[Dovecot] Still no messages from dovecot
I'm still not seeing emails from the list. With help from others, I thought I had the IPs cleared since the change back in February, but apparently not. Can someone PM me and let me know what outgoing IP addresses the list is using please? steve campbell
Re: [Dovecot] Still no emails since Feb. 6
On 3/6/2014 6:03 AM, Reindl Harald wrote: Am 05.03.2014 21:37, schrieb Eugene R: Got access denied for direct mail: : host mailserver2.cnpapers.net[216.12.119.162] said: 550 5.7.1 Access denied (in reply to MAIL FROM command) Well, this is now really off-topic for the list (local config error). Sorry to bother people and now the OP should seek his maillog for "Access denied" rejects and asks himself why a public MX acts that wrong Thanks all for the help. That IP was placed in my firewall, not sure when. Public MX's don't necessarily guarantee that what's coming from them are OK. My maillog is so full of rejects and without knowing what IP I should look for, it was difficult to find out what was going on. Anyway, we'll see what happens now.
[Dovecot] Still no emails since Feb. 6
I checked my settings on the dovecot mailman page, and although my account was set to "disable" email, after changing it and attempting to have the list resend my password, I'm still not seeing emails. The last time I received emails, the outgoing server for the list was sent from the IP 193.210.130.67. Is that still correct? I've checked my logs to see if there's anything blocked, and I don't see anything. I've checked my access file and firewall, and nothing is blocked there. I'm not sure why my account settings showed "disabled", but it sounds like email was either bounced back to the list or my server is in some type of outgoing list to prevent sending to me. I'm at a loss. Is there any way an admin can check for me, please, to see if there's a problem they might spot? Thanks, steve
[Dovecot] No email since Feb 6
Is the list down or have I been blocked.
Re: [Dovecot] POP3 Setup help - more info
otherwise I have to figure out how to get it in text form Yes, you should. Try something like: #!/bin/sh ( dovecot -an && echo) | /bin/mail -s "Dovecot -an output" y...@yourdomain.com Put the above two lines in an executable file (chmod 777 or something like that and erase after you run it) and run the file. It should send the output of "dovecot -an" to the email address y...@yourdomain.com with a subject line of "Dovecot -an output". You might have to use a different "/bin/mail" command depending on what your mail server is. steve campbell
Re: [Dovecot] Any way to let dovecot block pop3 attempts?
On 5/10/2013 10:53 AM, Michael Wessel wrote: Did you have a look at this? http://wiki2.dovecot.org/Authentication/RestrictAccess On 5/10/2013 5:17 AM, Steve Campbell wrote: Is there a way using dovecot facilities to block an IP from attempting POP3 connections (similar to the sendmail access file for smtp connections)? I usually do this at my border firewall, but if there's a quick and dirty way in dovecot to do this, it'd make life a little simpler. Thanks steve campbell The reason I'm asking about all of this is that a particular IP address is attempting to connect to our pop server, and it's trying every possible common user name (I think this is call a dictionary attack). I can't restrict access to a particular IP subnet because our users access their email from all over the place. So this suggestion seems to not be a solution, as I see it. Thanks though. If I have to, I'll just go put this IP on the firewall, but I don't have remote access (for security), so it's a little more effort than accessing the pop server. steve
Re: [Dovecot] Any way to let dovecot block pop3 attempts?
On 5/10/2013 10:05 AM, Oscar del Rio wrote: On 05/10/13 08:17 AM, Steve Campbell wrote: Is there a way using dovecot facilities to block an IP from attempting POP3 connections (similar to the sendmail access file for smtp connections)? I usually do this at my border firewall, but if there's a quick and dirty way in dovecot to do this, it'd make life a little simpler. How about TCP wrappers? http://wiki2.dovecot.org/LoginProcess - "Login access check sockets" - "TCP wrappers support" I use Centos and the default dovecot RPM. I seem to recall there was a way to determine if dovecot was built with "--with-libwrap". Can anyone shed light on how to determine this, please? Thanks steve
Re: [Dovecot] Any way to let dovecot block pop3 attempts?
On 5/10/2013 8:54 AM, Gilles Chauvin wrote: On Friday 10 May 2013 08:17:50 Steve Campbell wrote: Is there a way using dovecot facilities to block an IP from attempting POP3 connections (similar to the sendmail access file for smtp connections)? I usually do this at my border firewall, but if there's a quick and dirty way in dovecot to do this, it'd make life a little simpler. Hi Steve, We've been using Fail2Ban on our mail proxies for a while without any problem. It may be what you're looking for. Regards, Gilles. Thanks, But I believe fail2ban uses iptables, and I don't run a local firewall on the server. I'd prefer not to use a separate server to inject firewall rules on the border firewall. I might be wrong about fail2ban, though. I was hoping there was a file for pop and imap in dovecot similar to the smtp "access" file in sendmail (which is what I use, BTW) steve
[Dovecot] Any way to let dovecot block pop3 attempts?
Is there a way using dovecot facilities to block an IP from attempting POP3 connections (similar to the sendmail access file for smtp connections)? I usually do this at my border firewall, but if there's a quick and dirty way in dovecot to do this, it'd make life a little simpler. Thanks steve campbell
[Dovecot] Any simple way to block logins by IP address?
Does Dovecot have a facility to block pop3 and imap logins by IP address. I usually do this by putting the IPs in my border firewall, but it's in transition currently to a new one, and I'd like to end connection fairly fast. If it matters, I'm using 2.0.9. Thanks steve campbell
Re: [Dovecot] Advanced dovecot tricks - spam review/release
If you ever figure out how to do this, I've got an excellent name for it: MailWatch http://sourceforge.net/projects/mailwatch/ steve On 10/3/2012 3:48 PM, Marc Perkel wrote: Hi, I'm looking for some advice to do a really advanced trick with Dovecot. I'm not sure if this can be done. I need to describe first. I have a spam filtering company that does front end spam filtering. (Junk Email Filter) I want to add a system where I store a copy of spam on a server and make it available to the customer to review and maybe resent on false positives. I know I could do something simple where I deliver all spam to a domain account and make it available to an administrator. Then if it's a false positive they would drag the message to a "resend" folder. I'll have something the checks the folder one a minute to pick up and resend. However What would be very cool is delivering the spam to individual accounts. So a user who logs in individually can see their own spam. But the admin for the domain would be able to see all users. Maybe the users would appear as folders? Then a master account (me) would be able to log in and see all the domains as folders and the users as folders inside the domains? One thing I can do is deliver the spam to 3 different places so it's visible on all levels. I'm just wondering if anyone out there has any ideas about that. And I'll need an authentication system.
Re: [Dovecot] Couple of questions about the logs
On 7/23/2012 12:23 PM, e-frog wrote:
On 23.07.2012 18:07, wrote Steve Campbell:
On 7/23/2012 11:54 AM, e-frog wrote:
On 23.07.2012 17:31, wrote Steve Campbell:
The log entries for imap disconnection shows a "bytes = x/y" format
where the x equals bytes sent from client and y equals bytes received
from client.
Can someone explain that a little better to me, please? In an imap
account, does this "y" represent the size of the header information
being returned to the client or the amount of data of the email
mailbox?
Also, is there a way to tell if an email has been deleted (or
marked for
deletion) when using an imap client?
Here's the situation:
I've got a user who uses imap when using his phone and webmail.
When in
the office, he uses a pop3 client on his desktop. He indicates he's
missing some emails from the weekend when first turning on his
desktop.
I know of no way to discover if he's deleted and then purged email
from
his mailbox using imap clients. I've checked the logs and he does not
access his mailbox simultaneously from any of the 3 clients.
I can find 31 emails he received since his last pop login on Friday
until his first pop login on Monday. The pop login indicates he
received
only 27 emails during the pop retrieval.
I'm a little lost here. Any help would be appreciated in interpreting
the logs or suggesting how this might have happened.
thanks
steve campbell
This probably doesn't help with the current case but for the future
you could enable mail_log plugin to log several user events:
http://wiki2.dovecot.org/Plugins/MailLog
thanks very much. That looks great.
Is there any particular file I should place the particular lines?
steve
For dovecot 2.x.x
conf.d/20-imap.conf: add mail_log and notify to mail_plugins
mail_plugins = $mail_plugins mail_log notify
conf.d/10-logging.conf: There is already a template, just uncomment
and modify as needed.
# mail_log plugin provides more event logging for mail processes.
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
I found the 10-logging.conf file, but wasn't sure where to put the
"mail_plugins" line.
Thanks very much for the help.
My setup is as follows:
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.el6.x86_64 x86_64 CentOS release 6.2 (Final)
disable_plaintext_auth = no
listen = *
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace {
hidden = yes
inbox = yes
list = yes
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix =
separator = /
type = private
}
namespace {
hidden = yes
list = no
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = mail/
separator = /
type = private
}
namespace {
hidden = yes
list = no
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = ~/mail/
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = ~%u/mail/
separator = /
type = private
}
passdb {
driver = pam
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
}
protocols = imap pop3
ssl_cert = The line for mail_plugs shows the space before the "mail_log notify"
part, but it seems to be working. I guess one day I need to clean up
those namespaces, since I basic only use one of them.
One day, I hope I can learn what all I need to know about dovecot as well.
Thanks for all the gracious help.
steve
Re: [Dovecot] Couple of questions about the logs
On 7/23/2012 11:54 AM, e-frog wrote: On 23.07.2012 17:31, wrote Steve Campbell: The log entries for imap disconnection shows a "bytes = x/y" format where the x equals bytes sent from client and y equals bytes received from client. Can someone explain that a little better to me, please? In an imap account, does this "y" represent the size of the header information being returned to the client or the amount of data of the email mailbox? Also, is there a way to tell if an email has been deleted (or marked for deletion) when using an imap client? Here's the situation: I've got a user who uses imap when using his phone and webmail. When in the office, he uses a pop3 client on his desktop. He indicates he's missing some emails from the weekend when first turning on his desktop. I know of no way to discover if he's deleted and then purged email from his mailbox using imap clients. I've checked the logs and he does not access his mailbox simultaneously from any of the 3 clients. I can find 31 emails he received since his last pop login on Friday until his first pop login on Monday. The pop login indicates he received only 27 emails during the pop retrieval. I'm a little lost here. Any help would be appreciated in interpreting the logs or suggesting how this might have happened. thanks steve campbell This probably doesn't help with the current case but for the future you could enable mail_log plugin to log several user events: http://wiki2.dovecot.org/Plugins/MailLog thanks very much. That looks great. Is there any particular file I should place the particular lines? steve
[Dovecot] Couple of questions about the logs
The log entries for imap disconnection shows a "bytes = x/y" format where the x equals bytes sent from client and y equals bytes received from client. Can someone explain that a little better to me, please? In an imap account, does this "y" represent the size of the header information being returned to the client or the amount of data of the email mailbox? Also, is there a way to tell if an email has been deleted (or marked for deletion) when using an imap client? Here's the situation: I've got a user who uses imap when using his phone and webmail. When in the office, he uses a pop3 client on his desktop. He indicates he's missing some emails from the weekend when first turning on his desktop. I know of no way to discover if he's deleted and then purged email from his mailbox using imap clients. I've checked the logs and he does not access his mailbox simultaneously from any of the 3 clients. I can find 31 emails he received since his last pop login on Friday until his first pop login on Monday. The pop login indicates he received only 27 emails during the pop retrieval. I'm a little lost here. Any help would be appreciated in interpreting the logs or suggesting how this might have happened. thanks steve campbell
[Dovecot] Error in logs indicating broken files
Still new to dovecot, I'm seeing a couple of errors in my log file indicating corruption of index files. Error: Corrupted index cache file/home/xx/mail/.imap/sent-mail/dovecot.index.cache: Broken virtual size for mail UID 67: 1 Time(s) Error: FETCH [] for mailbox ~/mail/sent-mail UID 67 got too little data: 6203 vs 7478: 1 Time(s) This account is used by multiple users, but it is not a shared account (haven't set any of those up yet - still new to me), so I would expect corruption possibilities when multiple users modify the account folders in some manner. Until I get some experience under my belt and make this a truly "shared" account, is there any way to resolve the corruption of the files mentioned above? Maybe just delete them? thanks steve campbell
Re: [Dovecot] Namespace, prefix questions
On 3/27/2012 10:40 AM, Steve Campbell wrote:
We've got some users who are using Outlook Express version 6. The
client allows me to specify the root folder, but not a prefix or
namespace. I'm still struggling with some users on our new server that
have crazy imap folder layouts, so I've got a few questions.
When I specify the root folder, does that bypass any namespace/prefix
definitions on the imap server?
On some clients, like Thunderbird, I have the option of specifying
namespace OR prefix. How do these differ? I thought that the prefix
was the "name" of the namespace.
It appears that I have to delete and re-create the account on these OE
6 clients to make the list of folders show properly. Does that sound
right?
This all came about because one of these OE 6 users was not able to
use their imap folders (server errors). Turns out it was one of the
users that had their folders directly under ~. So I moved them to
~/mail, created a .subscriptions file from their .mailboxlist file and
tried everything in the world to get the folders to list properly.
Only after specifying the root folder as ~/mail after recreating the
account and restarting OE did it show properly and the folders
remained listed. My default config has this setup as the
"mail_location" parm, but blanks as the root folder don't seem to work
in this situation. I'm also wondering where I specify the "list",
"hidden" and other parms that are usually set in namespace blocks.
dovecot -n
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.4.1.el6.x86_64 x86_64 CentOS release 6.2 (Final)
disable_plaintext_auth = no
listen = *
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace {
hidden = yes
inbox = yes
list = yes
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix =
separator = /
type = private
}
namespace {
hidden = yes
list = no
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = mail/
separator = /
type = private
}
namespace {
hidden = yes
list = yes
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = ~/mail/
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = ~%u/mail/
separator = /
type = private
}
passdb {
driver = pam
}
protocols = pop3 imap
ssl_cert = After googling a bit, it seems that all 3 can come into play in the same
or different meanings. Seems that prefix and namespace mean the same
thing. Root folder can mean the same as above, but can also stand alone
as an individual pointer to a personal folder that differs from from
what the imap server uses.
It's still not clear to me, but at least I'm getting an idea of what may
or may not work. Still not sure why the null or blank prefixed namespace
doesn't take precedence when nothing is set in the client.
steve
[Dovecot] Namespace, prefix questions
We've got some users who are using Outlook Express version 6. The client
allows me to specify the root folder, but not a prefix or namespace. I'm
still struggling with some users on our new server that have crazy imap
folder layouts, so I've got a few questions.
When I specify the root folder, does that bypass any namespace/prefix
definitions on the imap server?
On some clients, like Thunderbird, I have the option of specifying
namespace OR prefix. How do these differ? I thought that the prefix was
the "name" of the namespace.
It appears that I have to delete and re-create the account on these OE 6
clients to make the list of folders show properly. Does that sound right?
This all came about because one of these OE 6 users was not able to use
their imap folders (server errors). Turns out it was one of the users
that had their folders directly under ~. So I moved them to ~/mail,
created a .subscriptions file from their .mailboxlist file and tried
everything in the world to get the folders to list properly. Only after
specifying the root folder as ~/mail after recreating the account and
restarting OE did it show properly and the folders remained listed. My
default config has this setup as the "mail_location" parm, but blanks as
the root folder don't seem to work in this situation. I'm also wondering
where I specify the "list", "hidden" and other parms that are usually
set in namespace blocks.
dovecot -n
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.4.1.el6.x86_64 x86_64 CentOS release 6.2 (Final)
disable_plaintext_auth = no
listen = *
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace {
hidden = yes
inbox = yes
list = yes
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix =
separator = /
type = private
}
namespace {
hidden = yes
list = no
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = mail/
separator = /
type = private
}
namespace {
hidden = yes
list = yes
location = mbox:~/mail:INBOX=/var/spool/mail/%u
prefix = ~/mail/
separator = /
type = private
}
namespace {
hidden = yes
list = no
location =
prefix = ~%u/mail/
separator = /
type = private
}
passdb {
driver = pam
}
protocols = pop3 imap
ssl_cert =
Re: [Dovecot] POP3 Performance
On 3/16/2012 7:07 AM, Mauricio López Riffo wrote:
Hi,
We actually have a mail hosting solutions with aprox. 100 thousand
of email account, where about 90% of a customers use POP3 like email
configuration. About a few mounths (we perfomed a lot of migration
throught mbox email software to Maildir with dovecot) but i can see
that the performance is very poor and receive complaint about delays
of autentications of accounts.
The solution lives in Metrocluster Netapp storage, filesystem NFS,
VMware as a virtualization (the mtas are a virtual machines lives in
netapp too) about 4T of data mails and a 10G network connection
(betwen mtas and nfs storage) All account information work in LDAP
plataform (two servers in replicated mode, no high average or delays
detected in this servers)
When the traffic have a peak of 1800 concurrent connections POP3, all
of service suffer a high load average (about 8 - 20 load average in
each dovecot) and authenticacion takes about 2 -10 seconds (in low
traffic, autenticacion takes about 60 miliseconds)
Also, each dovecot instance lives un MTA server CentOS 5.8 x86_64 with
6G RAM (virtual machine) and share's hardware with a exim instance,
like a MTA relay system (autenticated relay)
Usage of network have peaks of 80Mbits (all dmz network have 1Gbits of
bandwith)
Attach of dovecot -n output:
# 2.0.18: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-308.1.1.el5 x86_64 CentOS release 5.8 (Final)
auth_debug_passwords = yes
auth_default_realm = portalplata.cl
auth_realms = portalplata.cl
auth_verbose = yes
auth_verbose_passwords = plain
auth_worker_max_count = 100
base_dir = /var/run/dovecot/
debug_log_path = /var/log/dovecot.log
default_process_limit = 200
default_vsz_limit = 512 M
disable_plaintext_auth = no
first_valid_gid = 12
first_valid_uid = 8
lock_method = dotlock
login_greeting = Dovecot mta10
mail_cache_min_mail_count = 5
mail_debug = yes
mail_fsync = always
mail_full_filesystem_access = yes
mail_gid = 12
mail_location =
maildir:%h/Maildir:INDEX=/data/cache/indexes/%2d/%1u/%2u/%u
mail_nfs_storage = yes
mail_plugins = " quota"
mail_uid = 8
maildir_copy_with_hardlinks = no
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = box from subject
quota = maildir
}
postmaster_address = m...@mail.com
protocols = imap pop3
sendmail_path = /usr/lib/sendmail
service auth {
unix_listener auth-userdb {
mode = 0600
user = exim
}
}
service imap-login {
service_count = 0
}
service imap-postlogin {
executable = script-login /usr/local/bin/postlogin.sh
user = root
}
service imap {
executable = imap imap-postlogin
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
service_count = 0
}
service pop3 {
process_limit = 1024
}
ssl_cert =
It doesn't seem to matter what type of hardware you might have, NFS can
cause real bottlenecks, even to the point that your machine may report
disk errors.
Unfortunately, it's an evil necessity in some shops, but any way to
eliminate NFS when large throughput is occurring will definitely help.
Make sure you're running the latest version of NFS on all machines since
V3 and V4 don't always like each other.
I don't have a solution for it's replacement other than expensive
hardware solutions.
steve
Re: [Dovecot] Lack of external documentation?
Quoting Jerry : > On Thu, 15 Mar 2012 15:27:37 -0400 > Terry Carmen articulated: > > > On 03/15/2012 03:06 PM, Steve Campbell wrote: > > > Firstly, this isn't meant to be critical, and I realize the subject > > > line probably suggest criticism, so... > > > > > > I was sort of forced into using dovecot as my imap/pop server due > > > to upgrading 3 versions of OS on my mail servers. So far, that's > > > not bad. What surprises me is that one of the first things I > > > usually do whenever I start using different software is to purchase > > > a book that seems to suit me. Searching all of the common places > > > like amazon, ebay, etc for manuals turned up little to nothing on > > > dovecot. > > > > > > I'm wondering why and is this so new that people just haven't > > > written books about it yet? > > > > > > The one thing I'm a little critical of, though, is that trying to > > > make heads or tails of dovecot by following the online > > > documentation is a little problematic. I'm constantly jumping to > > > another page and then back to the original page, and for the most > > > part, I just don't know enough about it all yet to know what I'm > > > looking for. > > > > The best docs are on the wiki and this mailing list. If you find the > > information in the wiki to be lacking, the best thing you can do is > > find the solution yourself and/or on this mailing list, and then make > > a wiki entry so the next person will know how to solve the same > > problem you had. > > > > Dovecot is a complex piece of software, and understanding some > > functionality requires reading the wiki, asking on the mailing list > > and/or examining the source code. You can also obtain paid support > > from these companies: http://dovecot.org/support.html > > > > I'll be the first to admit that complex and specialized > > configurations are sometimes difficult to figure out, however this > > list has always been a tremendous amount of help. > > The lack of truly informative documentation has been the Achilles' heel > of open-source software since its inception. I feel your pain. I have > always loved a hard copy, i.e. book documenting the subject I am > studying. Jumping from screen to screen sucks, plus how do I highlight > a passage on the monitor for future reference? There have been a few > books written to document Postfix, but to the best of my knowledge, none > exist for Dovecot. > > -- > Jerry â > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the Reply-To header. > __ > So many great replies, but I'll pick this one to use as my reply-to since it mirrors mostly how I feel about my experiences so far when it comes to learning Dovecot. I installed a new server, going from Centos 3 to Centos 6. I found that Postfix was the preferred SMTP server and Dovecot was the preferred imap/pop server. I gave Postfix my best shot, but didn't really have it tested well enough to stick with it, so I dropped back to Sendmail, something I'm somewhat familiar with. I've read multiple versions of O'Reilly's Sendmail books along with the Sendmail Cookbook. I have to admit that it was these books that made me realize the power of Sendmail. Post l website to further learn, but I had to get the basics first to do what needed to be done to get the job into a working server. Dovecot is an application that probably would work out of the box for me if I didn't have to use data from the previous server. So I had to use more than the standard options to make this work. Finding those options was the main gripe I had with the wiki - there are just so many options to make Dovecot the complete server. That's a good thing. Just remember, us noobies-to-Dovecot have to discover all of those options. I mentioned that I was happy with the wiki and the list when it comes to answering my questions. But I'm sure the list will get tired of me asking what must appear to be redundant, simple, obnoxious questions. The index-like wiki page is most helpful. I knew dovecot has been around for a while, but didn't know how mature it was. The fact that Centos/Red Hat uses it as a default says quite a bit about it's reliability, so I'll stick with it. One of the the things I was planning on doing was combining two servers, which services one domain on one server and services two other domains on the other, into one server, and have the other as a server-in-waiting. So along comes this dsync thread, and now
[Dovecot] Lack of external documentation?
Firstly, this isn't meant to be critical, and I realize the subject line probably suggest criticism, so... I was sort of forced into using dovecot as my imap/pop server due to upgrading 3 versions of OS on my mail servers. So far, that's not bad. What surprises me is that one of the first things I usually do whenever I start using different software is to purchase a book that seems to suit me. Searching all of the common places like amazon, ebay, etc for manuals turned up little to nothing on dovecot. I'm wondering why and is this so new that people just haven't written books about it yet? The one thing I'm a little critical of, though, is that trying to make heads or tails of dovecot by following the online documentation is a little problematic. I'm constantly jumping to another page and then back to the original page, and for the most part, I just don't know enough about it all yet to know what I'm looking for. Does anyone know of any manuals/books that have been written that might introduce me to most of the stuff in dovecot? So far, the list has been great, but once the "dsync" threads started popping up, I find there's even more I don't know about. Thanks for all the help I've received so far and I think I'm really going to like dovecot. Once I get the hang of it, I'll probably reduce the amount of noise on the list by half. steve campbell
Re: [Dovecot] .mailboxlist -> .subscriptions
On 3/15/2012 6:29 AM, Timo Sirainen wrote: On Wed, 2012-03-14 at 10:46 -0400, Steve Campbell wrote: I've mostly finished a conversion from an old Centos 3 UW-Imap server to a new Centos 6 dovecot server. This is messy stuff to do. There are ways you could make Dovecot behave identically to UW-IMAP (mail_full_filesystem_access=yes), but for future and for security it's better if you don't do that. I did not copy the old ~/.mailboxlist file to ~/mail/.subscriptions file, but notice some users have the latter file now. These are all mbox folders on the old and new server. Copying it for users who haven't already readded their subscriptions would be a good idea. Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like "mail/Trash". Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? Yes, move all of the mboxes to mail/ directory. With the compatibility namespaces it should work so that clients don't notice changes: http://wiki2.dovecot.org/Namespaces -> Backwards Compatibility There are also a few old mailing list threads detailing all kinds of issues and solutions related to UW-IMAP -> Dovecot migration.. I'd replied to an earlier thread, and in it, I'd asked a question about a "blank" prefix namespace and the backward compatability namespaces. I'm not sure whether my "mail_location" takes precedence over namespaces (with or without a "location" parm), especially since I don't define a "blank" prefix defined. It's been working, or at least I'm not getting calls, so maybe I'm OK. In any event, I believe if I move all of these folders to ~/mail, ensure the .subscriptions file is matching, that at least people using Thunderbird will re-read the file and set their folders properly. Not sure about other clients. Thanks for the help. steve
Re: [Dovecot] .mailboxlist -> .subscriptions
On 3/14/2012 7:33 PM, Joseph Tam wrote:
Steve Campbell writes:
Their imap folders, the ones that they create using an imap client or
webmail, are either in ~ or ~/mail. Their original .mailboxlist is
always in ~. Based on that, I should probably copy any imap folders not
in ~/mail to that folder, duplicate ~/.mailboxlist to the file
~/mail/.subscriptions, and amend any .subscriptions file contents to
just have the name of the folders (without any "mail/folder" reference
in it).
My example would then be as follows
/home/steve=folder
/home/steve/Drafts = original folder
/home/steve/AnyFolder = original folder
/home/steve/.mailboxlist=original file
/home/steve/mail= folder (either original or created)
/home/steve/mail/.subscriptions= copied contents of .mailboxlist
file
/home/steve/mail/Drafts =copied folder of original
/home/steve/mail/AnyFolder= copied folder of original
Contents of original .mailboxlist and new .subscriptions:
Drafts
AnyFolder
If the imap folders were in ~/mail, then the original .mailboxlist would
have been
mail/Drafts
mail/AnyFolder
but after the corrections to the .subscriptions file, they would be as
above (without reference to the mail folder).
Is this correct?
That depends -- are you aliasing namespaces so that prefix={"",
"mail/", etc.} all map to a user's ~/mail folder? You may be creating a
confusing situation where a client with a null IMAP prefix has 2 copies
of a mailbox.
Joseph Tam
I have the following set:
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
namespace {
type = private
separator = /
prefix = "#mbox/"
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace {
type = private
separator = /
prefix = mail/
hidden = yes
list = no # for v1.1+
}
namespace {
type = private
separator = /
prefix = ~/mail/
hidden = yes
list = yes # for v1.1+
location = mbox:~/mail:INBOX=/var/mail/%u
}
namespace {
type = private
separator = /
prefix = ~%u/mail/
hidden = yes
list = no # for v1.1+
}
These are mostly what's defined as the "Backward Compatability"
namespaces in the wiki.
Are you saying that I should probably have something like the following
then:
namespace {
type = private
separator = /
prefix =
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
And is the multiple "inbox = yes" in the differing namespaces a no-no?
Based on the comments in the 10-mail.conf file, it seems to say it is a
problem, but if a user has any prefix defined, even the blank prefix,
wouldn't that mean they use only that set of parameters defined in the
namespace being used?
So far, I've only changed one prefix in the building to the #mbox prefix
and that was because of the weird layout of files they had.
I'm hoping one day to understand all of this. Dovecot, as I stated
before, is much more complex that the imap server used previously. It
allows one to use all of the facilities of the imap protocol, and much
more, but unfortunately, for admins like me that are just moving to
these new imap servers, most of those extras were either unknown to me
or unused.
Again, thanks all for the patience and help.
steve
Re: [Dovecot] .mailboxlist -> .subscriptions
On 3/14/2012 1:00 PM, Charles Marcus wrote: On 2012-03-14 10:46 AM, Steve Campbell wrote: Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like "mail/Trash". Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? Yes... dovecot doesn't like it when stuff other than mail is in the home folder: http://wiki2.dovecot.org/VirtualUsers/Home I'm not sure these are virtual users, so that link may have confused me. All accounts on these servers have real unix accounts. Their inbox is /var/spool/mail/unix-user-name. Their imap folders, the ones that they create using an imap client or webmail, are either in ~ or ~/mail. Their original .mailboxlist is always in ~. Based on that, I should probably copy any imap folders not in ~/mail to that folder, duplicate ~/.mailboxlist to the file ~/mail/.subscriptions, and amend any .subscriptions file contents to just have the name of the folders (without any "mail/folder" reference in it). My example would then be as follows /home/steve=folder /home/steve/Drafts = original folder /home/steve/AnyFolder = original folder /home/steve/.mailboxlist=original file /home/steve/mail= folder (either original or created) /home/steve/mail/.subscriptions= copied contents of .mailboxlist file /home/steve/mail/Drafts =copied folder of original /home/steve/mail/AnyFolder= copied folder of original Contents of original .mailboxlist and new .subscriptions: Drafts AnyFolder If the imap folders were in ~/mail, then the original .mailboxlist would have been mail/Drafts mail/AnyFolder but after the corrections to the .subscriptions file, they would be as above (without reference to the mail folder). Is this correct? thanks for the help steve
Re: [Dovecot] .mailboxlist -> .subscriptions
On 3/14/2012 10:46 AM, Steve Campbell wrote: One last question, please. Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like "mail/Trash". Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? The first server conversion was a bear due to my lack of dovecot knowledge. I've since learned a little more, and mostly found out that dovecot is a more complex application than the old imap application. There's so much more that can be done with dovecot, whereas the old imap server was mostly just load-and-go. Seems like no matter how much I read, the more I discovered I didn't know. Anyway, thanks for all the past help and any opinions anyone might decide to offer on this post. steve campbell I've discovered another situation. This may not be a problem, but I've got to deal with it at any rate. I find that some users have a .mailboxlist which points to folders in their home directory, and have folders in their mail directory as well. For the most part, this situation involved horde/imp "sent-mail" folders which are created when users send mail through our webmail but they more than likely have a client on either their phone or desktop that is configured as imap. The horde/imp "sent-mail" is not listed in their .mailboxlist file. So I'm guessing this will be all right to leave as is or to modify the resultant .subscription file to point to moved folders. So many things to consider for so many different situations. Thanks steve
[Dovecot] .mailboxlist -> .subscriptions
I've mostly finished a conversion from an old Centos 3 UW-Imap server to a new Centos 6 dovecot server. I did not copy the old ~/.mailboxlist file to ~/mail/.subscriptions file, but notice some users have the latter file now. These are all mbox folders on the old and new server. I'm getting ready to do the same to another old/new pair of servers and I'm wondering if there is an advantage of doing the copy. I'm assuming the .subscription files are created when they access their account through our webmail application, but I'm not sure if it was automatic or due to a "subscribe" action done manually. There are 49 accounts with a .mailboxlist file and only 4 with the new .subscriptions file. So either our webmail application isn't being used a lot or there's a problem with it due to the missing .subscriptions file, but the phone usually rings pretty quickly when problems arise. One last question, please. Over the years, some imap accounts had their folders directly in their home directory and the contents of the .mailboxlist file would have an entry with just the name of the folder in it (Trash, eg), and most had the folders in their ~/mail folder with an entry like "mail/Trash". Our webmail app, Horde/Imp, always seemed to take care of this. If I create the .subscription file for the users during the move to the new server, should I move the folders to the mail directory and amend their .subscriptions file to reflect that change on these odd ball accounts, and will that affect how their client is seeing these? The first server conversion was a bear due to my lack of dovecot knowledge. I've since learned a little more, and mostly found out that dovecot is a more complex application than the old imap application. There's so much more that can be done with dovecot, whereas the old imap server was mostly just load-and-go. Seems like no matter how much I read, the more I discovered I didn't know. Anyway, thanks for all the past help and any opinions anyone might decide to offer on this post. steve campbell
Re: [Dovecot] Shared mboxes
On 3/7/2012 3:47 PM, Stan Hoeppner wrote: On 3/6/2012 3:01 PM, Steve Campbell wrote: I've experienced that type of locked mailbox before on the old server. Users insist on accessing their email account as a pop account on their desktop with the "check for new mail every so many minutes" turned on and still keep their smartphones on while accessing it as an imap account so they can still download the files to their desktop when they return. Using IMAP on the phone and POP on the PC doesn't make any sense. Is there a (valid) reason why these people insist on this phone/IMAP and PC/POP setup? This seems seriously counter intuitive/productive. The bulk of these type users are sales staff. They use their desktop when their in the office. For years, the only type of email account we used was pop just because that was the way it was. We used horde for webmail, which read these type of accounts just fine. Once they needed email in the field, it was necessary to either set up their phones to use pop and keep email on the server so that they could download the email to their desktop, or use imap on the phones. They typically don't use any folders they've created on the imap account when accessing mail on the desktop. It would be a nightmare going to each desktop, finding a time when each and every user would have the time to allow us to change things, and switching all of the accounts. It may not seem to be a good way of doing things, but it's just the way our system here has evolved. Now that we're down to skeleton-type staffing, it's not easy to find the time and manpower to accomplish change when it "ain't broke". The occasional locked mailbox was easier to resolve that the massive change to all user's accounts. This all came about because I installed a new server to replace the old, and dovecot became the pop/imap server. So just to clarify, is it OK to have a maildir account setup on this server for these shared/imap access only accounts along with the mbox accounts already on there? Yes. With Dovecot it is possible to specify mail_location on a per user basis: http://wiki.dovecot.org/MailLocation You can even do a split mailbox type setup per user using multiple namespaces, for example specifying that INBOX use mbox with all other mail being stored in maildir format: http://wiki.dovecot.org/Namespaces Thanks for the patience and help Sure thing. Again, thanks for the help.
Re: [Dovecot] Shared mboxes
On 3/6/2012 3:17 PM, Stan Hoeppner wrote: On 3/6/2012 8:28 AM, Steve Campbell wrote: http://wiki.dovecot.org/SharedMailboxes That's where most of my questions originated, but thanks for the reply. Steve, all the information you need is behind that link. I've gone over that set of links on that page a dozen times. Perhaps I'm trying to put a square peg in a round hole by using mbox, but they keep providing information on it, so I guess I was just pounding away. But then there's that "don't use maildir and mbox together". All of the accounts on this server are carry-overs from the UW-IMAP server, so perhaps I should have converted those to maildir. Seems as though it's OK when they don't apply to the same type namespace. Maybe I'm misunderstanding concepts here Very possibly. What I've done in the past with the old imap server is to create an account (unix account), so the smtp server puts the mbox (what is referred to as the INbox) in /var/spool/mail. Users who needed to "share" this mailbox would be give the account user name and the password for this account and would add an Imap account to their mail client. This would sometimes cause locking problems or client corruption due to email removals mostly. This is basically a normal, non-shared account. Locking problems with multiple users hitting mbox files is unavoidable. The same is true when a single user hits an mbox from multiple client devices simultaneously--PC, smart phone, tablet, etc. Which is why you do not want to use mbox file format for shared mailboxes, but maildir instead, because each email is a separate file. Please note, from the link I provided: I've experienced that type of locked mailbox before on the old server. Users insist on accessing their email account as a pop account on their desktop with the "check for new mail every so many minutes" turned on and still keep their smartphones on while accessing it as an imap account so they can still download the files to their desktop when they return. ** Maildir: Per-user \Seen flag With Maildir a dovecot-shared file controls if the \Seen flags are shared or private. The file must be created separately inside each Maildir, although if the file already exists in the Maildir root it's automatically copied for newly created mailboxes. If dovecot-shared file doesn't exist in Maildir, the \Seen flags are shared. If it exists, the \Seen flag state is stored only in the user's index files. By making each user have their own private index files, you can make the \Seen flag private for the users. ** Simple concept above: each user of the shared mailbox sees "new" mail. One user accessing new mail and marking it as read doesn't mark that message as read for other shared users. You can not do this with mbox file format, only maildir. ** Maildir: Keyword sharing Make sure you don't try to use per-user CONTROL directory. Otherwise dovecot-keywords file doesn't get shared and keyword mapping breaks. Other mailbox formats Currently you can't have any per-user flags with other mailbox formats than Maildir. ** So just to clarify, is it OK to have a maildir account setup on this server for these shared/imap access only accounts along with the mbox accounts already on there? Thanks for the patience and help steve
Re: [Dovecot] Shared mboxes
On 3/5/2012 6:16 PM, Stan Hoeppner wrote: On 3/5/2012 1:30 PM, Steve Campbell wrote: I've been looking at some documentation on shared mail accounts. But I'm getting mixed thoughts on how this can or should be done. I use mbox for all my pop and imap folders since I've converted from a uw-imap server. The first thing that makes me wonder about setup is that I've been told to not use maildir and mbox on the same machine, although I'm not really sure why since it seems this would work OK, but anyway, I'm guessing I should stick with mbox for the shared accounts. Secondly, I'm sure I'd need a namespace to use which ever format, so there's private, public, and shared types. Most of the stuff I'm reading seems to suggest "public" as a type instead of "shared". So what's shared for anyway? I want to use this shared account so that email can be sent to this account, and be shared by only a few people, but I'm reading where locks and such don't work with mbox, so in my mind, how do you avoid corruption and why not just make a normal account and let people hack away at the data? I've not even got to the questions in my mind about how to set up the account, but figured if I could get the above straight, I might be able to fuddle my way through it. Help would be truly appreciated. Start here: http://wiki.dovecot.org/SharedMailboxes That's where most of my questions originated, but thanks for the reply. (Sorry for the first response - I sent it to the poster, not the list). Maybe I'm misunderstanding concepts here and I'm trying to use something I don't need to use. I'm really new to dovecot, and as I learn all the ins and outs, I'm finding a lot of this doesn't seem to be "turning on any light bulbs" until after I've played with it a while. What I've done in the past with the old imap server is to create an account (unix account), so the smtp server puts the mbox (what is referred to as the INbox) in /var/spool/mail. Users who needed to "share" this mailbox would be give the account user name and the password for this account and would add an Imap account to their mail client. This would sometimes cause locking problems or client corruption due to email removals mostly. This is basically a normal, non-shared account. Now that I've moved to dovecot on a new, updated server, I'd like to use the facilities of dovecot for the truly shared accounts. I'm not sure if I need to create the account like before, but seems like I'd have to in order to get the smtp server to deliver new email to /var/spool/mail/%u. As I see it, I've got to create a namespace for shared accounts and configure this on the multiple-user's clients so that when they access the Inbox and imap files under /home/%u/mail, they don't butt heads, so they're some locking involved. I could use acls for this, but don't have to according to the documentation. I can grant permissions to each user that is included in the acl, and I can create dovecot "groups" to use as a basis for this permission. I'm hoping this is pretty much the way it's done, and I want to keep with mbox format for all files and folders. I'm also hoping that this is the way it's supposed to be used, but I get conflicting ideas about what the documentation is really telling me. Anyway, I'll play with this and see where I get. I've still not found out where to create these dovecot "groups" other than it seems to use a userdb file somewhere. Thanks for the help so far steve
[Dovecot] Shared mboxes
I've been looking at some documentation on shared mail accounts. But I'm getting mixed thoughts on how this can or should be done. I use mbox for all my pop and imap folders since I've converted from a uw-imap server. The first thing that makes me wonder about setup is that I've been told to not use maildir and mbox on the same machine, although I'm not really sure why since it seems this would work OK, but anyway, I'm guessing I should stick with mbox for the shared accounts. Secondly, I'm sure I'd need a namespace to use which ever format, so there's private, public, and shared types. Most of the stuff I'm reading seems to suggest "public" as a type instead of "shared". So what's shared for anyway? I want to use this shared account so that email can be sent to this account, and be shared by only a few people, but I'm reading where locks and such don't work with mbox, so in my mind, how do you avoid corruption and why not just make a normal account and let people hack away at the data? I've not even got to the questions in my mind about how to set up the account, but figured if I could get the above straight, I might be able to fuddle my way through it. Help would be truly appreciated. steve campbell
[Dovecot] Multiple namespaces seems to be used at the same time
I've just converted from an old Centos 3 box to a Centos 6.2 box. I've switched from UW-imap to dovecot in the process. In my configurations, I've placed the multiple namespace sections as suggested by the "Backward compatability" part of the wiki. I use mbox since I mostly copied the home directories from the old to the new server. On some of the clients, it appears that the client is using multiple namespaces at the same time. When they view their subscribed folders, they see multiple "mail" folders instead of just the single "mail" folder under their home directory. The .subscription files are more than likely not correct (haven't looked yet, but will fix them as a user calls), but should this ever happen? I'm also sure the client's prefix isn't set since the old system never required it and there are just so many other things that are required right now on this conversion. Speaking of prefixes, I'd like to get the default of "" (nothing entered) to work for the majority of the users to avoid having to add this to the multiple users we have. Hopefully, by going through each user's home directory and copying the old .mailboxlist to a new .subscriptions file and ensuring the imap folders are in ~/mail will do this. Does this sound resonable? Thanks for any help. The learning curve is getting less steep, but it's still a ways off to the top of the hill. steve campbell
Re: [Dovecot] Why is dovecot involved in my smtp process
On 2/23/2012 11:33 AM, /dev/rob0 wrote: On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell wrote: I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization. Now I see where messages are in my maillog of the type: auth: pam_unix(dovecot:auth) : authentication failure Why is dovecot involved in my smtp processes and how do I fix this. I would question that these failures are in fact related to what Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it does not, therefore there is no way that Dovecot could possibly interfere with SMTP AUTH in Sendmail. Why is sendmail using Dovecot sasl when I have the regular sasl set up. If I turn off dovecot, telnet to 587, I get no failures in my logs. If I turn on dovecot and do the same, I get auth failures in my secure file. I've got some very mad users. And you are jumping to conclusions. I suggest that you take this matter to a Sendmail forum. When you do, provide all relevant configuration as well as complete logging to show the problem. No useful help is possible with what you posted here. In other words, don't use sendmail if I use dovecot? The 10-auth.conf file is pretty much stock except for allowing plain text logins. I'm really having problems following the logic here. Seems that postfix and dovecot are the only way to go if I use alternate ports with smtp auth. Is that what everyone is implying? I'll try to see what sendmail guys are saying, but I don't think they'll provide much as long as it involves dovecot. Thanks for the help steve
Re: [Dovecot] Why is dovecot involved in my smtp process
On 2/23/2012 11:23 AM, Peter A. Giessel wrote: I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization. My guess is that your sasl2 configuration is configured to use your imap server to authenticate users. Check your sasl2 software's documentation. You're correct. This server is our smtp, imap, and pop server. All authentication is done there, supposedly through PAM, but dovecot seems to interfere with sendmail's smtp auth processes and overrides what typically was done in a non-interferred way with sasl.
Re: [Dovecot] Why is dovecot involved in my smtp process
On 2/23/2012 10:47 AM, Charles Marcus wrote: On 2012-02-23 10:16 AM, Steve Campbell wrote: Why is dovecot involved in my smtp processes Because you told it to? Where did I tell it to do this. and how do I fix this. Depends on what your intent is - what MTA you use - how it is configured - etc... Sendmail - pretty much default except I'm trying to use port submission (587). I've got some very mad users. Don't make changes to an existing and/or go live with a new system without properly testing? Unfortunately, switching over to a new server didn't show me most of the problems until after it had run a while. Dovecot is probably a great application, but the wiki sucks when you run sendmail, the help files are a little vague and run me around in circles. I postponed (actually move the server back to the old server) for a week to fix the problems I ran into upon first putting it into server. After fixing those, it was only later that the last batch of problems showed up. You right that I should have tested more, but that's not what I need to be hearing right now. Most of my conversions go without problems and I've been doing this for quite a few years (decades). The 10-auth.conf file is pretty much stock except for allowing plain text logins. This file is irrelevant unless you have your MTA configured to use dovecot-sasl... dovecot only *assists* an MTA in authenticating, it isn't an MTA. My sendmail configs don't even list dovecot. steve
Re: [Dovecot] Why is dovecot involved in my smtp process
On 2/23/2012 10:30 AM, Adam Szpakowski wrote: On 23.02.2012 16:16, Steve Campbell wrote: I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization. Now I see where messages are in my maillog of the type: auth: pam_unix(dovecot:auth) : authentication failure Why is dovecot involved in my smtp processes and how do I fix this. I've got some very mad users. The 10-auth.conf file is pretty much stock except for allowing plain text logins. Dovecot can be used as authentication source. It has its own implementation of SASL library which can be used instead of Cyrus SASL implementation. In Dovecot2 the config for auth is in 10-master.conf, service "auth". Please see: for dovecot 1.x: http://wiki.dovecot.org/Sasl for dovecot 2.x: http://wiki2.dovecot.org/Sasl on the postfix side: http://www.postfix.org/SASL_README.html#server_dovecot That's all great, but what about sendmail. What should my pam.d/dovecot file look like, what should my dovecot.conf file look like, all this just runs me around in circles. Thanks for the pointers, but I've been over that a million times and nothing seems to work. steve
[Dovecot] Why is dovecot involved in my smtp process
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization. Now I see where messages are in my maillog of the type: auth: pam_unix(dovecot:auth) : authentication failure Why is dovecot involved in my smtp processes and how do I fix this. I've got some very mad users. The 10-auth.conf file is pretty much stock except for allowing plain text logins. steve campbell
Re: [Dovecot] Questions still about a uw-imap -> dovecot conversion
Quoting Joseph Tam : > > Steve Campbell writes: > > > > This was piped into a script that Email'd users about the changes > > > that was going to happen, what they would expect to see, and a > > > FAQ on how to set up a mail client correctly. > > > > Here, I'm not sure what should be done. The users with the secondary > > folders that are not in ~/mail can't seem to get the client configured. > > "Great artists steal". Google around for a good set of instructions > on how to set up IMAP prefix's for various mail clients, and refer > your users to that. This conversion to dovecot has been a real learning experience for me. The old stuff that came with Centos 3 just worked out of the box. I never realized how much could be modified. It was always there, I just never needed it. > > I also referred them to our webmail (with the correct mail prefix) as a > reference to a list of mailboxes they ought to see. If they don't match, > then that's a symptom of a bad prefix. Our web mail, Imp, seems to be doing fine now that all of the mboxes have been moved to ~/mail. > > > I've tried this and modified the .mailboxlist, but I'm thinking Dovecot > > is ignoring this and I'm not sure what it's looking at to determine the > > imap folders. > > > > > - .subscription files were moved into the mail folder > > > (don't have to edit prefixes since the aliasing > > > will take care of that). > > > > And when would these .subscription files be created? The first time the > > folders would be accessed, or when? This seems to be part of my fix that > > I'm getting lost on. > > Sorry, as Timo intimated, dovecot uses .subscription, which can > be adjusted back to .mailboxlist, which uw-imapd uses. You shouldn't > have to edit it if you set up namespace aliasing. Just move it from > the top-level into your user's mail directory during cutover: > > (if you use dovecot's default subscription filename) > mv $USER/.mailboxlist $USER/mail/.subscription > > If your IMAP client is still ignoring subscriptions, it usually > means the client was configured that way. > > > > - your setup is fairly close to mine, so you may also run into > > > the problem of user having mailboxes with group ownership that > > > users are not part of (for example, group "mail" for INBOX set > > > by your LDA or personal mailboxes with groups the user is no > > > longer a member of) *and* with group permission not mode=0. > > > > Sendmail sort of requires the "mail" group, does it not? I'll take a > > look and see if all users are part of this or not. A crazy solution > > would be in order here? > > I think sendmail works fine if you set your mail spool mode=1777 (like > /tmp), but have each inbox mode=0600. This setting will persist. > > It's sendmail LDA mail.local that's the problem: it autocreates new > inboxes with permissions user:mail/660 and unless the user is in group > "mail", chaos will ensue. > So far, all things seem OK in this area. No complaints are being forwarded. > You can maybe do a cron script or some other hack, or better yet, > use dovecot LDA, which sets up the perms correctly (and keeps indexes > updated). A one time "chmod go-rwx" during cutover is all that is > required then. > > The log entry that points this problem out looks like > > dovecot: imap(smith): Error: chown(/dc-cache/smith/.imap/xx, > group=6(mail)) > failed: Operation not permitted (egid=5678(goodgroup), group based on > /home/smith/mail/xx - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm) > dovecot: imap(smith): Error: mkdir(/dc-cache/smith/.imap/xx) failed: Not > owner > > Joseph Tam For now, it looks like the only problem I'm seeing is that one user who uses Outlook Express that has a pop account for one email account and an imap account for another email account is having problems with the "Sent" folder. When she sends an email using the imap account, the "Sent" copy goes into the pop account's sent item folder. When using webmail, the sent copy goes into the sent-mail file as it's supposed to. I'm guessing for now that that google you suggested might point me to a fix for that. Thanks all for all the great help. Shared accounts are next, so wish me luck. steve > - This mail sent through IMP: http://horde.org/imp/
Re: [Dovecot] Questions still about a uw-imap -> dovecot conversion
On 2/20/2012 7:25 PM, Joseph Tam wrote: Steve Campbell wrote: The more I read about all of this, the more I'm thinking about moving to maildir format. My switchover this weekend is full of holes due to the way user's imap folders were laid out. Some had folders in their home directory and others might have folders in their /home/mail directory. I had the same problem, and handled it more or less the same way as the later poster (Jim Lawson ) handled his site. I retained use of mbox format as well. I planned the migration like this - scan user home directories for mailboxes (especially "Trash", "Drafts", "Sent", etc.) looking for "From " as the first 5 bytes. This was piped into a script that Email'd users about the changes that was going to happen, what they would expect to see, and a FAQ on how to set up a mail client correctly. Here, I'm not sure what should be done. The users with the secondary folders that are not in ~/mail can't seem to get the client configured. - during the cutover, - mailboxes left on the home directory were moved to ~/mail, or renamed (e.g. "Sent" -> "00Sent" to avoid name collision for users that had a mixture of correct and blank prefixes. I've tried this and modified the .mailboxlist, but I'm thinking Dovecot is ignoring this and I'm not sure what it's looking at to determine the imap folders. (I think I deleted "Trash", "Junk", etc. anyways). - Namespace aliasing was used so that prefixes "", "mail", "~/mail", and whatever darn fool settings my users used, would map to the same directory. - .subscription files were moved into the mail folder (don't have to edit prefixes since the aliasing will take care of that). And when would these .subscription files be created? The first time the folders would be accessed, or when? This seems to be part of my fix that I'm getting lost on. - depending on what POP3 client you used (I used qpopper), you may need to configure pop3_reuse_xuidl = yes to avoid a massive re-downloading from POP3 clients after cutover. - the mail clients I control centrally (e.g. webmail, public server mail clients, etc). shouldn't need updating since they ought to have been set up properly in the first place. - after cutover, a second notification was sent for users that didn't move their mailboxes the first time around, and was it done for them during migration. And of course, test like crazy and watch the logs like a hawk. Other gotcha's: - your setup is fairly close to mine, so you may also run into the problem of user having mailboxes with group ownership that users are not part of (for example, group "mail" for INBOX set by your LDA or personal mailboxes with groups the user is no longer a member of) *and* with group permission not mode=0. Sendmail sort of requires the "mail" group, does it not? I'll take a look and see if all users are part of this or not. A crazy solution would be in order here? You'll have to treat these (set mode=0, or change the group to something the user is part of), or the dovecot index creation will fail and they won't be able to access their mailboxes. I think my migration went pretty smoothly. Less than a handful of wazzup' Email problem reports. Except for those users with the different folder locations, it seems that all is going pretty well. Maybe they're just not notifying me yet, though. Joseph Tam Thanks steve
Re: [Dovecot] Questions still about a uw-imap -> dovecot conversion
On 2/20/2012 4:58 PM, Jim Lawson wrote:
On 2/20/12 3:36 PM, Steve Campbell wrote:
Thanks for that input. I still think I'm missing something since I
too used the compatibility link that you pointed to. Only thing is
that proceeding those namespaces, I used the first example of:
namespace {
type = private
separator = /
prefix = "#mbox/"
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace {
type = private
separator = /
prefix =
location = maildir:~/mail
}
This seemed to get the ball rolling so that users could access
anything at all. I still have the problem of client imap folders
being different from webmail imap folders. That's pretty much why I'm
thinking of using mbox as the INBOX and all other imap folders in the
~/mail directory in maildir format.
You ought to be able to get webmail to see the same folders as the
imap clients.
Should I remove the first two namespaces, in your opinion? Right now,
the whole thing is kind of fragile.
From your added namespaces, it looks like you are trying to support
mbox and maildir and ~/mail at the same time. Do you already have
maildir folders to support? If not, I would try to get things working
well with mbox first before I started a conversion to maildir. I
would also ask why you're thinking of moving to maildir. Yes, there
are caching benefits, but when you add the Dovecot indexing on top of
mbox, it's pretty much a wash. If you are using file-level backup,
rather than some sort of snapshot technology, maildir will be much,
much slower to back up. Your system will spend all its time walking
directories, opening and closing files. If you don't have many users
to worry about it might be OK, but make sure it's worth it. A lot of
sites went to maildir in the 1998-2004 era and have regretted the
decision as their systems get overloaded with files and they can't
back them up.
No, I've got all mbox formats. Previous posts probably suggested that I
wanted to move to maildir, but all of the replies I've received have
convinced me that I do not want to do that. The folders in ~ and ~/mail
are mboxes, so I need to see what damage I've done with a maildir
namespace. The maildir reference could be part of the problems I'm seeing.
I'm still not sure whether I should be seeing .subscriptions or
mail/subscriptions anywhere and whether Dovecot will use the
.mailboxlist that exists. The wiki suggests that I need to recompile
Dovecot to continue using .mailboxlist. This is something I don't want
to do.
Horde/Imp updates are probably out of the question until I can get a
server to install the upgrade on.
For Dovecot and IMP both, you should set up an alternate server to
test out your config changes on before you put them into production.
If you are running on a bare metal single server, set up another
Dovecot instance on a different set of ports (I commonly use 20143
(imap), 20993 (imaps), 20110 (pop3)) which you can fiddle with
freely. Once you are satisfied with the result in your various
clients, put it into production. You can do the same with Horde/IMP
by putting an installation in a different location on your webserver.
Jim
I've got a second server that is totally independent of the one I'm
messing with. I've done the horde/imp alternate port/config. It all went
well. The downside is that I didn't realize those secondary folders in
~/mail were being hidden. Kinda late to switch back, but the secondary
server supports another domain, so I have it to test with.
Again, the damage I've caused to those secondary imap folders needs to
be determined to get this fixed properly. Most users are seing the
secondary folders and can use them. It's just those users who have
folders in ~ that are seeing problems as far as I can tell.
Thanks
steve
Re: [Dovecot] Questions still about a uw-imap -> dovecot conversion
On 2/20/2012 1:28 PM, Charles Marcus wrote: On 2012-02-20 1:10 PM, Steve Campbell wrote: Our webmail is configured to read the inbox from /var/spool/mail and their imap folders from /home or /home/mail. I can't help with your specific problem, but I do know that having mail stored directly in /home will cause problems - you will need to fix that. That was a type. It was supposed to be ~ (user's home) or ~/mail. Thanks anyway for pointing this out. steve
[Dovecot] Questions still about a uw-imap -> dovecot conversion
The more I read about all of this, the more I'm thinking about moving to maildir format. My switchover this weekend is full of holes due to the way user's imap folders were laid out. Some had folders in their home directory and others might have folders in their /home/mail directory. Some how, Horde/Imp seemed to keep track of it. Dovecot is not doing so well. I've been reading about the conversion technique to convert to maildir, but I'm wondering if I can do this based on the way our users are set up. Most are pop accounts. Our webmail is configured to read the inbox from /var/spool/mail and their imap folders from /home or /home/mail. Some have imap accounts on their desktop defined through their mail client. RH/Centos seems to want me to switch to postfix since most of the documentation I find doesn't mention Sendmail. My filesystem is laid out to handle Inboxes in /var/spool/mail and imap folders in /home(/mail) and these aren't logical volumes but true partitions, so I've got to consider this as I make any changes. I also run pop using dovecot, so I'll need to figure all this out. I've read the technique linked to on the dovecot site that points to "Replacing UW-IMAP with Dovecot on RHEL 3" written back in 2004, and that's about the only real pointers I'm finding. I don't want to have to go around to each machine and change their clients to IMAP.. Anyone care to comment on anything similar they've done and how many pitfalls they ran into and what they were? steve campbell
Re: [Dovecot] I'm confused about my namespace parms
Quoting "Julio C. Ortega" :
> El 18/02/12 12:34, Steve Campbell escribió:
> > Hi,
> >
> > I'm new to the list and to dovecot. I'm having a strange situation that
> provides
> > no errors, so I'm having a little problem diagnosing what's going on.
> >
> > I've been running a Centos 3 mail server with sendmail for our company for
> quite
> > a few years. I finally got approval for new servers this year and put
> Centos 6.2
> > on it. I'm sticking with sendmail, but that's not important.
> >
> > Up to this point, I've got all working fairly well. I've found that if I
> > configure dovecot to use the mixed format (pop and imap INBOX in
> > /var/spool/mail, Imap folders in /home/user/mail, two namespaces) as in
> the
> > examples for "namespace", most works fine. Anyone who has used imap
> previously
> > on our old system and work as if nothing has changed. Anyone who has never
> used
> > Imap before can't seem to access the server using our webmail app
> (Horde/Imp).
> > Dovecot is providing both pop and imap. An account that is set up from a
> normal
> > mail client as imap has no problems as well.
> >
> > Sendmail is set up to create a new user in the /var/spool/mail folder. When
> I
> > moved from the old server to the new server, I copied /home and
> /var/spool/mail
> > to the new server - in other words, I kept the same scheme.
> >
> > There are no errors in the maillog, and it indicates that the user is
> getting
> > logged in and out, but the return to Horde is that the user entered the
> wrong
> > name or password. I'm thinking that this is probably due to how dovecot is
> > trying to look for the imap folders, but the lack or any errors makes it a
> > little difficult to diagnose.
> >
>
> Looks like a Mail Directory seek problem. what's your mail_location set
> up to?, also, does this location exist for that NEW user on it's first
> login?
>
>
> --
> --
> Julio C. Ortega - VaSLibre
> Usuario GNU/Linux
> Valencia - Venezuela
>
>
>
My 10-mail.conf has the following:
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
and my namespaces are as follows:
namespace {
type = private
separator = /
prefix = "#mbox/"
location = mbox:~/mail:INBOX=/var/mail/%u
inbox = yes
hidden = yes
list = no
}
namespace {
type = private
separator = /
prefix =
location = maildir:~/mail
}
As I stated, I need to brush up on what all this really means. So far, reading
the documentation has cleared up much for me. I'm sure it'll make sense later,
but for now, I'm a little hazy.
This machine was tested last weekend, and I had problems with reading any email.
I'm using the examples found in the wiki and the above worked. Our old server is
so anemic that we're getting delays of multiple hours for delivery after the
server accepts it, so this weekend, I left the new server up and running.
Thanks for any help and the replies.
steve
>
-
This mail sent through IMP: http://horde.org/imp/
[Dovecot] I'm confused about my namespace parms
Hi, I'm new to the list and to dovecot. I'm having a strange situation that provides no errors, so I'm having a little problem diagnosing what's going on. I've been running a Centos 3 mail server with sendmail for our company for quite a few years. I finally got approval for new servers this year and put Centos 6.2 on it. I'm sticking with sendmail, but that's not important. Up to this point, I've got all working fairly well. I've found that if I configure dovecot to use the mixed format (pop and imap INBOX in /var/spool/mail, Imap folders in /home/user/mail, two namespaces) as in the examples for "namespace", most works fine. Anyone who has used imap previously on our old system and work as if nothing has changed. Anyone who has never used Imap before can't seem to access the server using our webmail app (Horde/Imp). Dovecot is providing both pop and imap. An account that is set up from a normal mail client as imap has no problems as well. Sendmail is set up to create a new user in the /var/spool/mail folder. When I moved from the old server to the new server, I copied /home and /var/spool/mail to the new server - in other words, I kept the same scheme. There are no errors in the maillog, and it indicates that the user is getting logged in and out, but the return to Horde is that the user entered the wrong name or password. I'm thinking that this is probably due to how dovecot is trying to look for the imap folders, but the lack or any errors makes it a little difficult to diagnose. I'm fairly certain that what was installed on the old server was UW-Imap and was provided by the imap-2002 rpm. I tried using the examples for UW-Imap compatability but that didn't work at all. I haven't been able to figure out what's different about the old imap folder contents and what's missing in the newly created imap folders to allow Horde to access this account. I'll look at the Horde config to see if anything is there, but I'm cautious about changing anything that might break the current users' ability. Most of the accounts are set up as POP with the ability to see what's left on the server using Horde, webmail, and IMAP. Any help in tracing this down would really help. I think my biggest problem is I don't understand the "namespace" parameter as well as I should. So there it is. It seems I've got at least 3 areas to concentrate on. Steve Campbell - This mail sent through IMP: http://horde.org/imp/
