qKexrii8DQYMx/VeyYfUuMzRIvI0nlvCtDKB6MSOWYFpPf/sKcppdNMHT1zs75HO HfOh8yLvAqePEfzBj5vaZ2R6qG4ZhjROtJhXt5hVfqcaGbsa5jcZ2gQ2Dnf4oaiZ AjBzVQrGddkGGjkB0ob3xP0UUfknMHAgvNFLM/iWHYRcJuOUYvDhzLIqAYcf+CLB UMJIZKfGJZAq44Xx6nKrv+uv/lg3LCiiC8dVdWRy1MVq4kx1p56arpyhtZqA3qoV FGynDQz3X+oReZW6LPz5YYT/1DEkhmQ/nA0bnXYlfxdLPbVtVgaBpA== =es33 -END PGP SIGNATURE-
Re: disable imap for ldap user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 9 Sep 2017, Markus Rosjat wrote: In general every user can use pop3 but only a few can use imap so what I want is: - permit pop3 by default - check if the attribute is 0 or 1 - depending on the result a user can login with imap protocol What's the name of the attribute? Maybe you can use %s in the the pass_filter string. If the name does not contain "imap", you need to change the logic, e.g. invent a general LDAP attribute deniedService and set deniedServer=imap Or AllowedService=imap allowedService=pop3 Or DeniedIMAP=1 Am 08.09.2017 um 17:59 schrieb Ralph Seichter: On 08.09.2017 17:11, Markus Rosjat wrote: I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol. So the question is what should I set in dovecot to get the same behaviour? You can configure 'pass_filter' to discount entries with your disable- flag. Affected users won't be able to authenticate with Dovecot, which I assume is what you are trying to achieve. -Ralph - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWbkpYHz1H7kL/d9rAQJ8kwgAo2PMSAmZ4fwld7Qw9Cw+2Htq42CbaRPK 8qtJTy61lF++VSGrsfy3ed4DGuaDrWM1IFo3/BifJusdjAgCxQqKQFV6J29HvyNa SCeF5BHTvgC4owMXt5HGrdIIU872oKI8vHCkmO3i8dwuWZTg5t+QO/iKLI3yGUa7 6D1pEqydGOU1KXYO/KxjHmYWvZ7Iv8Mt3eJ6yucC1xtxPVGRD+6gOZn12p3d/srb ZGYqXyaQ0UQXV+8skQTMCrr+YbNxjN6aSxZOIcDxLjCVeJrnBCe5KJaLp+MU35Z8 yiWmF+dVByX3RxzmPiuRLEoMpiTEOfr2jzSwzzdiTVt5ViGekIwZ6g== =rlq8 -END PGP SIGNATURE-
Re: password reset
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Sep 2017, @lbutlr wrote: I have a local user who cannot login because of a forgotten password, so I went to reset her password with sudo passed After you did so, where does the passwort *not* work? In Dovecot? doveadm auth cache flush if I try to change the password in the user's account (after su ) t requires the old password. even after sudo passwd? When I try to change the password with sudo, the timestamp on /etc/passwd gets updated but there is nothing logged to anything in /var/log/ Hmm, does the entry in /etc/passwd change, too? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWbJgwnz1H7kL/d9rAQKQIggAoqHCuDd/xtVu3fxJ37YAb/H6CsYQFOB+ FGgDM/V55YuvL03uRKd9f61W+rVK8g73iUt+0RpO+v2OExpFHNPAxrY2Wi5VxNXi tHyaPAfBV7HaBQxeNxjJHDj6ObFyIPROJEUs1FZbqr3YfpvzfXAp27iYZHREu0Jt crKzJSGKnTPcGY3OBG21U81xsvDRk3CctVZrzwpvHFkpqm6HuKEoMSIoQS6rNtJ/ RdQAWCpylB4XvTcZsNAq5S4o0g+/5OiM/nw+uEcFnOL54fhcSxl4GHCK/CdSmD6g PjR/8EayZ5fZZeTtVJcfudsSmYwtJvgrjsEaZrgWHzGkFGl7N/O4IA== =xZFe -END PGP SIGNATURE-
Re: transition from 1.x to 2? What did I break?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 2 Sep 2017, Paul Beard wrote: It’s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I’m not sure what needs to be done to fix it. Did you tested, if SSL works at all? https://wiki2.dovecot.org/SSL/DovecotConfiguration - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWa5hZ3z1H7kL/d9rAQJ8vwgAhggJ7RGa3XQkTXpBQBAgDTQT6hjfZard OGjyJW276tUh2cXlZDP8PQpwAO/jKf5IdKyfCjT8X8bUPkjkSfRLJLiY1hlp0/EK TorRjcAczvHmfKXIziuIe482CRTq1tMjKcjZz9KzTT8JisaAaClwlHSN+o5jdU4F r9P3kzIoatTiPGsRF5WAAZZ3/keVgeabRaB1wL8nfmUnGzrX7GuxHbWSOy75sT26 /z5Rphr+KO4WYeyAdxx+xmR3p7n4mcYkzgE4LZDYYLxw2t1gGGBB7m9fu3BoytNh 8MyehqjLtu3lK3tiOwlJfBpiFLF5+5DzFUfPdU3UeHICadFj61QQoA== =f01n -END PGP SIGNATURE-
Re: can't get quota working. I use static userdb driver.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 1 Sep 2017, Вадим Бажов wrote: plugin { quota = maildir:"User quota" quota_rule = *:storage=10M quota_rule3 = INBOX.Trash:storage=+10%% ^^ this should spell quota_rule2 but is not the issue right now quota_exceeded_message = "552 5.2.2 Mailbox is full" } doveconf -n is attached. # doveadm quota get Quota name TypeValue Limit % "User quota" STORAGE 0 10240 0 "User quota" MESSAGE 0 - # doveadm quota get -u vadim Quota name TypeValue Limit % "User quota" STORAGE 0 10240 0 "User quota" MESSAGE 0 - This looks like the userdb is setting the correct data, because the number matches your config. Try doveadm quota recalc -u vadim if you get sensible current values or errors. I think problem is that dovecot can't (re)calculate the actual quota on disc (cant calculate how disk space mailbox is used), despite the fact that quota limit itself is configured correctly, since dovecot shows it in log and doveconf -n. If vadim got flooded with messages, the question is, why storage's value is "0". It might be wrong, but not 0. How do you deliver the messages? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWa5gH3z1H7kL/d9rAQJ7VggArquitNsVYlxw/d3Qwrz4i/g9lL26lRrL aJ6W3CLExaJ7pBJ4X7Clt5jokbiF7BLLgqHsM3i+DW5L/HSkgBPB0mFhf/g/gmYs SO8csYcxjSNjKAXrfYKZhywZ7QELzBIgPtcGkzDzS0LPRumGz6bKsmm4SNN5pbOF yjujYC3HUhSN79L+XhvpO52h7ukk1ST1+5u68dUk9KbpzRr4jWKFZqz0Ey6NiazP sb/qKt0sCiinPkk/G9gOuIgh1r/M0kirLDf0GI04Vj8v3j6HD6+NG63dRAoEpCJ/ TaNOzQCHp6AzmvRcH0I8N+E0seoVU3AF7NabBGZxFZ5AmWrk8oYKcw== =wLq2 -END PGP SIGNATURE-
Re: user data transfer when migrating to new server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Aug 2017, voy...@sbt.net.au wrote: I;m setting up new server, what are the options for transferring user's mail ? do you change the mail storage backend? If not, rsync all the mailbox 1:1 to the new server, including all auxiliary file of Dovecot. I've tried imapsync, that seems to work well, but, what options do I have for doing accounts or domains where I don't know user's password ? last time I've done, some users had lengthy period of re downloading 'old' mails from new server, is there a way to overcome this ? Prevent the login to the old server while the files are copied to the new server. If you use POP, ensure you have the same UID format. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZ0dMHz1H7kL/d9rAQLwhgf/eUpf8C4fVPQBrcQ97hVLqvvX3A2/xLHC UPfHCCIVZW9oMVjyqE8hCLIxknxpRywwEps4VVlvYzn5CQV2/4883Y9O4WzltyBN WtowDknEZng68d2+yJs8pe5r0VgH2KCvGh0M0Y7tuSCm51ljM+vVBSPsP6TO5AFH oRTymjufbfAy7yofMk8qrUX43gmhzh1VtFIFYALQ2m4eW07eMLc+3zwD4TZMH7HB MFVT9sL8IWfJ1erp9xckqs5zXs3tamJqQjYoVXNwPMVY4j1tWiHJoyhK103AeGnV B90jMwc0tRoytKTq7cdHjAC29nOmnGBPIeDxI1wGvqJYEZcbAyh65A== =QGnw -END PGP SIGNATURE-
Re: store into mailbox 'Junk' aborted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 22 Aug 2017, kenneth topp wrote: Aug 21 19:43:59 lmtp(toppk): Debug: $MAILDIR/Junk: Mailbox opened because: lib-lda delivery sieve: info: started log at Aug 21 19:43:59. error: msgid=: failed to store into mailbox '$MAILDIR/Junk': Mailbox doesn't exist: $MAILDIR/Junk. What is $MAILDIR and where do you use it? $MAILDIR is /home/toppk/mail (for clarity, it was printing $MAILDIR) Another thing I need to be clear on. This sieve moves are working 99% of the time, just once in a while it fails. Are you sure? if header :matches "Subject" "*junktest*" { fileinto "Junk"; ^^ No $MAILDIR } #if header :matches "Subject" ["*money*","*Viagra*","Cialis"] { #fileinto "Junk"; ^^ Neither #} if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; ^^ No $MAILDIR } if header :comparator "i;octet" :contains "X-Spam-Flag" "YES" { fileinto "$MAILDIR/Junk"; ^^ Why here?? copy the fileinto of the other rules. } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZwzgXz1H7kL/d9rAQK5TQgAkT7OcnKJv6b8BtF1OcuV8HHDjXX8Vh9a WUJud3cC2gR2jewmTzQn+RuOLuHQp5+NQO7jFunTdK63Kls6l3bT8QkyYmv/DleG 9kFIZ4PEzS5wqfvE2GPIaVqwu6GwCxpFCc65GTqQ6GzNzl53zAdHRkbyJkK0SPOa bAKv8RFWF0PQd9e5ZvQquj/keOlayl/fH8lcNMY/PcdF0ilQJRyKkuFd25XJ5k4U LvJjq8vGQBGQkrM76TRBmU5nWk4NxFY9un5v41TVU9Rp2YIMadvoUJrcELOQG90D mgIK9KxOgeDQirL7ESGIKFeGDBoTQQudWE60Vv+euTohPeCLUHZ8UQ== =YUpK -END PGP SIGNATURE-
Re: pop 110/995, imap 143/993 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 21 Aug 2017, voy...@sbt.net.au wrote: 1. I've set the server with self issued cert, and both pop/imap StartTLS/110/143 SSL/993/995 (apologies if I'm using wrong naming terminology) That's fine. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZp0pnz1H7kL/d9rAQIHfgf+Jj+y5Tm2h+13bI3qdsMTo5Yih6fCJlUl pK5Gunj1o4TNKVDQFq4xa0GUTs5G9+uWyfCiOyIwe8GH6auMxmOKqGTScwjdjRxg FVbmzxrLEB1XLoSCVpnuyoCIDZHTBJNdLBWvABBSnSDGV9ZusDvb0/5TzaEoFhlE kLrSj+wGiBMGlAaYoVAECy0oIakzCvV6InSk/c3A09RlwKUxypCdUqYXM01Eba1j EavikirKdL1YYMe7tXhsuomiA4gk9wSpDTzHhQgvZyTrESsrnFgm2rI+6Hnir8Iz cT8C9evkLQVYj8gNqXiTYadj2rutG5G9lotvMlQLcnobpFynvRf7hw== =T5a0 -END PGP SIGNATURE-
Re: ot: self certified enduser browser/mail client install?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 21 Aug 2017, voy...@sbt.net.au wrote: in order for end user to avoid webmail warnings or email client warnings, do I make this file /etc/pki/dovecot/certs/dovecot.pem available to users say under httpd://webhost/tld/certificate/dovecot.pem Most likely yes. It should work regardless if the cert is self-signed or not. However, you could try to find the upper-most cert by running openssl x509 -in /etc/pki/dovecot/certs/dovecot.pem -noout -text|less Check out the Issuer and Subject near the top of the outout: Signature Algorithm: sha256WithRSAEncryption Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=dovecot.example.com/emailAddress=m...@example.com Validity Not Before: Aug 21 05:36:49 2017 GMT Not After : Aug 21 05:36:49 2018 GMT Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=dovecot.example.com/emailAddress=m...@example.com If both are the same, it's the correct one. Then you really have a self-signed certificate. Otherwise hunt for the "issuer" cert and hand that your users. That would be your CA cert. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZp0Tnz1H7kL/d9rAQJcIQf/ZwxUQPbiTEyQyPfyE+Xk/4AVrvgV7C3s lBqeIfNT54UDlu8p7kzNRau1Kmt+nTwQWsLYBY5hlZmZ51RI0p1UbnKufNT3MBAZ hOS0QdSvC6ZU2MzQb0tXRAIEP/dCWu1HlQSi/ov9Fp4UlYg5DsnQee9xwWucyIZb a5nBKonHvaTJpj3YHYKVZojx215uFOFzOJ928khof7KwEqXmTEmTQ+bdLtTHVFWr JSIdez3j1lUOpAmAgG05tAgGfwdArfx3DpVY8tIAEj5rRpZ4nfEM/lvPDndrzP0I ovWb7FQDJrnv7t8YO8u3AxUQYUC/lHYtMzq4s9Dgm2LFEC3z9rbOoA== =6qb8 -END PGP SIGNATURE-
Re: is a self signed certificate always invalid the first time?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 18 Aug 2017, voy...@sbt.net.au wrote: BUT, for a public web server where https is becoming mandatory, I'd still need a certificate from a recognized publisher, to avoid users geting 'warnings', is that so ? As Michael wrote already, it's the same vor all SSL certificates, because the underlying mechanism is the same. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZakenz1H7kL/d9rAQLV7ggAqgiz+7ttcsu4/JAHExarvu+aovhNk+Lp OqzdlME8tSnEzKUfeHmkgXR2AMAOiET4HvsU0HWsm9zwyZ24Lgxo+mJ2lN6317H2 /nlNuQDImgDB8BLTarUpucVpp7R2ppXeuy+8TPyAmagZo6kR8okkFHoMzQSDHleG gPjoBDVHq0FH6WYq25u2ts7l6L+FKEinX5T/b2hcIqnTgM129E/ak1gYZWmQm9+S bM29aHNnpV/B8uPhACXruTV3DFWW2s9wIgopgHKA0XH4g7p3DYeiXFUTyZ+e9kNN oabc56sQSd4QASpEBjsOPd8Sx3pZtiXzxZnb3yLIhjyCilwNLZA8xw== =Phs1 -END PGP SIGNATURE-
Re: Can't recursively delete mailboxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Aug 2017, Murray T. | Dreamscape wrote: This appears to be some sort of dovecot bug. When I use the -r option to recursively delete a mailbox and sub-folders, it removes the sub-folders but not the inbox. It gives me the error below: doveadm mailbox delete -u den...@lifelinetechnique.com.au -r -s inbox doveadm(den...@lifelinetechnique.com.au): Error: Can't delete mailbox inbox: INBOX can't be deleted. Our user database is in ldap and I am using dovecot-ee v2:2.2.31.2-1. Could you please acknowledge that this is a bug or let me know the correct way of recursively deleting a mailbox as there is nothing in the man page about the -r option. It's on purpose: if (mailbox_is_any_inbox(box)) { /* IMAP protocol allows this, but I think it's safer to not allow it. */ mailbox_free(&box); client_send_tagline(cmd, "NO INBOX can't be deleted."); return TRUE; } Why do you want to delete the INBOX of the user? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZVFPXz1H7kL/d9rAQIs2wf/X2l5XvHLit36SV9ZwEp6xXccfEv4W+92 nelVf0hk9pSAB5Ai2OkjnTyEMWdCB5hOsoz7saNazjTK6IXd/0C2mIRgZvkUVSXT tEYIf7rd+IAVYSwzmYKxYagcmf36lwzzqMx8PR5bC4w5n9XvyrO6VNVdULvFu8G1 7jzdBWDcSeLocgQj+V5VtVjOnSqyD3jsRZ1uUW7vLeeJPm97DDtAuIzKs39TfvHt tNBGRje0kGIs2jjdsE9CIDNG053LaLb6bz2BnCBPsRL39uE/L6++I/IF9Gk8nTTk 4skKAWdZTfinQh0w2zaFR2KiBLN5cdJtI4MpN51uIxKH+zKdHaAhpw== =MhpO -END PGP SIGNATURE-
Re: Failback mailboxes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Aug 2017, Matt Bryant wrote: hmm if message cannot be written to disk surely it remains on mda queue as not delviered and does not just disappear ? or am i reading this wrong ?! as Matt writes your MDA (aka dovecot-lda) returns with an exit code != 0 and your MTA should queue the message for later re-delivery. IMHO, you should look there, if you call dovecot-lda correctly. Dag Nygren <mailto:d...@newtech.fi> 16 August 2017 at 7:14 am Thanks for all the advice on how to configure systemd not to loose my emails after every update. Much appreciated. But there could be other reasons for the mailboxes not being writable and what I am really asking for is for dovecot-lda not to loose the incoming emails into thin air in these cases. Could we have some kind of collective place/places where they would be saved in this case and then reintroduced into the system after the problem is fixed? One file for example? Best Dag Dag Nygren <mailto:d...@newtech.fi> 14 August 2017 at 4:24 pm Hi! Have been using Fedora as my dovecot server for some time and am struggling with systemd at every update. Fedora insists on setting ProtectSystem=full in both dovecot.service and postfix.service at every update of the packages. This makes my mailstore which is in /usr/local/var/mail Read-only. And this makes the incoming emails delivered through dovecot-lda disappear into /dev/null until I notice the problem and we lose incoming emails. My question is: Is there any way to set up a failback mailstore for these occasions? PS! I really hate systemd - Destroys the UNIX way of doing things with a heavy axe Best Dag - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZPZYXz1H7kL/d9rAQK/Fwf/TH+njNQhkcnL/Yf8hldhurycZDAmhHH9 VuGrSGpjPFHydEXvYisviWoePyW7SeAYuOo3a5AqAN3ixi+zUhWcL8SUfSEc8P7b QknOwGKyv8zhhi79FJCvE2Ko9j3WqXYZbzTfuz3xWupthl7nEwJWjppZh3Ldz9Xx AkeWp+8qN2I4iBt+rkWZV1mAt9Ae7MGzsy3B/wyeQquJroThzgCGsD3dJEGuo9xB Wk9o8O8VOQhkcpGPFwSPQ39RgbfjRB4RUd19ReeEO4v5iwLQ0EF1eGrz2NAyExN1 dRwx7RYxmnRRGjiBLyP0jYVNY+kWwvuU+/fc/IxPrSW3z/IlhieJ6w== =nfFm -END PGP SIGNATURE-
Re: Question about mail_location
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Aug 2017, Laura Steynes wrote: In using mysql, in the configuration file we need to specify, in the user query, '/path/ as home, yet but in dovecot.conf, we also are setting mail_location, the same thing is it not, so unless I've missed something, do we still need to use the path as home in the user query? Do we only need set that if it differs from mail_location? I can interprete your question in several ways, depending on what you are looking for: https://wiki2.dovecot.org/VirtualUsers/Home - -> yes, you need a home *and* a separate mail directory for each user Dovecot can derive the mail_location from home (using ~ or $h), but not the other way round. Hence, you need to configure a home directory. Do this als default in the userdb section or let it return by the userdb. You need not configure Mail_location in Dovecot's conf files, if you always return home and mail directory from your userdb. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWZPaxHz1H7kL/d9rAQJQOAf/dDvfjF7pTlLY1tMhwIbPH9JotbAyGWYS uz+4uE9aISn9+MU6NxIKypuLEQtBqAX1les+XGcgtDgjA7NBqLzIPAlFU7G041Qi 99FIhMWXg39MCLKjWRsHuD8Mm4t4Rj8+wY7xAS2l/BuFxcNVskwShRrJgvU9Xovw xAUHMRyx5htZjnzBbO2QVQZ5vQVKitqlJwdlwDk+3RFcM/eEQmBZi9/dlwUBJlAi JdlNqu3zZfDqJ5EKmpscb4A56dxeKlXfuZdv9b72/CHEs892CXnlrXp5fkxOmESJ 1ADNU+KYAGyUz6CMxoh1pTsNRImtXbPbPhiv70SyI/PQPl57iYz/+Q== =Fkkm -END PGP SIGNATURE-
pre-installed CA (was: is a self signed certificate always invalid the first time?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just my humble opinion: We had ran a self-signed CA several years. I would claim, that in theory this is more secure than using pre-installed third party CAs. Using a self-signed cert per server might do for small numers as well. However, when it comes to user divergence (or users coming from a wide range of knowledge and a wide range of devices come into play), roll your own is nightmare of support. As stated by others, some clients (Web browser, systems, mail clients, ...) make it hard to install own certs, Android even claims that the network (all of it from the interpretation of users) becomes insecure, once you install your own root cert. It looks like that more and more clients warns *each* time you access a server with a self-signed cert. In the end, the gain of security (identify servers) was torpedoed by support and lack of understanding *and* will, even including poeple one might think they understand the need of extra steps in favour of security. IMHO, the cert hierarchie today exclude eavesdropping by normal attackers, but is not suitable to identify servers or clients, because you (aka I) cannot trust the pre-installed trusted CAs. If your set of users and devices is small enough, you can prepare all devices or offer an installation packet (for home users with a fixed set of clients), roll your own CA is easy and I would go this way. Alas, clients *should* mark personally trusted CAs differently than vendor-trusted ones. So users can see, if they speak with the correct server or if the server just looks alike, e.g. example.com vs. exampel.com . - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWY1RBHz1H7kL/d9rAQJQdAf/WgD+230Fon0rlXHeTsaQ2fZnn55yA+Eb 6K8RxEJ3y1EK6kgVAlAICxU92ft8smjQZGUU4vhWv/fLnXUErSaptOnXu3Nk7io2 5LqEwv+jmcLWthqxkSY2NJw3kzaNTYLcuQ8cXAVHuzwQlJO4x0MAq1WR4kVQtQh6 cP/EinFxhWjyqQElSJ7ph3EYR/UJVTx1HVFS6bBiA+vY9s07EH64SRomOSwVC3ng ryQZrwc2+5u+9hFfOnuGnBqj76szjhqPpa2PV7fQx8cFuJpJrctVxT+zbLf2sJpF 2XDzygpEiEbQuMe1st6ugOey9N+pdRWstsouVBbUAZ3L5PckmUYYVQ== =X902 -END PGP SIGNATURE-
Re: pam auth problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 3 Aug 2017, Randy Bush wrote: # cat /etc/pam.d/dovecot passdb { driver = pam # args = failure_show_msg=yes # args = max_requests=12 args = %s } this info belongs into Dovecot's conf files, not into /etc/pam.d. and /etc/pam.d/{imap,pop3} were untouched; both as follows # # $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $ # # PAM configuration for the "pop3" service # # auth #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass # account #accountrequiredpam_nologin.so account requiredpam_unix.so copy or link /etc/pam.d/imap do /etc/pam.d/dovecot - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWYMlw3z1H7kL/d9rAQLrCQgAyDJmgni9kmFa5833CedRV1aeA+JsUAjJ IzRuDFXCsi+uEJfOdL8ZxlIXdnTPmvVSGHzx+iDNLId0y4VsJYDuby4d8LkKu7Be MkOp+H6Ii1Qsx60Us9D9S8wcMwpdv0gG/4GrxuxCFC4CZUth/gF2yMmI9FxDa3f6 jQbJDOHVcs3mMtByxICRwWH8TT05hhDQ6duMNlTldULfhVoym1VTQOx0AivJYHOv gnaozfnDlp2HTIz5VBIH3sob7ZSJde01KW2gpfz6O3aMhZSmAPhe6tr4xOMBMWUT 8n6t/CH0G0U4K/5yRw/DE+9CCAs4/A/YNsVKzEG0Art7kfwRSi7HPw== =3p5l -END PGP SIGNATURE-
Re: pam auth problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 3 Aug 2017, Randy Bush wrote: Date: Thu, 03 Aug 2017 22:08:22 +0900 From: Randy Bush To: Remko Lodder Cc: Christian Kivalo , dovecot@dovecot.org Subject: Re: pam auth problem auth: in openpam_parse_chain(): /etc/pam.d/dovecot(1): missing or invalid facility I do not think that it has something to do with the dovecot settings itself but perhaps with the pam facility settings instead? i can believe that. any clues to debug? do you have a /etc/pam.d/dovecot file, does it define all necessary settings? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWYMiAHz1H7kL/d9rAQLmcAgArM/RKrUk2g3MUWN7O51VZ4wIBXL0aIwh EqyG7Tj7CnWPWu+sZY64omu6beoD6WC3ThfRkY2uAWEP9MKGU6Nt9W6vZSsLdDeH cegMSHnfW19YZefiIhlYMZJHC7pyn2sEslS3iTkDNjja6FSoVbW/Qr+SUri9Gd5h rHF/DOUtLbLugrQymWe2KO2pJaL+WZvwhd4FP66pOlr+njEkxRfNjCQQx6L9kM7m Muq4beU9WvHFB6cXYxv1bGyxvLU1Y02YaAFVQAiKRVicNfBXo7RLXj1duQADtWqK 1tB60TVAFhREKR5Mu0tq3xRYuwYQc0tNVbuP1KrjfOTtJ9NLpeDE+g== =9LWc -END PGP SIGNATURE-
Re: result of uid sort by subject
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Aug 2017, TACHIBANA Masashi wrote: Result of uid sort by subject is not expected. for example: Japanese => English => Japanese => English you don't mean those 4 words, but phrases in these languages, right? I'm now using Dovecot 2.2.31. command example: HNKK6 UID SORT (REVERSE SUBJECT) utf-7 ALL * SORT 3 1 7 2 4 10 11 8 12 HNKK6 OK Sort completed (0.002 + 0.041 + 0.001 secs). Any hint? If this is a subject sort, shouldn't you post the subjects that have been mis-sorted? Did you verified sorting here: http://demo.icu-project.org/icu-bin/locexp?_=en_US&d_=en&x=col - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWYFtVHz1H7kL/d9rAQIAngf/UJRusy2fEVYCokLGHcC9XJ9M1griutr9 ZNNfJqikfBESWaYJQ2Kp3UjxvM4CB7x8OwYr/s3FFt3Git6n+B4WqjR/JeCLunrQ xjh0pwhvXQYxYqWZFtTLSxxLaciUylEE+fxyG6qfjvRefy98qdPoZ2/ebPb2JpXJ TzwMl8B0Q5HZZu87gEM+fHNdec0AKt3YHIQY2yCsFxdoXckGJYI0nVVkfPtiPZNQ t+k5cmXlEwd2hFhJcdw4t0DGd6YN5q7zSZZXww56iOh+dQSvST4JMQx7S+OXv72Z dp+tWQHkJ99819j7M5KciqpeHxEZ/SCw9yI3FKwekTbXtso/xGL90w== =vzLy -END PGP SIGNATURE-
Re: Corrupt index files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 31 Jul 2017, Bruce Guenter wrote: On Mon, Jul 24, 2017 at 07:56:23PM +0300, Aki Tuomi wrote: Well, dovecot does not really guarantee access concurrency safety if you access indexes using more than one instance of dovecot at the same time. Pardon my ignorance, but how does Dovecot handle when an IMAP client connects multiple times concurrently? Does it not launch multiple instances? Aki means that multiple physically instances of Dovecot may access the index files not cleanly. If there is one instance only and you connect to this single instance multiple times, there is no problem. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWYAfa3z1H7kL/d9rAQJ9TggAs8JIB1o8QvYdoTdAGLfxhdjXhvpiX9Pc 9vbRUl5Ha21ZYPL4iZ9zdaf+ftaj2SYcXEWORCSy5hTl85rw5TMKtr2uJd9c8H8C O/7T7jGRJ/2LFSeiHFbyFYyZTgtpC5QNbwtAnMp0SAwN51NYcYBfcM+TJHzbAcmA SCvDO8DbQPer82RJ2h9dXp3TTFYnYFeVOmgEjTEFiyMi69w07cKXKsJCxu+jLPE7 E8ZpRCS68xiCZriGpuoqDfpNBD21wBYxiEaaE9HEK4ZIhDx812Xgu5ORj5zxy/MR cTEKDcgLAtWb/EoLLDLP47Mtw6NQiB7nDZLUVyhvBRLzNl8RzIUh/A== =kx9f -END PGP SIGNATURE-
Re: failed to store into mailbox 'INBOX/Junk': Permission denied
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 25 Jul 2017, Davide Marchi wrote: I add a clarification: Now that I've commented out sieve Junk/Trash on "/etc/dovecot/conf.d/15-mailboxes.conf" mailbox Junk { special_use = \Junk } mailbox Trash { special_use = \Trash } remains a single account with permission issues, only one with write permissions controlled by the ACL plugin: ? plugin { acl = vfile:/etc/dovecot/dovecot-acl sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve-after sieve_dir = ~/sieve } Does INBOX/Junk already exists? What's in your ACL file? What does these commands return? doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX doveadm acl debug -u i...@hotelsangiorgioriccione.com INBOX/Junk - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWXgyS3z1H7kL/d9rAQLy8gf/a8DiNHGxlxN4SLJGJHdgJ3J0sAfsanXF jGQ6/0MCpgOTtZFE2n/8DK5Qzdqoo2eoCfGxw0VwexEmEJ7ksbaQ/I3qWpX0lZWi IpHT05V7ytE81n2icdZbHs6D73MIAwPZQIH1QSiSR53QQd0FJ/zv1E7KRiap/Esd hWHgvTvw9HfkqjYXYu/9Qzq4oq7m1jsP0mTxAvrCqCyq+0TDzCwZ0OqYFtEwS99R qLjsIVBzUhu24tln/Yfv1s/vH3cE1B8/g86/TDGW40Tjiu+ajfLo+Oy4e7pChD2x C3vPsFowal5Lyl4BtrkRfIuyz7xX8nGk+KyTY0f6j7/T2idWZFH4jA== =YhL3 -END PGP SIGNATURE-
Re: Return extra fields from passwd userdb
ues, if the userdb does not return them. Hence, you cannot reference a LDAP result. 2) the userdb section cannot merge two databases together. You said "Users who use mail are in LDAP db", so you would one userdb with driver ldap. - -- Steffen Kaiser H Bonn-Rhein-Sieg | e-mail: steffen.kai...@h-brs.de FB Informatik | room : C179 Grantham-Allee 20 | phone : +49 2241/865-203 53757 Sankt Augustin | Germany - Deutschland | fax : +49 2241/865-8203 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWXB4Q3Q8rp7BXVwTAQLBtgf/UeNwRnHz4y+5r71+Ni9oL1snzikq08rO zr9v+7kc6XZjPjATEcbrdnp6F+zPgiTtEye2k/1aQhjDdAxzAWKGOATeAfA7AJfw 5bbmtfzOm7flkpfiiM2zBBbcwAPemLcdzMl6NAm3pg32oCnF93IkKPou/y7xjmdw UAi4SxPaPQjUGqbkK6r3SFmDMPlUPAjQg2rqHBsc3gedJXy+milEKfwUiQhMtL7j aflHATo4gwwMDwyu6+zAYzJDTa+g9IQ8LzKEOPZWtNL6eQcI+h8TVrdcZftObZUK QETOnpN3IbFdIOfdrOlZ4Npe4BNby+dUGNViBP21ZNs9/nH0nvirOw== =yLbr -END PGP SIGNATURE-
Re: Return extra fields from passwd userdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 7 Jul 2017, Michele Petrella wrote: Output of dovecot -n: # 2.2.29.1 (e0b76e3): /var/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.18 (29cc74d) # OS: Linux 3.10.55-gentoo i686 SuSE Linux 7.1 (i386) userdb { default_fields = quota_rule=*:bytes=%$ driver = passwd } I have problems in return extra fields from passwd userdb. My users are partially in passwd files and partially in LDAP. Users who use mail are in LDAP db. If I use "default_fields = quota_rule=*:bytes=100M" in userdb, if I use "default_fields = quota_rule=*:bytes=%{userdb:quotabytes}" in userdb, 1) default_fields supplies default values, if the userdb does not return them. Hence, you cannot reference a LDAP result. 2) the userdb section cannot merge two databases together. You said "Users who use mail are in LDAP db", so you would one userdb with driver ldap. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWWNARHz1H7kL/d9rAQJVAAf+KNHBAcZZgpc8q3AAnDOPj43xtbGzF3/E FSsuGJkswVVmkwckrmOQkehFS0M3PthvHcr9UmCutvw5Wzk9F0E6cm+V4z/Iu4g/ YmbHVt6dKiydn7yG7NpW7rf5j/ae2SB+uEvkvEXewr/XGuFNuCMcLSa9VpK7eAp5 mp0+/oJIh7aTU1+SKcKJQVr+kGHuzDVXAGyXupekF070slAWfm4Y7fpp6Ui8rTxO TTsGoZyi6ieWX6Vl729Io+xxCIbz6qtUpSkByJP389zA09HSt9EOUZlQaZJ32J6o sCC+JPxnuKMKCr4UlxGDT+JqXEHv8rZCf+QGLJ+U4e1y2oTTGkmUMw== =Av+G -END PGP SIGNATURE-
Re: Which allowed services can be defined (imap, pop3, etc.)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 8 Jun 2017, Malte Schmidt wrote: On 06/06/2017 03:18 PM, Steffen Kaiser wrote: (!(service=%s)) or better name this attribute deniedService Thanks, this is quite helpful already. Regarding the other question about all the services that can be used there, I tried to grep the source code for certain keywords but could not really find anything useful with "service", "services" and some service names (e. g. "imap", "smtp", "pop"). I guess, there is no complete list, because it will grow. Furthermore: https://wiki.dovecot.org/Design/AuthProtocol?highlight=(service) Everybody can use the Dovecot Auth service with self-created service names. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWTjoxHz1H7kL/d9rAQIHwgf/ZwTaYzjkX4e/5nJklgIY4eQT7GOaU3Z0 KdL1TKDQPmaO1w+BILPU8svbjdBQI/eGREzs5SsBUodIsABOeMo4vLp7qooU7/K5 kEgqwqzjIbe55bRKQW5DjcU4s2qW7n2uLVom1yerN7Yvdb5jJPoZrc1tUP1fDC/B idQoelX3nh/JZR4BMRnTbuF29PShLD2YIQWCj6IlLNX8uBRYVARbuuzpnx4VcA2v OVoG05iSqKsjh401hNkXFbF6QH5JRVJS8IkXF2T71EwGdCGuM3lqep3xCkn1Qdqi IVAnA8PYpJN8xMu6WrVFAoPMTrirqmtpUv82+4sGxf5HGAHF5ZNMRg== =YsHu -END PGP SIGNATURE-
Re: Which allowed services can be defined (imap, pop3, etc.)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Jun 2017, Malte Schmidt wrote: pass_filter = (&(objectClass=posixAccount)(uid=%u)(service=%s)) Thats pretty cool. Now, in the LDAP-settings I created corresponding fields (service) and added the allowed services to tthese fields (imap, pop3, etc.). After that change, certain services were not available to that user anymore. So it seems that more services are there and after explicitly setting the services which are allowed, the other, not mentioned services stop to work. Is it possible to "flip" that setting so its not allowing certain services but denying the ones that are added to the "service"-fields? (!(service=%s)) or better name this attribute deniedService - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWTarunz1H7kL/d9rAQJS8gf8CMBPSi99lYOKNQMou/pxXvVAwmJg74Qt rNjHAK3w8G3NoIlSReSYdBURtL6vN6z3iY2cmY7XYFuV5cz/SK2itVIYF20KvhaS R8I4m2AP087AQeC1AAAyErca5fiC9fzKLg3VRugTs/lCiZ0YQnp/d5LvJ5B5XxAW 8j7L76roTOj2o6YM6n1AfyGoYH6sRE2cMwZmEknteZO6rxMYJFqYv503fGEnKXz1 gKp7J5Ug25TEJLHIMNwEj3EZcJ33us75TZ7GTZB3CrEotvzaPzZVQKIvBmDEx3PO lwKB45X5L4lZil9BSWMtrO7nGb+OxL3/IcbolYBZ3KawjD5W7JYHDQ== =agQv -END PGP SIGNATURE-
Re: Two domains - same user names filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 6 Jun 2017, Sandbox wrote: Its weird, when i sat up (&(uid=%n)(mail=*@%{domain1.com})) as user_filter: ^^ https://wiki2.dovecot.org/Variables?highlight=%28domain%29 The variable is named domain. auth: Debug: auth client connected (pid=14697) auth: Debug: client in: AUTH1 PLAIN service=imapsecured session=3Ej8PkdRAgDAqAG3lip=192.168.34.10 rip=192.168.34.18 lport=143 rport=59394 auth: Debug: client passdb out: CONT1 auth: Debug: client in: CONT auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): pass search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid,userPassword auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword=; uid,userPassword unused auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword= auth: Debug: client passdb out: OK 1 user=testuser1 %n=testuser1 auth: Debug: master in: REQUEST 3018063873 14697 1 3f04b57a81e1750e279d4dfec2e35414session_pid=14699 request_auth_token auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): user search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(&(uid=testuser 1)(mail=*@domain1.com})) fields=uid ^^^ auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): no fields returned by the server auth: Info: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): unknown user auth: Debug: master userdb out: NOTFOUND3018063873 imap-login: Info: Internal login failure (pid=14697 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=192.168.34.18, lip=192.168.34.10, mpid=14699, TLS, session=<3Ej8PkdRAgDAqAG3> As I understand the filter should give back this result: "testuser1" when the mail record is *@domain1.com. and when i sat up the "old" method (uid=%n) auth: Debug: auth client connected (pid=14739) auth: Debug: client in: AUTH1 PLAIN service=imapsecured session=6v9kQkdREADAqAG3lip=192.168.34.10 rip=192.168.34.18 lport=143 rport=59408 auth: Debug: client passdb out: CONT1 auth: Debug: client in: CONT auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): pass search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid,userPassword auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 userPassword=; uid,userPassword unused auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 userPassword= auth: Debug: client passdb out: OK 1 user=testuser1 %n=testuser1 auth: Debug: master in: REQUEST 2349465601 14739 1 30535968cbadc3948ed4578ae769de33session_pid=14741 request_auth_token auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): user search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1; uid unused auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 auth: Debug: master userdb out: USER2349465601 testuser1 auth_token=5f171ed4c66480dcc89a21709b062753c151aede imap-login: Info: Login: user=, method=PLAIN, rip=192.168.34.18, lip=192.168.34.10, mpid=14741, TLS, session=<6v9kQkdREADAqAG3> btw, its Dovecot 2.2.18 (Ubuntu 16.04 LTS) Robert 2017-06-03 18:18 GMT+02:00 Sami Ketola : On 2 Jun 2017, at 11.40, Aki Tuomi wrote: Dovecot 2.2.29+ has feature called username_filter for passdb blocks, which lets you specify usernames the passdb block is to be used. This could simplify your config somewhat. See https://wiki.dovecot.org/ PasswordDatabase Small mistake. That feature is in 2.2.30+ Sami - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWTarLHz1H7kL/d9rAQIIWAgAoWPAG/Q86Yt0CH1Zn1KdlXsTpk5NHc02 4snBpPo5nptJ9ZqUsuvQaGVu7iYqOZV4fJjONJAaPOrOkhxvGSa0twOlgF/+uNxs FJt5xn13OjuTKKOX24GTXxStVqQp0uOysGMlV3aFJudOCFig584IBtZa4Xdmky8Q GV2LHspK0go04YSZ7O8kSIJHcjEHsgOiO2OPl6jJo5rR7StVvzXIHOqeOLVeMWdS VDYDKxBcKf83HUgRJE0FU1zfR3UTrV/nwSTi232xgQ5XXhjY1fHZGirceaEleZkH T7Y6rzblph29eu4+xGcxEtJe0MQ5H03qP2lahGFj8IMzo9F5y1eB0w== =hDv0 -END PGP SIGNATURE-
Re: Two domains - same user names filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2 Jun 2017, Sandbox wrote: On Fri, 2 Jun 2017, Sandbox wrote: I have two LDAP domains, which has some equal users, eg: a...@domain1.com a...@domain2.com This works fine except one thing: i cant set up the ldap query to choose the correct maildir if the user names are equal. | Well the most problem is that you have two LDAP servers with different content. Unfortunately i cant do anything with this. :S Is it possible to use a user_filter which will choose the correct maildir and user/domain from the email address? My current ldap.conf for domain1: hosts = ldap.domain1.com base = ou=People,dc=domain1,dc=com ldap_version = 3 user_attrs = uid=user user_filter = (uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (uid=%n) default_pass_scheme = MD5 and for domain2: hosts = ldap.domain2.com base = ou=People,dc=domain2,dc=com ldap_version = 3 user_attrs = \ =mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir user_filter = (uid=%n) pass_attrs = uid=%n,userPassword=password pass_filter = (uid=%n) default_pass_scheme = MD5 | you have one LDAP conf per domain and two userdb's, right? Nop, I have two ldap.conf files, one for domain1 and one for domain2 and two userdb setting in dovecot.conf for each ldap.conf files. | Can you make use of ${domain} in one of the LDAP servers, is the domain present in the user entries? Uhm, what do you mean? "Can you make use of ${domain} in one of the LDAP servers"? Only the mail address and the departmentNumber contains the domain in the user entries, to be clear, the first domain's (this is the "old" one) user entries does not contain any departmentNumber data so those e-mails are going to the current /home/vmail/user/maildir directory, the second domain (which is the "new" one) contains the departmentnumber data, so those emails are going to the /home/vmail/domain2.com/user/maildir directory. The main problem that I have the same usernames in both domains, thats why i cant use only one domain. Actually i have one ldap server with two domains configured. Just thinking about the problem, is that not possible to fill up a not used LDAP record eg: labeledURI with the user's second e-mail address? So in the ldap.conf i have to use a filter which can decide which e-mail address is used -> where to store the mail. Or, use two mail record. Both requires e-mail address filtering where i have to use the domain part as a decision parameterwhat do you think? Then use (&(uid=%n)(mail=*@%{domain})) or something similar. However, I don't know, whether %{domain} is populated in your config. Did you checked out Aki's answer. If that works as described, username_format would make it easier. 2017-06-02 10:13 GMT+02:00 Steffen Kaiser : - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWTFYqHz1H7kL/d9rAQJ41AgAmyu8Uw+BQCmSQ7PHlFUIh/YO8IQy10Sv WzgorCAqtyL3KBU48tE1lUyQT58NV4QR7SGEbFxsSN1WQXzFTsc43kLfGvmk7/WQ bAtvqZaw0uiiPrt2p69e4jfd7GR7NIgM8UP2IM74anmLRzx/uMTBH3MyufChb6gW EDXjn/rTNlm0FaUYGL6JZuyQMZb8YubHVtl1BXMvdULXgewdmCv9UqodUBKVDlDG f8RwUzAjTiITFINC+4RGBwJKVK8J4MxA4BUs9yZomMXd6384JYogCACmvuK4Je13 5BwTfxT97NER3LIxsLeTZPA6SHq89IlDS3HD/wqW5wMgDzp+BWlOiQ== =mipf -END PGP SIGNATURE-
Re: Two domains - same user names filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2 Jun 2017, Sandbox wrote: I have two LDAP domains, which has some equal users, eg: a...@domain1.com a...@domain2.com This works fine except one thing: i cant set up the ldap query to choose the correct maildir if the user names are equal. Well the most problem is that you have two LDAP servers with different content. Is it possible to use a user_filter which will choose the correct maildir and user/domain from the email address? My current ldap.conf for domain1: hosts = ldap.domain1.com base = ou=People,dc=domain1,dc=com ldap_version = 3 user_attrs = uid=user user_filter = (uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (uid=%n) default_pass_scheme = MD5 and for domain2: hosts = ldap.domain2.com base = ou=People,dc=domain2,dc=com ldap_version = 3 user_attrs = \ =mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir user_filter = (uid=%n) pass_attrs = uid=%n,userPassword=password pass_filter = (uid=%n) default_pass_scheme = MD5 you have one LDAP conf per domain and two userdb's, right? Can you make use of ${domain} in one of the LDAP servers, is the domain present in the user entries? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWTEeOXz1H7kL/d9rAQKgKAf+NgTeS/4p/BPFwiP7pFXvn1K0cNRvBLcA n6sDHQPebxnVxotRPomblaXoHVpYHPY9PlADQ6tF0g0ZjVuXeYdQuF5Yxy8pJgKb Wyy12H2kLOCbN4rbFEGJqxL9301mMQLfgIRe4EbDi4BdXRjyBNvIYU+6M2BYXHTx VNTXcsql18tmjJufN5/7XeVFpd3LVC4o6v2W99N88JLi2GJjpPVYGiyMrRmdGTOI XL75q8wg9Zoh6FKu+fdocDUpsFvxmraMChsagJScdHvG2pfMj26J87aJzHJ43zZe GhzI7fwCbuVWZ4mGyZNB4Age7MjO0yaeqCVR/M29dUPv3Xtl8Z7NCg== =qnQp -END PGP SIGNATURE-
Re: mailserver.users does not exist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 28 May 2017, Amaechi Janneh wrote: It appears that I have an issue with my dovecot setup. When trying to authenticate, i get this error: May 28 20:18:26 AmaechiJ dovecot[10516]: imap-login: Login: user=< a...@example.com>, method=PLAIN, rip=, lip=, mpid=10879, TLS, ses...QOQBg9rlR> May 28 20:18:42 AmaechiJ dovecot[10516]: imap(a...@example.com): Connection closed in=116 out=1311 May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Warning: mysql: Query failed, retrying: Table 'mailserver.users' doesn't exist May 28 20:20:32 AmaechiJ dovecot[10516]: auth-worker(10892): Error: sql( a...@example.com,): User query failed: Table 'mailserver.users' doesn't exist The error says that the place (SQL database) you've configured in Dovecot to look at is missing a table named 'mailserver.users'. May 28 20:20:32 AmaechiJ dovecot[10516]: imap-login: Login: user=< a...@example.com>, method=PLAIN, rip=, lip=, mpid=10894, TLS, ses...QZwBg9rlR> But I already have the users data under virtual_users. So what should I do? What's the sameness of "virtual_users" and "mailserver.users"? Show us your SQL definition and SQL database layout. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWS5TAnz1H7kL/d9rAQLiGAf/f5fIwVTkZ/OEW3G+z3bpZT5YrMziROav QtJyFDIv+WQ3g7Y3HjaNK89MdVKqWJTn4P/slbfncl5F/a/BjKYyf1nHtl1E7SnY jSyuKcf6MOuj8jwfRyUzkkrl45sRsePMOro1xhDE5LqK2pIgrXflqJdDEEWdEvCX JRIG2oPw3NHzOVeMkjgps6I972OEBMsFCicRQT2MqGXEAY36qQ0Tm8Fekh01LG80 kwmeweMG9Ln87x8B7v0Pj8fb2kFFQhuGwFyr2C+HV0DoMZ4DVibZ1OujQaEmAkTN UHE59AgXGtjaN7/ZUfxK7J46zSQMxyi6HPspuAfjty45zjssZJ1HQw== =yEGO -END PGP SIGNATURE-
Re: Problem with Pigeonhole/Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 May 2017, Kamil Kapturkiewicz wrote: 248 is a dovecot, 202 is dovenull, both users are in theirs groups across. If I change ownership of /usr/local/dovecot to dovecot.dovecot, then dovecot is correcting it to root.root for some reason. Does it mean that dovecot should be running as root only? you do not seem to run a root-less system, see https://wiki.dovecot.org/HowTo/Rootless (I never tried it). What does it mean / here? is it / in filesystem or it is / for dovecot in /usr/local/dovecot ? I suppose "/" refers to the login subdir in your base_dir drwxr-x--- 2 root dovenull 4096 Sep 10 2016 /var/run/dovecot2.2/login// The login processes seem to chroot there. This dir would match the permissions described in the error message and your info that 202 is dovenull. In fact, the login processes are to run as another user (dovenull), if you do not run without root at all, in order to increase security by separated privilege levels. I would drop the "user = dovecot" lines. I guess, you need to rephrase the subject in order to catch the attention of somebody else. But, what's your intention? May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) this was caused by restarting of Dovecot. I thought the "reload" message reads something different. On 02/05/17 09:13, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 1 May 2017, Kamil Kapturkiewicz wrote: Unfortunately I am getting following error in DoveCot log instead: May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248() egid=248() missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248() egid=248() missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) this error is pretty clear: Directory "/" cannot be accessed by user 248:248 looks like a chroot'ed environment? Anyway, either: + the accessing user ID of 248:248 is wrong, + the owning user 0:202 is wrong or + the access permissions should include "chmod o+x /" May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) This shouldn't happen. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37 Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5 u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w== =sg2z -END PGP SIGNATURE- - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWQlswHz1H7kL/d9rAQIOQQf/W4/PrWAikuEA0nfyaHU+pZNK+HpJFKkw mz02uCG5mUDw5CaidmgMU2B7z67nw3pa2nSZYpUOdiPwhrS2alAxIV8UtNUFBuog SYotBvnJmD62NsIeKJ5VQna9lGAB41zEPI5bekzvLWTfo0oic7EmiVIHvYLpBQwb 80PwAaN5hPMZrPwq+1w3EJvOr7jckIwxxlDeQcawHprY2Hq4H8SSmDFgGN+1KwQ0 nW3YqIBrfaYprfRBXz2wgGICuYuF5t5WLShBYR14WybrSrIxW0Yjt+wz8lRP/IlP OhAqUj+6yU/11ILEUasjVrryZQkLDD6YtpgbDeuF0Rpi3Z11WSTC3g== =tBJC -END PGP SIGNATURE-
Re: Problem with Pigeonhole/Sieve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 1 May 2017, Kamil Kapturkiewicz wrote: Unfortunately I am getting following error in DoveCot log instead: May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248() egid=248(error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248() egid=248() missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) this error is pretty clear: Directory "/" cannot be accessed by user 248:248 looks like a chroot'ed environment? Anyway, either: + the accessing user ID of 248:248 is wrong, + the owning user 0:202 is wrong or + the access permissions should include "chmod o+x /" May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) This shouldn't happen. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37 Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5 u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w== =sg2z -END PGP SIGNATURE-