from:"Tobias"

> My educated guess is, yes this is a KMail issue.

Okay, thanks :-) I'll file a bug report there.

Am Montag, 5. Juli 2021, 21:30:54 CEST schrieb dove...@ptld.com:
> > On 07-05-2021 2:04 pm, Tobias Leupold wrote:
> > 
> > When I delete a sieve script via the managesieve interface of KMail, I
> > would
> > expect that this script is removed from the USER.sieve script so that
> > it's no
> > longer included and not run anymore. Then, it should be deleted.
> 
> As far as sieve is concerned, USER.sieve is the script, still exist and
> is still active.
> 
> Sounds like all you have done is removed a required component of the
> script being an include file. Sieve doesn't know this, all it knows is
> USER.sieve is the script, and its active, so it runs it, which fails
> cause as you know, missing an include file.
> 
> The issue is that you have a corrupted sieve script (USER.sieve). I
> would not consider this a sieve issue. I would consider this a poor
> design by the makers of whatever control panel you using to update your
> includes as it should rebuild the script after making such changes. I
> think your language choice could be confusing, you aren't deleting "a
> script". You are deleting an include file for "the script" being
> USER.sieve.
>

Re: Deleting an active sieve script leaves sieve unfunctional

Okay, I'll try to explain it better ;-)

What I would expect is:

When I delete a sieve script via the managesieve interface of KMail, I would 
expect that this script is removed from the USER.sieve script so that it's no 
longer included and not run anymore. Then, it should be deleted.

What happens is:

The script is deleted, but USER.sieve is unchanged and still tries to include 
it. This leads to a compile error when the next filtering is done.

IMO this simply should not happen: After deleting a script, sieve should 
simply continue to work -- without the script. But what I actually have to do 
is that I disable the script, so that USER.sieve doesn't include it anymore 
and then delete it.

So the question is if KMail should do this automatically (and thus it's a 
KMail bug) or if Dovecot doesn't act properly (and thus it's a Dovecot bug) -- 
or if this is a config issue caused by me not being able to setup dovecot 
properly :-D

I simply think that deleting a sieve script via a managesieve interface should 
not make the filtering crash and make it necessary to fix this manually ...

Am Montag, 5. Juli 2021, 19:45:37 CEST schrieb dove...@ptld.com:
> > On 07-05-2021 1:34 pm, Tobias Leupold wrote:
> >> Yes, that is the one im talking about: active-script.sieve
> >> Just remove that symlink and sieve will be disabled for that user and
> >> you shouldn't have any errors.
> > 
> > Yeah, of course I won't -- but sieve filtering won't work as well
> > without the
> > symlink ...
> 
> Maybe im misunderstanding what answer you are looking for.
> Ofcourse sieve wont work without the symlink, that's the point. That is
> how you disable it. To prevent errors generated by a missing / corrupt
> script.
> 
> Then when you want to use sieve again, create a proper script and enable
> it, which will autocreate the symlink again.

Re: Deleting an active sieve script leaves sieve unfunctional

> Yes, that is the one im talking about: active-script.sieve
> Just remove that symlink and sieve will be disabled for that user and
> you shouldn't have any errors.

Yeah, of course I won't -- but sieve filtering won't work as well without the 
symlink ...

Am Montag, 5. Juli 2021, 19:27:50 CEST schrieb dove...@ptld.com:
> > On 07-05-2021 1:04 pm, Tobias Leupold wrote:
> > There's no symlink pointing to that very script. I have virtual users,
> > so I
> > keep the respective sieve scripts in /srv/sieve/user@domain/.
> > 
> > Such a directory looks like that:
> > active-script.sieve -> USER.sieve
> > USER.sieve
> > some-script.sieve
> > some-other-script.sieve
>

Re: Deleting an active sieve script leaves sieve unfunctional

There's no symlink pointing to that very script. I have virtual users, so I
keep the respective sieve scripts in /srv/sieve/user@domain/.

Such a directory looks like that:

active-script.sieve -> USER.sieve
USER.sieve
some-script.sieve
some-other-script.sieve
...

Where USER.sieve is the generated file which includes the activated scripts:

# USER Management Script
#
# This script includes the various active sieve scripts
# it is AUTOMATICALLY GENERATED. DO NOT EDIT MANUALLY!
#
# For more information, see http://wiki.kolab.org/KEP:14#USER
#

require ["include"];

include :personal "some-script";
include :personal "some-other-script";

Am Montag, 5. Juli 2021, 18:46:30 CEST schrieb dove...@ptld.com:
> > On 07-05-2021 10:29 am, Tobias Leupold wrote:
> >
> > So, to avoid this, one has to FIRST deactivate the respectice script,
> > so that
> > USER.sieve is updated and THEN delete the script. Or to manually fix
> > USER.sieve on the server, which is surely not what's intended.
>
> Curious, can you also fix the situation by just removing the symlink
> pointing to the non existent script?

Re: Deleting an active sieve script leaves sieve unfunctional

Well, my workaround for KMail is to simply disable the script to delete before 
deleting it. This way, it's removed from the auto-generated USER.sieve (where 
active-script.sieve points to) and it's no problem when the file is actually 
deleted.

Question is if KMail should do this automatically, or if Dovecot should remove 
a script to delete from USER.sieve before deleting it. Or if I did something 
wrong configuring Dovecot ;-)

Am Montag, 5. Juli 2021, 18:58:15 CEST schrieb Benny Pedersen:
> On 2021-07-05 16:29, Tobias Leupold wrote:
> > So the question is now: Is this a KMail bug, a Doveceot bug, or is the
> > server
> > misconfigured?!
> 
> in roundcube one would create another filter-set, with no filter-rules
> in, then one set the filter-set with no rules in to be default, this
> will disable sieve, reason is that it must always be atleast one
> filter-set active, but its not required to have rules in a filter set
> 
> hope this works

Re: Deleting an active sieve script leaves sieve unfunctional

There's no symlink pointing to that very script. I have virtual users, so I 
keep the respective sieve scripts in /srv/sieve/user@domain/.

Such a directory looks like that:

active-script.sieve -> USER.sieve
USER.sieve
some-script.sieve
some-other-script.sieve
...

Where USER.sieve is the generated file which includes the activated scripts:

# USER Management Script
#
# This script includes the various active sieve scripts
# it is AUTOMATICALLY GENERATED. DO NOT EDIT MANUALLY!
# 
# For more information, see http://wiki.kolab.org/KEP:14#USER
#

require ["include"];

include :personal "some-script";
include :personal "some-other-script";

Am Montag, 5. Juli 2021, 18:46:30 CEST schrieb dove...@ptld.com:
> > On 07-05-2021 10:29 am, Tobias Leupold wrote:
> > 
> > So, to avoid this, one has to FIRST deactivate the respectice script,
> > so that
> > USER.sieve is updated and THEN delete the script. Or to manually fix
> > USER.sieve on the server, which is surely not what's intended.
> 
> Curious, can you also fix the situation by just removing the symlink
> pointing to the non existent script?

Deleting an active sieve script leaves sieve unfunctional


Dear devs,

I noticed this using Dovecot 2.3.7.2, set up on a newly created Ubuntu 
20.04

server.

If I delete a sieve script via KMail's managesieve interface, and the 
script

is active, it leaves sieve unfunctional afterwards.

What's happening is this:

Dovecot creates a USER.sieve script containing all active scripts, e. g.:

   require ["include"];
   
   include :personal "some-script";

   include :personal "some-other-script";

Now if I delete "some-script", it's actually deleted, but USER.sieve is not
updated (and still contains 'include :personal "some-script";').

So next time an email is filtered, this happens:

mail log:

   Jul  5 15:20:01 server dovecot: lda(user@domain)<123456>
   : sieve: Failed to compile script 
   `/srv/sieve/user@domain/active-script.sieve' (view user logfile 
   `/srv/sieve/user@domain/active-script.sieve.log' for more information)


active-script.sieve.log:

   sieve: info: started log at Jul 05 14:57:54.
   USER: line 12: error: included personal script 'some_script' does not
   exist.
   USER: error: validation failed.

So, to avoid this, one has to FIRST deactivate the respectice script, so 
that

USER.sieve is updated and THEN delete the script. Or to manually fix
USER.sieve on the server, which is surely not what's intended.

So the question is now: Is this a KMail bug, a Doveceot bug, or is the 
server

misconfigured?!

Thanks for all help!

Cheers, Tobias

Re: Shared mailboxes, users with dots and a bug in subscriptions

2021-01-28 Thread Tobias Stein

Hi Aki,

Thanks for your prompt reply! :-)
And because i classically forgot to attach
the dovecot-sysreport, i'll deliver it now. :-)


Yes, you're right. Setting :LAYOUT=fs would be a workaround.
I'd also have to migrate every
single mailbox to the new hierarchical layout.
The hierarchical separator list->sep would
indeed change to „/‟ and the subscriptions
would be split differently.

Please correct me when i'm wrong, but
the namespace/separator would have to be changed too,
to prevent splitting on another "wrong" position.
The current
shared/root@example com/testsubtest
would become to
shared  r...@example.comtestsubtest.
Which is also wrong because there is no user shared.
So the namespace separator could be set to again something
different (from „auth_username_chars‟ + "/+")
like „^°!§%&=?;:#¹²³‟ which all would be ugly.
And with namespace/sep set to „°‟ leading to the form
shared°r...@example.com°testsubtest.

But this would not resolve the actual bug, that subscriptions
are not split and persisted correctly.
In the end i would just be forced to use :LAYOUT=fs
to mitigate the bug, even if i like the flat layout. :-)

I think there should be a default, which is valid
for a common deployment with all features working.
Maildir++ for sure is a great choice for this,
but the implementation has a flaw:
a hard-coded „separator‟, which collides with
the DNS label delimiter, when storing subscriptions.


Best Regards
Tobias

dovecot-sysreport-mx1-1611828216.tar.gz
Description: application/compressed-tar

Shared mailboxes, users with dots and a bug in subscriptions

2021-01-28 Thread Tobias Stein

Hi,

i'm running Dovecot 2.3.14.alpha0 with shared namespaces
and stumbled across some errors messages logged,
when the list of subscribed mailboxes is queried by a client.
For every distinct account of in the list of subscriptions
two corresponding lines are logged:

Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: 
/etc/dovecot/private/example/users
Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: 
/etc/dovecot/private/example/users
Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: 
/etc/dovecot/private/example/users
Jan 28 11:42:36 mx1 dovecot: 
imap(example_u...@example.com)<3638>: Error: 
mkdir(/var/run/dovecot/user-not-found/noc@example) failed: Permission denied 
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned 
by 0:0 mode=0755)
Jan 28 11:42:36 mx1 dovecot: 
imap(example_u...@example.com)<3638>: Error: 
mkdir(/var/run/dovecot/user-not-found/info@example) failed: Permission denied 
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned 
by 0:0 mode=0755)
Jan 28 11:42:36 mx1 dovecot: 
imap(example_u...@example.com)<3638>: Error: 
mkdir(/var/run/dovecot/user-not-found/root@example) failed: Permission denied 
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned 
by 0:0 mode=0755)

Similar messages are logged,
when invalid entries are listed in '/var/lib/dovecot/db/shared-mailboxes',
which i already pruned and haven't received them anymore since.

I think these errors are caused by an unintended behaviour
when writing "~/Maildir/subscriptions",
which looks (shortened) like this.

V   2

INBOX/INBOX
shared/noc@example  com/INBOX
shared/info@example com/INBOX
shared/root@example com/test
shared/root@example com/testtest_sub

The subscription-file.c
explodes the name on every hierarchy separator ('.','\0') and
inserts a TAB character. Unfortunately it also explodes on
the DNS label delimiter „.‟. This should probably be fixed
by passing a structure containing the required information
to the formatter to distinguish mailboxes from domain-names.

Subscription in combination with multiple domains and
shared mailboxes seems broken to me. Actually i can't even explain to me,
why it is working in face of the errors. :-)


Unfortunately in Maildir++ the separator dot is hard-coded.

There is a very old thread on this mailing list,
that suggests using „auth_username_translation‟
to replace dots with a different character,
but this idea is getting worse the longer i think about it.

I absolutely dislike the idea to set LAYOUT=fs,
namespace/separator = § to change the separators
to split on, because this would mean to restructure the
physical layout of all mailboxes (hierarchically) and
mess around with lots of files.


I attached a dovecot-sysreport to reproduce the behaviour.

/etc/dovecot/private/example.com/users looks like this:
###user:password:uid:gid:(gecos):home:(shell):extra_fields
noc:{SSHA512}_hash_::
info:{SSHA512}_hash_::
root:{SSHA512}_hash_::

Please correct me if i'm wrong or
point me to a workaround,
but i think the layout code needs some love. :-)


Best regards
Tobias

Re: Packages for CentOS 8

2020-06-01 Thread Tobias Kirchhofer


On 1 Jun 2020, at 17:02, Peter wrote:


On 2/06/20 1:49 am, Aki Tuomi wrote:
we are still waiting for CentOS 8 Repo for current Dovecot version 
from
here https://repo.dovecot.org/. Do you have an idea when it will 
come?

Who does it maintain? Is it the Dovecot team?

Thanks,

Tobias


Yes, it's maintained by us. We are working on it and hopefully we are 
able to publish next release for CentOS8. There are unfortunately 
some package dependency issues which are not yet fixed in CentOS8, so 
let's hope those are fixed before we do our release.


Aki: If you're talking about quota-devel it has been available now 
from CentOS in the Devel repo for a while.  If you're talking about 
tcp_wrappers-devel, that is not available and I don't think it ever 
will be because CentOS 8 has obsoleted tcp wrappers.  I have simply 
disabled tcp wrappers functionality in my GhettoForge build.  I'm not 
aware of any other missing dependencies.


Tobias: You are more than welcome to use the packages from GhettoForge 
which are now in the gf-plus repo.  I would love to hear feedback if 
you have any issues with them.


We will have a look at gf-plus, thank you!

Tobias

Re: Packages for CentOS 8

2020-06-01 Thread Tobias Kirchhofer


Hi Peter,

On 9 Apr 2020, at 12:53, Peter wrote:

I've now successfully built Dovecot packages for CentOS 8 that do not 
have the quota support stripped out.  I was able to do this because 
CentOS has now finally shipped the quota-devel package as well as the 
other -devel packages that were previously missing from CentOS 8.


For those of you who are interested they are in the GhettoForge 
Testing repo for el8 at:

http://mirror.ghettoforge.org/distributions/gf/el/8/testing/x86_64/

These are untested so let me know if anyone experiences any issues 
with them.


we are still waiting for CentOS 8 Repo for current Dovecot version from 
here https://repo.dovecot.org/. Do you have an idea when it will come? 
Who does it maintain? Is it the Dovecot team?


Thanks,

Tobias

Re: shared folder name or public folder with mail address

2020-02-16 Thread Tobias Kirchhofer


On 15 Feb 2020, at 19:04, Armin Schindler wrote:


The shared and public folders need of course the
 anyone post
right to let fileinto work.


Or you have a special „list user“ which has the appropriate 
permissions - depends all on the use case.



Now it works. Thank you Tobias.


Well done! :)

--
collect@shift.agency

Re: shared folder name or public folder with mail address


On 15 Feb 2020, at 12:27, Armin Schindler wrote:


On 15.02.2020 12:16, Tobias Kirchhofer wrote:
...

the sieve part seems to be very tricky.
My test is now working with a public folder and I have a
"sieve_before" script in place which works for rules of the
private namespace.

But when the rule shall "fileinto" a public folder, the mail 
isn't

filtered (moved) and syslog says
dovecot: lmtp(.): Error ... sieve...: Mailbox doesn't exist.

After some tests I found out it always looks in the private (or 
shared)

namespace for that specfied folder.
Do I miss a config option to let dovecot sieve "fileinto" a 
public

namespace folder?
I use dovecot version 2.2.13.

We „fileinto“ in this manner :

|fileinto „Namespace/folder“; |


This is what is not working for me.

Your procedure below is good and maybe I will use parts of it, thank
you. But this part is working for already. The incoming mail
is sent to dovecot (postfix virtual alias working) and the
match in sieve script is correct too.
The problem is that dovecot (sieve) refuses to
 fileinto "Namespace/folder"
because it seems it wants to store the mail
in private namespace with "folder1/folder2" instead.
The first part of the fileinto path isn't used as
namespace name.
Is there a config option for this behaviour?


Maybe you are missing an include?

We have:

```
require "fileinto";
require "mailbox";
require "envelope";
require "subaddress";
require "variables";
require "regex";
require "editheader";
require "include";

```

In dovecot.conf* i found no directly related settings. Just the usual 
sieve settings explained here 
https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration


Can you see the Public namespace and the folder in your MUA or via 
telnet?


Are you sure the ACL are correct? Can be that the error message 
„Mailbox doesn't exist“ is misleading and the permissions are not 
correct.


Here you can see how to debug if not already 
https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration#Trace_Debugging





Armin


The procedure in our setup is like this:

 1. Virtual alias for each public-Folder email address within 
postfix:


Pattern:
fol...@domain.tld <mailto:fol...@domain.tld>
listadm+Namespace/fol...@domain.tld <mailto:fol...@domain.tld>
Example:
i...@domain.tld <mailto:i...@domain.tld>
listadm+Verteiler/i...@domain.tld <mailto:i...@domain.tld>

Verteiler is the namespace, info the mailbox. listadm is a pseudo 
user
in this context which holds the ACL for fileinto the resulting 
mailbox

with proper permissions.

 2. Disassemble the virtual alias address with sieve:

Excerpt of the script. It is actually more code because we sort out 
spam

for public folder. German comments, sorry.

|# Hat Subadresse? if envelope :matches :detail "to" "*" { #
Adressaufbau: listadm+Namespace/liste@ # ${liste} wird Namespace/box 
set

"liste" "${1}"; } […] fileinto "${liste}"; |

I can send you the whole script if you need.



--
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.


On 14 Feb 2020, at 10:59, Peter wrote:


On 14/02/20 10:10 pm, Tobias Kirchhofer wrote:
would it be useful/advisable to use this repo for productive 
operation?


An official repo is still not available for CentOS 8 
https://repo.dovecot.org/


We would like to set up our new mail server on CentOS 8 and are 
waiting… :)


What is your advice?


As others have mentioned there are missing -devel packages in CentOS 
8, which is because there are missing -devel packages in RHEL 8, most 
notably in this case is quota-devel.  tcp wrappers is also missing but 
that's because they are deprecated in CentOS 8 so building without tcp 
wrapper support is not a big deal, but I would assume that a lot of 
people will want quota support, so I wouldn't want to build a dovecot 
package without it.


Personally I'm trying to get the GhettoForge build system modified so 
it can get missing -devel packages by rebuilding the source rpms for 
them, this is a work in progress.  There is also work on the CentOS 
side to build and offer up the missing -devel packages.  At the end of 
the day nobody will be able to build decent dovecot packages until one 
of these things happens.


For now you can use the stock dovecot 2.2.36 that comes with CentOS or 
you can wait.  CentOS and Red Hat have not made this easy so it is 
going to take time.


Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest 
Dovecot. Don’t know yet if we rely on features from the latest 
version. Will see. Thank you.


Also on a personal note, I think that pushing out any production 
server on CentOS 8 at this time is premature.  CentOS 8 simply is not 
ready yet, imo.


We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, 
MariaDB, Node.js. No problems so far. Cross your fingers! :-)




Peter



--
collect@shift.agency

Re: shared folder name or public folder with mail address


On 15 Feb 2020, at 10:43, Armin Schindler wrote:


On 14.02.2020 11:44, Tobias Kirchhofer wrote:

On 14 Feb 2020, at 11:06, Armin Schindler wrote:

...


The sorting in the according public folder happens in a global sieve
script before user scripts are fireing. It is combined with the 
‚+‘
notation in postfix for sub addresses and an special ‚listadm‘ 
user


postfix:
|
listadm+Verteiler/info@$DOMAIN
|

The sieve script is then reading the generated address and delivers 
it
into the according public folder. We learned a lot about sieve 
scripting

with this task :-)

|sieve_before = /var/vmail/sieve/global/global-before.sieve […] |

More details would be to much here.

To be honest, we needed some time to get it done properly. It is a
combination of features and A LOT OF testing and analysing the 
behaviour

of postfix/dovecot/public-folder/sieve/acl.


the sieve part seems to be very tricky.
My test is now working with a public folder and I have a
"sieve_before" script in place which works for rules of the
private namespace.

But when the rule shall "fileinto" a public folder, the mail isn't
filtered (moved) and syslog says
dovecot: lmtp(.): Error ... sieve...: Mailbox doesn't exist.

After some tests I found out it always looks in the private (or 
shared)

namespace for that specfied folder.
Do I miss a config option to let dovecot sieve "fileinto" a public
namespace folder?
I use dovecot version 2.2.13.


We „fileinto“ in this manner :

```
fileinto „Namespace/folder“;
```

The procedure in our setup is like this:

1. Virtual alias for each public-Folder email address within postfix:

Pattern:
fol...@domain.tld listadm+Namespace/fol...@domain.tld
Example:
i...@domain.tld listadm+Verteiler/i...@domain.tld

Verteiler is the namespace, info the mailbox. listadm is a pseudo user 
in this context which holds the ACL for fileinto the resulting mailbox 
with proper permissions.


2. Disassemble the virtual alias address with sieve:

Excerpt of the script. It is actually more code because we sort out spam 
for public folder. German comments, sorry.


```
# Hat Subadresse?
if envelope :matches :detail "to" "*"
{
# Adressaufbau: listadm+Namespace/liste@
# ${liste} wird Namespace/box
set "liste" "${1}";
}
[…]

fileinto "${liste}";

```

I can send you the whole script if you need.

Greetings!

Tobias

--
collect@shift.agency

Re: shared folder name or public folder with mail address


On 14 Feb 2020, at 15:02, Armin Schindler wrote:


On 2/14/20 2:23 PM, Tobias Kirchhofer wrote:

On 14 Feb 2020, at 14:05, Armin Schindler wrote:


On 2/14/20 11:44 AM, Tobias Kirchhofer wrote:

On 14 Feb 2020, at 11:06, Armin Schindler wrote:

    Hello!


[…]

For our new setup (planned with CentOS 8, waiting for the official 
repo for the latest dovecot
version…) we have a prototype on Debian base with the latest 
version of Dovecot. In opposite to our
current solution we will implement global acls with user and groups 
from LDAP. This is very nice.


Wow, thanks. This seem to be exactly what I need to go on.
Our base system is a Univention UCS, so LDAP users and groups is 
what we already have working :-)


With your elements I think we really could have the cyrus shared 
folders with dovecot by

using a namespace of
 type=public
but with
 prefix=shared/
(we might use type=shared with prefix=usershared/ later).


There is not something like one way do to this. You could also make 
your life easier and choose to
create a „Share user“ which is only there to share folders. This 
will then be Dovecot „Shared
folders“ shared by this pseudo user to other users. You then could 
use Roundcube or such to maintain
acl with this pseudo user. But we did not follow this path then for 
reasons i cannot remember

anymore :)

For each Public folder we have a defined namespace. „Newsletter“, 
„Client1“, „Client2“ etc. We have
many, around 30 or so. ACL goes on this namespace (namespace/*). I 
guess ACL are first match. Each
namespace has its own prefix. (eq. prefix = Newsletter/, prefix = 
Client1 etc.) User can subscribe

namespace by namespace acl assumed.


What is the benefit using own namespace for each public folder?
If the config is equal for all folders, wouldn't one namespace with 
subfolders

be the same?
One public namespace would look like it is with cyrus in the client: 
one "shared/"

folder to open/close.


Yes, this was a misunderstanding - we have a lot of subfolders per 
namespace. The subfolders have ACLs.



--
collect@shift.agency

Re: shared folder name or public folder with mail address

2020-02-14 Thread Tobias Kirchhofer


On 14 Feb 2020, at 14:05, Armin Schindler wrote:


On 2/14/20 11:44 AM, Tobias Kirchhofer wrote:

On 14 Feb 2020, at 11:06, Armin Schindler wrote:

Hello!


[…]

For our new setup (planned with CentOS 8, waiting for the official 
repo for the latest dovecot
version…) we have a prototype on Debian base with the latest 
version of Dovecot. In opposite to our
current solution we will implement global acls with user and groups 
from LDAP. This is very nice.


Wow, thanks. This seem to be exactly what I need to go on.
Our base system is a Univention UCS, so LDAP users and groups is what 
we already have working :-)


With your elements I think we really could have the cyrus shared 
folders with dovecot by

using a namespace of
 type=public
but with
 prefix=shared/
(we might use type=shared with prefix=usershared/ later).


There is not something like one way do to this. You could also make your 
life easier and choose to create a „Share user“ which is only there 
to share folders. This will then be Dovecot „Shared folders“ shared 
by this pseudo user to other users. You then could use Roundcube or such 
to maintain acl with this pseudo user. But we did not follow this path 
then for reasons i cannot remember anymore :)


For each Public folder we have a defined namespace. „Newsletter“, 
„Client1“, „Client2“ etc. We have many, around 30 or so. ACL 
goes on this namespace (namespace/*). I guess ACL are first match. Each 
namespace has its own prefix. (eq. prefix = Newsletter/, prefix = 
Client1 etc.) User can subscribe namespace by namespace acl assumed.


But as i sad - by writing this i get nervous, cause i now that you must 
immerse deeply with this topic. Otherwise you will not get happy :)


Tobias


Or is the idea of just *one* public folder with name "shared" and with
subdirs for different "projects/departments/topics" not working as 
expected?


ACL is something I didn't look at yet. Is it possible to set different 
permissions
for the folders in the public prefix like /shared/dir1 , /shared/dir2 
, etc.

or even for sub-subfolders?
Global ACLs aren't neccessary when using folder acls, right?

Armin

[…]


--
collect@shift.agency

Re: shared folder name or public folder with mail address

2020-02-14 Thread Tobias Kirchhofer


On 14 Feb 2020, at 11:06, Armin Schindler wrote:


Hello!

we are about to move from cyrus to dovecot and have one open issue
for that migration.
With cyrus we have "shared/" folders with a name that is self defined 
like

  shared/project-xyz
but the email address for direct delivery to that folder my be 
different

(not project-...@domain.com).

With dovecot we try to have it similar (at least how the user sees it 
in the client)

like it is now.

When configuring a namespace of type=shared, I see in the docs the the 
prefix
can be configured with %%u , %%n or %%d. But is it possible to 
configure
the name different to the email address? E.g. to hide the email 
address of

that folder and show a nice name instead?

I also thought about using public namespace instead. Does this make 
sense here?
With public (maybe configured with prefix=shared/) folder I can set 
any name

as subdir in prefix, right?
So would this be more like what we have with cyrus shared folder?

If so, how could these public folders have an email address for direct 
mail delivery into?
Can something like a global sieve rule do that? Or can a public folder 
have an email address?


Thanks in advance.
Armin


Hi, we went through this some years ago. It is a bit tricky in the 
details. Involved is postfix, public namespace, subscriptions, acl, 
sieve.


We found a quite comprehensive solution so far. It is working similar to 
Cyrus shared folder. Do not mix the names. Cyrus „shared“ folders 
are „public“ folders in Dovecot. Dovecot „shared“ folders are 
personally shared folders from one user to another.


For our new setup (planned with CentOS 8, waiting for the official repo 
for the latest dovecot version…) we have a prototype on Debian base 
with the latest version of Dovecot. In opposite to our current solution 
we will implement global acls with user and groups from LDAP. This is 
very nice.


Some elements:

Global ACL:
```
[..]
Newsletter group=administrator lrwstipekxa
Newsletter/* group=team lrwstipe
Newsletter/* user=n...@domain.tld lrwstipe
[…]
```

Public folder:
```
namespace {
  type = public
  prefix = Newsletter/
  separator = /
  location = 
maildir:/var/vmail/public/$DOMAIN/newsletter:LAYOUT=fs:INDEXPVT=~/public/$DOMAIN/newsletter

  subscriptions = no
  hidden = no
  list = children
}
```

Subscriptions (! This one was tricky)
```
namespace subscriptions {
subscriptions = yes
prefix =
separator = /
list = no
hidden = yes
}

namespace inbox {
inbox = yes
separator = /
prefix = INBOX/
subscriptions = no
[…]
```

„Dovecot“ Shared folder (optional):
```
namespace shared {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%h/:INDEXPVT=~/shared/%%u
list = children
subscriptions = no
}
```

The sorting in the according public folder happens in a global sieve 
script before user scripts are fireing. It is combined with the ‚+‘ 
notation in postfix for sub addresses and an special ‚listadm‘ user


postfix:
```
listadm+Verteiler/info@$DOMAIN
```

The sieve script is then reading the generated address and delivers it 
into the according public folder. We learned a lot about sieve scripting 
with this task :-)



```
sieve_before = /var/vmail/sieve/global/global-before.sieve

[…]

```

More details would be to much here.

To be honest, we needed some time to get it done properly. It is a 
combination of features and A LOT OF testing and analysing the behaviour 
of postfix/dovecot/public-folder/sieve/acl. For now we have a Public 
folder setup which is as nice like it is with Cyrus. With Cyrus this 
issue is less complex to implement.


Maybe this helps a bit. Take exclusivly one to two weeks for this task 
and read and test a lot! :-)


Tobias



--
collect@shift.agency

Re: Dovecot 2.3 repo for CentOS 8.

2020-02-14 Thread Tobias Kirchhofer

Hi Filip,

On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote:

> Hello,
> I have builded some dovecot packages for CentOS 8 in my personal
> repository:
> http://repo.joomhosting.eu/centos/8/x86_64/
> and SRPMS are in
> http://repo.joomhosting.eu/centos/8/SRPMS/
>
> I you want you can try it.
>
> With best regards,
> Filip Bartmann

would it be useful/advisable to use this repo for productive operation?

An official repo is still not available for CentOS 8 https://repo.dovecot.org/

We would like to set up our new mail server on CentOS 8 and are waiting… :)

What is your advice?

Tobias

> On Thu, 12 Dec 2019 12:31:45 +0200
> Reio Remma  wrote:
>
>> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote:
>>>> On 09/12/2019 17:20 Reio Remma via dovecot 
>>>> wrote:
>>>>
>>>>
>>>> Hello!
>>>>
>>>> Are there any plans for an official Dovecot repo for CentOS 8?
>>>>
>>>> Thanks,
>>>> Reio
>>> (sorry for duplicate, user error in earlier one...)
>>>
>>> Yes. There are plans for the repo, unfortunately there are still
>>> technical problems due to how CentOS8 repositories are organized.
>>> But soon.
>>>
>>> Aki
>>
>> I tried rebuilding the RPM for CentOS 8 but I see it's missing some
>> notable required packages like tcp wrappers and quota-devel. Managed
>> to rebuild by switching these off in the spec file
>> (--without-libwrap), but that's probably not a good idea. :)
>>
>> Reio


-- 
collect@shift.agency

Re: [ext] Dovecot Wiki: Please disable edit on double click

2019-03-20 Thread Tobias Kirchhofer via dovecot


On 20 Mar 2019, at 11:59, Ralf Hildebrandt via dovecot wrote:


* Michael Goth via dovecot :


could you maybe disable the 'edit on doubleclick' feature on
wiki2.dovecot.org?

Everytime I try to select a word by double clicking on it, I end up 
in
editing mode. It's just a minor thing, but maybe I'm not the only one 
who's

annoyed by this ;)


Amen to that. I never bothered to ask, but it annoys the shit out of 
me!


Same same here :)


--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | https://www.charite.de




--
collect@shift.agency

Re: Error with virtual index "Broken mailbox_count header"

2019-01-02 Thread Tobias Kirchhofer


On 2 Jan 2019, at 9:48, Aki Tuomi wrote:


Can you try

INBOX
INBOX/*
-INBOX/Trash
-INBOX/Spam
   all


This worked already, all E-Mails from Namespace INBOX and below. What we 
want is „All E-Mails from all Namespaces“. We have several beside 
INBOX/, like Admin/ News/ Clients/ a.s.o.


Do we have to name each Namespace explicitly?


Aki

On 02 January 2019 at 10:40 Tobias Kirchhofer  
wrote:



On 2 Jan 2019, at 9:27, Aki Tuomi wrote:


Please provide doveconf -n


Sure:
https://crypto.shift.agency/?66a9e34e83032c3e#ovF5Yq5qTNa8ii7Qup4oy8h5HyEVLKl/RbhCFpQGkkY=



Aki

On 02 January 2019 at 10:26 Tobias Kirchhofer 


wrote:


Hi, we experience trouble with one of our virtual mailboxes.

dovecot-virtual:

`
*
-INBOX/Trash
-INBOX/Spam
 all
`

Error log:

```Error: virtual index
/var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken
mailbox_count header```

This happens only with the filter form above. All other virtual
mailboxes works fine.

Jakobus Schürz experienced something similar:

https://www.dovecot.org/list/dovecot/2018-January/110656.html

We do not have the panic message.

Is this probably something on our side or is this Dovecot?


```
namespace virtual {
   prefix = Virtual/
   separator = /
   location = virtual:~/virtual
}


--
collect@shift.agency



--
collect@shift.agency



--
collect@shift.agency

Re: Error with virtual index "Broken mailbox_count header"

2019-01-02 Thread Tobias Kirchhofer


On 2 Jan 2019, at 9:27, Aki Tuomi wrote:


Please provide doveconf -n


Sure: 
https://crypto.shift.agency/?66a9e34e83032c3e#ovF5Yq5qTNa8ii7Qup4oy8h5HyEVLKl/RbhCFpQGkkY=




Aki

On 02 January 2019 at 10:26 Tobias Kirchhofer  
wrote:



Hi, we experience trouble with one of our virtual mailboxes.

dovecot-virtual:

`
*
-INBOX/Trash
-INBOX/Spam
 all
`

Error log:

```Error: virtual index
/var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken
mailbox_count header```

This happens only with the filter form above. All other virtual
mailboxes works fine.

Jakobus Schürz experienced something similar:

https://www.dovecot.org/list/dovecot/2018-January/110656.html

We do not have the panic message.

Is this probably something on our side or is this Dovecot?


```
namespace virtual {
   prefix = Virtual/
   separator = /
   location = virtual:~/virtual
}


--
collect@shift.agency



--
collect@shift.agency

Error with virtual index "Broken mailbox_count header"

2019-01-02 Thread Tobias Kirchhofer


Hi, we experience trouble with one of our virtual mailboxes.

dovecot-virtual:

`
*
-INBOX/Trash
-INBOX/Spam
all
`

Error log:

```Error: virtual index 
/var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken 
mailbox_count header```


This happens only with the filter form above. All other virtual 
mailboxes works fine.


Jakobus Schürz experienced something similar:

https://www.dovecot.org/list/dovecot/2018-January/110656.html

We do not have the panic message.

Is this probably something on our side or is this Dovecot?


```
namespace virtual {
  prefix = Virtual/
  separator = /
  location = virtual:~/virtual
}


--
collect@shift.agency

Namespaces for Apple Client

2018-06-14 Thread Janzen, Tobias

Hi,

i have a plesk server with postfix an dovecot.
Webmail is roundcube.
Version of Dovecot is 2.3.0.1
I want apple clients to use the default special folders.
My config for namespaces worked till last week.
Now I cant get it to work again.
Hope someone can help me.

# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.1 (d33dca20)
# OS: Linux 4.4.0-042stab130.1 x86_64 Ubuntu 16.04.4 LTS reiserfs
auth_mechanisms = plain login digest-md5 cram-md5 apop
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&.-_@'
disable_plaintext_auth = no
first_valid_uid = 30
imap_client_workarounds = delay-newmail
imap_logout_format = rcvd=%i, sent=%o
mail_home = /var/qmail/mailnames/%Ld/%Ln
mail_location = maildir:/var/qmail/mailnames/%Ld/%Ln/Maildir
mail_log_prefix = "service=%s, user=%u, ip=[%r]. "
mail_plugins = " quota"
managesieve_logout_format = rcvd=%i, sent=%o
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext imapflags notify
namespace inbox {
  inbox = yes
  location =
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
auto = create
special_use = \Sent
  }
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  driver = plesk
}
plugin {
  mail_crypt_global_private_key = http://www.heimhaus.de

USt-IdNr.: DE 272301801

Sitz Duisburg, HRB 22438

Gesch?ftsf?hrer: Michael Demming, Dipl.-Ing. Klaus Rappers

dsync backup public namespace - how?

2017-02-03 Thread Tobias Kirchhofer

Hello,

We just celebrated the launch of our new mailserver setup (Dovecot and 
Postfix). Really nice!

Now we want to change our quickfix backup with rsync to dsync.

For mailder backup of users this was an easy task:

dsync -v -f -u "${user}" backup "maildir:${destination}" (local file path 
destination)

We use many public folder with ACL and now we are wondering how we can backup 
these folder in a similar manner:

a)
dsync -u dove...@domain.com backup -n Namespacename  
"maildir:/var/vmail-backup/backup/public"

or

b)
dsync -v -u dove...@domain.com -N backup "maildir:${destination}

But this is not working.

a) does nothing, no error
b) Error message: doveadm(dove...@domain.com): Fatal: -N parameter requires 
syncing with remote host

Any ideas?

# dovecot --version
2.2.13

-- 
Tobias Kirchhofer
tob...@kirchhofer.net

signature.asc
Description: OpenPGP digital signature

Re: shared/public mailbox application

2016-11-29 Thread Tobias Kirchhofer

Sounds good - this could do the trick. Post the final and working concept :)

On 29 Nov 2016, at 17:58, Michael Fox wrote:

>> Basically we alias n...@domain.com to dove...@domain.com. doveadm@ has a
>> sieve-Script which files into the public folder. You could also configure
>> a postfix transport which does the job.
>
> Ah.  OK.  That may be more complexity than I need for my situation.  So 
> please bear with me as I try to understand this.
>
> IF:
>
> Postfix is already configured to deliver mail destined for the virtual domain 
> "domain.com" to Dovecot
> --and--
> I create the NAMESPACE and NAME setup as you described
> --and--
> I create a Dovecot userdb entry for n...@domain.com (but no passdb entry)
> --and--
> I configure ACLs so that all domain.com users can read NAME's mailbox but 
> only admin users can delete messages in NAME's mailbox
> --and--
> I configure the virtual INBOX for POP users to include "RealMails" and "NAME"
>
> THEN, I'm thinking that:
>
> Because there is no passdb entry, user n...@domain.com cannot log in
> --and--
> Because userdb defines NAME's home directory, incoming mail to 
> n...@domain.com would be delivered to the NAME mailbox, just like any other 
> user in domain.com, without the need for aliasing or sieve
> --and--
> Because of the ACLs, IMAP admin users would be able to delete/manage NAME's 
> messages and everyone else would be able to read NAME's messages
> --and--
> Because of the virtual INBOX, POP users would be able to read the NAME 
> messages.
>
> Does that make sense?  Am I missing something?
>
>
>> Its necessary to overlook the whole process chain to properly configure
>> everything.
>
> Yes!  Agreed!  That's why I'm trying to think through the whole thing before 
> diving down a rabbit hole that leads to a dead end.
>
>> And a lot of try out :)
>
> For sure.  (Just as soon as I understand what I'm trying to do.)  ;-)
>
> Michael


-- 
Tobias Kirchhofer
tob...@kirchhofer.net

signature.asc
Description: OpenPGP digital signature

Re: shared/public mailbox application

2016-11-28 Thread Tobias Kirchhofer

Basically we alias n...@domain.com to dove...@domain.com. doveadm@ has a 
sieve-Script which files into the public folder. You could also configure a 
postfix transport which does the job.

Its necessary to overlook the whole process chain to properly configure 
everything. And a lot of try out :)


On 29 Nov 2016, at 6:34, Michael Fox wrote:

> Thanks Tobias.  Thanks for the detailed reply.
>
>
>
> I think I see what you’re doing.  But I’m unclear on something (since I’m a 
> nube):
>
>
>
> Can anyone send mail to n...@domain.com <mailto:n...@domain.com>  and have it 
> appear in the public mailbox?
>
>
>
> If not, would it be enough to create a userdb entry which defines a 
> pseudo-user NAME, including its home directory, such that imcoming mail 
> addressed to n...@domain.com <mailto:n...@domain.com>  could be delivered 
> into that mailbox?
>
>
>
> Thanks,
>
> Michael
>
>
>
>
>
>
>
> From: Tobias Kirchhofer [mailto:tob...@kirchhofer.net]
> Sent: Monday, November 28, 2016 7:19 AM
> To: Michael Fox <n...@mefox.org>
> Cc: Dovecot Mailing List <dovecot@dovecot.org>
> Subject: Re: shared/public mailbox application
>
>
>
> Hi Michael,
>
> we migrated from Cyrus Shared Folders to Dovecot Public Folder.
>
> Our setup with Dovecot:
>
> * Public Namespace type=public
> * prefix=NAMESPACE
> * 
> location=maildir:/var/vmail/public/domain.com/folder:INDEXPVT=~/public/domain.com/NAME
> * list=children to show NAMESPACE only if acl is given
> * Restart Dovecot
> * cd /var/vmail/public/domain.com/NAMESPACE
> * mkdir .NAME
> * We utilise one user  <mailto:dove...@domain.com> dove...@domain.com to 
> control acl
> * doveadm acl set -u  <mailto:dove...@domain.com> dove...@domain.com 
> NAMESPACE/NAME user= <mailto:dove...@domain.com> dove...@domain.com all (this 
> creates also the Maildir)
> * doveadm mailbox subscribe -u  <mailto:dove...@domain.com> 
> dove...@domain.com NAMESPACE/NAME
> * dm acl set -u  <mailto:dove...@domain.com> dove...@domain.com 
> NAMESPACE/NAME user= <mailto:firstname.lastn...@domain.com> 
> firstname.lastn...@domain.com lookup read write write-seen write-deleted 
> insert post expunge
>
> User  <mailto:firstname.lastn...@domain.com> firstname.lastn...@domain.com 
> can now subscribe to the public folder „NAMESPACE/NAME“.
>
> With this base you could create a more specific setup which more precisely 
> fits your need.
>
> There are also other strategies achieving Shared Folders the Cyrus way. :)
>
> Hope that helps.
>
> Tobias
>
> On 28 Nov 2016, at 15:38, Michael Fox wrote:
>
> No answer. Trying again. Surely someone with experience with public
> mailboxes can offer some insight on whether the application below should be
> a public or shared namespace ...
>
> Thanks
> Michael
>
> -Original Message-
> From: dovecot [mailto: <mailto:dovecot-boun...@dovecot.org> 
> dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
> Sent: Thursday, November 24, 2016 11:53 AM
> To: Dovecot Mailing List  <mailto:dovecot@dovecot.org> dovecot@dovecot.org
> Subject: shared/public mailbox application
>
> I'm new to Dovecot and I need help configuring a shared or public mailbox -
> I'm not sure which is appropriate. I've read the wiki and Peer's book and
> neither appears to cover what I'd like to do. So I could use some specific
> help on how to configure a solution for the following:
>
> I'd like to create two real mailboxes, let's call them AAA and BBB. Let's
> call the domain "mydomain". By "real", I mean that users aaa@mydomain and
> bbb@mydomain can log into their own mailbox.
>
> Anyone user can send mail to them, just like any other address:
> aaa@mydomain or bbb@mydomain.
>
> I'd like all IMAP users in mydomain to be able to read the messages in those
> mailboxes.
>
> I'd like all POP users in mydomain to also see those messages. (But I don't
> think I need help with the virtual part).
>
> I'd like only a few designated IMAP users to be able to delete the messages
> in those mailboxes, including dummy users AAA and BBB themselves.
>
> Ideally, I'd like them to appear in the client under a separate namespace
> from shared mailboxes. Example:
>
> INBOX
>
> +--- the normal stuff.
>
> Shared
>
> +--- user1
>
> +--- user2
>
> Special
>
> +--- AAA
>
> +--- BBB
>
> My confusion:
>
> 1) I don't know if this requires a shared namespace or a public
> namespace. It "feels" like it's "public", since all users would have
> access. But Peer's b

Re: shared/public mailbox application

2016-11-28 Thread Tobias Kirchhofer

Hi Michael,

we migrated from Cyrus Shared Folders to Dovecot Public Folder.

Our setup with Dovecot:

- Public Namespace type=public
- prefix=NAMESPACE
- 
location=maildir:/var/vmail/public/domain.com/folder:INDEXPVT=~/public/domain.com/NAME
- list=children to show NAMESPACE only if acl is given
- Restart Dovecot
- cd /var/vmail/public/domain.com/NAMESPACE
- mkdir .NAME
- We utilise one user dove...@domain.com to control acl
- doveadm acl set -u dove...@domain.com NAMESPACE/NAME user=dove...@domain.com 
all (this creates also the Maildir)
- doveadm mailbox subscribe -u dove...@domain.com NAMESPACE/NAME
- dm acl set -u dove...@domain.com NAMESPACE/NAME 
user=firstname.lastn...@domain.com
   lookup read write write-seen write-deleted insert post expunge

User firstname.lastn...@domain.com can now subscribe to the public folder 
„NAMESPACE/NAME“.

With this base you could create a more specific setup which more precisely fits 
your need.

There are also other strategies achieving Shared Folders the Cyrus way. :)

Hope that helps.

Tobias

On 28 Nov 2016, at 15:38, Michael Fox wrote:

> No answer.  Trying again.  Surely someone with experience with public
> mailboxes can offer some insight on whether the application below should be
> a public or shared namespace ...
>
> Thanks
> Michael
>
>
> -Original Message-
> From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
> Sent: Thursday, November 24, 2016 11:53 AM
> To: Dovecot Mailing List <dovecot@dovecot.org>
> Subject: shared/public mailbox application
>
> I'm new to Dovecot and I need help configuring a shared or public mailbox -
> I'm not sure which is appropriate.  I've read the wiki and Peer's book and
> neither appears to cover what I'd like to do.  So I could use some specific
> help on how to configure a solution for the following:
>
>
>
> I'd like to create two real mailboxes, let's call them AAA and BBB.  Let's
> call the domain "mydomain".  By "real", I mean that users aaa@mydomain and
> bbb@mydomain can log into their own mailbox.
>
> Anyone user can send mail to them, just like any other address:
> aaa@mydomain or bbb@mydomain.
>
> I'd like all IMAP users in mydomain to be able to read the messages in those
> mailboxes.
>
> I'd like all POP users in mydomain to also see those messages.  (But I don't
> think I need help with the virtual part).
>
> I'd like only a few designated IMAP users to be able to delete the messages
> in those mailboxes, including dummy users AAA and BBB themselves.
>
> Ideally, I'd like them to appear in the client under a separate namespace
> from shared mailboxes.  Example:
>
>
>
> INBOX
>
> +--- the normal stuff.
>
> Shared
>
> +--- user1
>
> +--- user2
>
> Special
>
> +--- AAA
>
> +--- BBB
>
>
>
> My confusion:
>
> 1)  I don't know if this requires a shared namespace or a public
> namespace.  It "feels" like it's "public", since all users would have
> access.  But Peer's book and the wiki describe manually creating folders for
> public namespaces and controlling the contents with manual file
> manipulation, which leads me to believe that they can't be used for regular
> mail (although the book and the wiki never say one way or the other).   I
> don't want to manually control files.  I want to send mail to the mailbox
> and delete (see above) it with a client.
>
> 2)  There are several examples in Peer's book and the wiki, but none
> seem to match what I want.  (This is the problem with documentation that is
> predominantly example-based).  I guess I need more explanation of the
> mechanical differences between shared and public and why one would pick one
> over the other.
>
>
>
> Can someone help?  Please be as specific as you can.
>
>
>
> Thanks much,
>
> Michael


-- 
Tobias Kirchhofer
tob...@kirchhofer.net

signature.asc
Description: OpenPGP digital signature

Re: Authentication Penalty with ID x-originating-ip, HAproxy

2016-06-24 Thread Tobias

A quick test confirms that HAproxy header IP information does properly 
delay the authentication failures upon successive failed login attempts 
from the same IP.


And furthermore if the webmail client is delayed on the IMAP level, this 
could potentially be exploited for DoS and as such may not be a good 
idea after all. Even with the auth_failure_delay=2 by default this is 
possible, but it's much easier to achieve the DoS if the pre-auth delay 
increases to 17 seconds (maximum delay I've observed).


Is there any other brute force / DoS mitigation option for dovecot / 
webmail interaction, short of fail2ban type IP blocking in a firewall 
(which will not work on a machine several layers deep behind e.g. a 
proxy), that isn't exclusively relying on the webmail client for such 
mitigation?


Can dovecot itself temp-ban remote IPs (as reported by HAproxy protocol, 
or IMAP ID x-originating-ip), perhaps with a notice to try again in X 
seconds, instead of delaying them?


/Tobias

On 2016-06-24 13:27, Tobias wrote:

The wiki states that anvil's authentication penalties are skipped when
IP is in login_trusted_networks.
http://wiki.dovecot.org/Authentication/Penalty

Is there a way to enable the authentication penalties for specific
advertised remote IPs, when the connecting IP is in
"login_trusted_networks", and it advertises the originating remote IP
via 'ID ("x-originating-ip", "")'?

And with regards to HAproxy, is anvil's authentication penalties by
default transparent with regards to the remote IP advertised in the
proxy protocol header?

/Tobias

Authentication Penalty with ID x-originating-ip, HAproxy

2016-06-23 Thread Tobias

The wiki states that anvil's authentication penalties are skipped when 
IP is in login_trusted_networks.

http://wiki.dovecot.org/Authentication/Penalty

Is there a way to enable the authentication penalties for specific 
advertised remote IPs, when the connecting IP is in 
"login_trusted_networks", and it advertises the originating remote IP 
via 'ID ("x-originating-ip", "")'?


And with regards to HAproxy, is anvil's authentication penalties by 
default transparent with regards to the remote IP advertised in the 
proxy protocol header?


/Tobias

Re: Mailbox location

2016-06-17 Thread Tobias


Hi Doug,

"home" from your userdb query will dictate where mail will be dropped.

If you want to store in /var/mail/home_mail/, then 
use %n. You were almost there with /%d/%n in your current configuration, 
posted below, just remove the %d completely.


http://wiki.dovecot.org/Variables

The domain part is added by postfix. Postfix most often requires some 
kind of domain, and if not added will append one (unless you have an 
unorthodox configuration). It's not recommended to remove this feature 
from your postfix configuration.


/Tobias

On 2016-06-17 16:10, Doug Hardie wrote:

On 16 June 2016, at 22:53, Doug Hardie <bc...@lafn.org> wrote:

I am running a small server with a fixed number of users.  Postfix is 
using dovecot lda so that I can run pigeonhole.  I have setup a user 
file with the ids and passwords and everything authenticates properly. 
 Postfix uses that also.  However, mail is consistently delivered to 
user@domain.  How do I tell it to deliver to just user?  I have tried 
setting a variety of different things like:


10-mail.conf:mail_location = maildir:/var/mail/home_mail/%u

userdb {
 driver = static
 args = uid= gid= home=/var/mail/home_mail/%u
}

and a few other things.  None of them affected the mailbox location.  
Fortunately, this is a test system as I probably have mucked up the 
config files by now.


— Doug


here is config:

root@test:/usr/local/etc/dovecot/conf.d # doveconf -n
# 2.2.22 (fe789d2): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: FreeBSD 10.3-RELEASE amd64  ufs
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose_passwords = yes
base_dir = /var/run/home_mail/
first_valid_gid = 0
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c %k session=<%{session}> port=%a
mail_debug = yes
mail_gid = 
mail_location = maildir:/var/mail/home_mail/%u
mail_uid = 
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users
  driver = passwd-file
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  mail_log_fields = uid box msgid size from
}
postmaster_address = d...@sermon-archive.info
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
ssl_cert =

Found 4 bugs in latest SquirrelMail related to IMAP and SMTP STARTTLS, Dovecot capabilities

2016-04-03 Thread Tobias


This is a cross-post from the squirrelmail-devel list.

It may be of interest if you want to run SquirrelMail and connect to 
Dovecot (and Postfix, possibly other servers) on a remote host using 
STARTTLS.


BR
Tobias

 Forwarded Message 
Subject:[SM-DEVEL] 4 bugs, IMAP and SMTP STARTTLS, Dovecot capabilities
Date:   Sun, 3 Apr 2016 04:27:56 +0200
From:   Tobias <lists.zx...@otaking.se>
Reply-To: 	Squirrelmail Developers Mailing List 
<squirrelmail-de...@lists.sourceforge.net>

To: squirrelmail-de...@lists.sourceforge.net



Hello!

I've looked for and have not seen any similar issues reported related to
STARTTLS. Sourceforge wouldn't let me create an account or else I could
have submitted bug reports directly.

I'm using SquirrelMail 1.4.23 installed from latest FreeBSD Ports,
together with PHP 5.6. I'm attempting to connect using STARTTLS to
Dovecot 2.2.22 and Postfix 3.1.0.

I've verified the code is not fixed for any of these four issues in the
latest 1.5.2 SVN. Issue 2 is not as much of a problem in 1.5.2 as it is
in 1.4.23 when using 'login' authentication.

I connect to the IMAP and SMTP servers using their IP, but need to
override the 'peer_name' to validate the certificate properly. New in
PHP 5.6 is also that verify_peer defaults to TRUE, which means I need to
either be able to set the peer_name, or disable verify_peer.

I've found three issues in functions/imap_general.php, related to
STARTTLS and Dovecot IMAP server, as well as one STARTTLS issue in
class/deliver/Deliver_SMTP.class.php, class class Deliver_SMTP, function
initStream.



Issue 1:
Stream options ($imap_stream_options) are not used with STARTTLS
($use_imap_tls = 2) in function sqimap_create_stream. The stream options
are only used for $use_imap_tls = 1.

How to fix:
Add something like this:
 // set context options to allow for SSL option overrides
@stream_context_set_option($imap_stream,$stream_options);

Before trying to initiate the TLS session here:
functions/imap_general.php :: function sqimap_create_stream
826:// start crypto on connection. suppress function errors.
827:if
(@stream_socket_enable_crypto($imap_stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT))
{



Issue 2:
IMAP capabilities are only read once in function sqimap_create_stream
(and subsequently used in sqimap_login to determine certain login
options), however the capability list for Dovecot is not the same before
and after STARTTLS.

 From Dovecot, before STARTTLS (telnet  143):
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS LOGINDISABLED] Dovecot ready.

 From Dovecot, after successful STARTTLS (openssl s_client -starttls
imap -connect :143):

---
. OK Pre-login capabilities listed, post-login capabilities have more.
a capability
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN
a OK Pre-login capabilities listed, post-login capabilities have more.

How to fix:
Issue "capability" command after successful STARTTLS to re-read the
capabilities. Either as part of function sqimap_create_stream, or after
call to sqimap_create_stream and before login options are checked in
function sqimap_login.

SquirrelMail 1.4.23 uses the return value with capabilities from
function sqimap_create_stream to determine if 'login' is a viable
option. Dovecot reports LOGINDISABLED prior to STARTTLS. (1.5.2 does not
have this check for 'login'.)



Issue 3:
Multi-line response from the server to the AUTHENTICATE PLAIN (and
likely cram/digest md5, possibly even login) are not accepted.

The IMAP protocol allows the server to prefix responses which are
incomplete with "*", and Dovecot uses this to report capabilities after
successful login, but this is not handled by SquirrelMail's sqimap_login
function.

SquirrelMail reports:
Unknown error: IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY SPECIAL-USE QUOTA

The full output from Dovecot is:
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY SPECIAL-USE
QUOTA
A003 OK Logged in

How to fix:
Check if '*' is the first token in a response, and read another line
from the stream.

Possibly something similar to this:
 while (substr($read,0,1) == '*') { // OK so far..
 $read = sqimap_fgets($imap_stream);
 }



Issue 4:
Identical to issue 1 but for SMTP. $use_smtp_tls = 2 and STARTTLS in
class/deliver/Del

Re: no login with MySQL

2015-09-13 Thread Tobias Franzén


On 2015-09-13 22:52, Andreas Meyer wrote:

Christian Kivalo <ml+dove...@valo.at> schrieb am 13.09.15 um 22:08:04 Uhr:


I think the query-string für MySQL would overwrite this mail_location,
right? But how do I define it in the query?

yes thats how it should work but your query (looking at the query result
from your first email) overwrites the mail_location with
"/var/spool/vhosts/nimmini.de/" without a username.


With my setup "mail" and "home" is returned from the userdb query from
mysql

home: /srv/mail/%u
mail: /srv/mail/%u/Maildir

The query-strings for virtual users look like this:

password_query = SELECT username AS username, password FROM mailbox
WHERE username = '%u' AND active = 1
user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS
quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM
mailbox WHERE username = '%u'

what about
user_query = SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as
mail, uid, gid, concat('*:storage=', quota) AS quota_rule,
concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE
username = '%u'

With this query above I can login again with Roundcube and claws-mail but
with the mysql-client I get:

mysql> SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, 
gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', 
quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u';
Empty set (0,00 sec)

This is my old query with wich I couldn't log in.
mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, 
concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username 
= '%u';
Empty set (0,00 sec)


The SUBSTRING_INDEX returns everything left of the '@' from field
username, that should give you something like

+--+--+--+---++
| mail | uid  | gid  | quota_rule
| quota_rule2|
+--+--+--+---++
| /var/spool/vhosts/nimmini.de/a.meyer | 5000 | 5000 | *:storage=5242880
| Trash:storage=+100 |
+--+--+--+---++

which hopefully is the path to your maildir.

I get am Emty set

Don't understand it.

   Andreas


Hi Andreas,

Make sure to return a "home" attribute, and only optionally a "mail" 
attribute, from your SQL user query.


Your "home" attribute for user "a.me...@nimmini.de" should return 
"/var/spool/vhosts/nimmini.de/a.meyer", and only if you want to override 
the global mail_location specify a "mail" attribute to return something 
like "maildir:/var/spool/vhosts/nimmini.de/a.meyer/Maildir". There is no 
"maildir" attribute used from the SQL query, to my knowledge.


If you want to have the maildir stored directly in the user's home 
folder, e.g. "/var/spool/vhosts/nimmini.de/a.meyer", and your global 
mail_location already is "maildir:~/", then you only need to return a 
proper "home" attribute from SQL.


BR
Tobias

Re: [Dovecot] Dovecot LDA/LMTP vs postfix virtual delivery agent and the x-original-to header

2015-04-28 Thread Tobias Franzén

 mapping in postfix before sending the content to 
amavisd-new. This may be possible to circumvent either with alias lookup 
in amavisd-new, or if I can find another way to use the 
postfix-available orig_to to populate X-Original-To header after 
scanning in amavisd-new.


I've tried to split the mails into one per recipient after address 
mapping and amavisd-new, instead of before as my solution above, without 
default_destination_recipient_limit=1 in main.cf. Instead I tried the 
options as part of smtp (and even smtpd) services in master.cf, 
unfortunately without success. I keep ending up with multiple 
X-Original-To with all local recipients (including BCC) in all internal 
copies delivered.



Have anyone successfully tackled this conundrum with other solutions?

Regards,
Tobias

Re: Differences in Delivered-To header between deliver and LMTP

2014-07-16 Thread Tobias Franzén


On 2014-07-11 11:23, Charles Marcus wrote:

On 7/10/2014 11:29 AM, Timo Sirainen t...@iki.fi wrote:

On 9.7.2014, at 21.20, Jeff Rice j...@jrice.me wrote:

I'm transitioning my server over from using the deliver LDA and 
LMTP.  Suddenly a bunch of sieve filters stopped working, and I 
noticed the contents of the Delivered-To header are different.


Using Dovecot's deliver LDA, the contents are a bare email address 
(f...@bar.com).  Using Dovecot LMTP, they are in brackets 
(f...@bar.com).  Is there a reason why this isn't consistent 
between the two delivery agents?  It seems like it ought to be.
Oh, that's annoying. Dovecot LDA doesn't actually add this header, it 
was your MTA that added it. But looks like I hadn't checked what the 
MTAs actually write to the header when I added this feature to LMTP, 
and nobody had mentioned this before either. I wonder if anybody's 
system breaks if I just change it now..


If you do this Timo, would you please also consider going ahead and 
adding the 20 or so lines of code you said it would take to also add 
support for the x-original-to header (this specific was in a private 
email to me while our support contract was active), as we discussed on 
this list - and you then discussed with Wietse, back in April or so of 
2012:


http://dovecot.org/list/dovecot/2012-April/082585.html

Thanks!

Charles


I am also very interested in the outcome of these discussions for 
X-Original-To header together with LMTP.


My setup will be migrating from an old Courier-IMAP install with Postfix 
VDA and plan to keep using Postfix but this time with Dovecot and 
potentially Dovecot LMTP. My users have multiple aliases and rely on the 
X-Original-To header for filters, however they mostly reside within the 
same domain handled by the same mail server.


Old threads in this and Postfix mail lists indicate that Timo thinks 
LMTP cannot solve this.
Some of this could possibly be solved for local implementations if LMTP 
can expand aliases itself for local delivery. Is this possible?
In general it seems that LMTP has to rely on previous layers to keep the 
original recipient in for example X-Original-To header.


For reference:
http://archives.neohapsis.com/archives/postfix/2012-04/0179.html
http://dovecot.org/list/dovecot/2012-April/082585.html
http://www.dovecot.org/list/dovecot/2014-January/094396.html

Charles, you seem to also have been involved in the following Postfix 
list thread from 2011. Are you using this Postfix workaround detailed at 
the end to add X-Original-To?

https://groups.google.com/forum/#!topic/mailing.postfix.users/ceRuhB8NFWQ

Postfix/main.cf:
# to make sure Delivered-To header contains only one address
lmtp_destination_recipient_limit=1
# for X-Original-To header
smtpd_recipient_restrictions =
check_recipient_access pcre:/etc/postfix/recipient_access.pcre

/etc/postfix/recipient_access.pcre
/(.+)/prepend X-Original-To: $1


Dovecot:
lda_original_recipient_header = X-Original-To

/Tobias

Dovecot authentication against active directory

2014-06-23 Thread Tobias Dummert

Hello,

i´ve got a problem with the dovecot authentication against active directory.
I´m using dovecot 2.0.19 and windows server 2008 R2.

When I try to login via telnet I get the following error message:
a NO [AUTHENTICATIONFAILED] Authentication failed.

My dovecot configuration:

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-60-generic x86_64 Ubuntu 12.04.4 LTS ext4
auth_mechanisms = plain login
auth_username_format = %Lu
disable_plaintext_auth = no
first_valid_gid = 1001
first_valid_uid = 1001
last_valid_gid = 1001
last_valid_uid = 1001
log_path = /var/log/dovecot.log
mail_location = maildir:/srv/mail/%u
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocols = imap
ssl = no
syslog_facility = local7
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
valid_chroot_dirs = /srv/mail




My dovecot-ldap.conf:


hosts = **
dn = CN=*,OU=*,OU=*,OU=*,DC=**,DC=*,DC=de
dnpass = 
tls = no
debug_level = -1
ldap_version = 2
base = OU=*,DC=*,DC=*,DC=de
deref = never
scope = subtree
user_attrs = sAMAccountName=home
user_filter = ((ObjectClass=user)(|(mail=%u)(sAMAccountName=%u)))
pass_filter = ((ObjectClass=user)(sAMAccountName=%u))
default_pass_scheme = plain

could anybody help me with this problem?
Thanks in advance!


Regards,

Tobias Dummert

Re: [Dovecot] how to enable debugging in imapc

2014-04-02 Thread Tobias Oetiker

Hi Teemu,

Today Teemu Huovila wrote:

 On 04/01/2014 05:49 PM, Tobias Oetiker wrote:
  specifically, how can i set
 
 conn-client-set.debug in ./src/lib-imap-client/imapc-connection.c
 Set mail_debug = yes somewhere in your configuration file(s).

hmm that does not seem to get ./src/lib-imap-client/imapc-connection.c
to talk more ... or is this not the part of the code that gets
active when implementing an imap proxy with dovecot ?

cheers
tobi


-- 
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
www.oetiker.ch t...@oetiker.ch +41 62 775 9902
*** We are hiring IT staff: www.oetiker.ch/jobs ***

[Dovecot] BUG dovecot and nginx

2014-04-01 Thread Tobias Oetiker

we have setup a two level proxy configuration for our zimbra server:

  [ dovecot 2.2.12 (imap proxy mode) ]
 V
  [ nginx (imap proxy mode) ]
 V
  [ zimbra imap server]

and it does not work ... after tying a login, the connection just
hangs and ends after 30 seconds with a timeout.

- if I try again rightaway in the same dovecot connection, the login
  goes though without trouble.

- looking at this with tshark I can see that on the second attempt,
  there is no capabilities query, dovecot just goes ahead and
  connects.

if we drop nginx from the setup all is well also (login works
directly as expected)

- investigating the traffic differences between the setups with and
  without nginx, we find that for some reason dovecot does not
  react to the capabily answer from nginx.  while it seems to
  happily accept the same answer when it is coming from zimbra
  directly.

- the only difference I can see on the wire is that nginx is much
  quicker (2.5ms) in responding than the zimbra (25ms) server and
  that the position of the STARTTLS and SASL=PLAIN capabilities in
  the capability answer differs between the two.

any ideas ?

cheers
tobi

-- 
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
www.oetiker.ch t...@oetiker.ch +41 62 775 9902
*** We are hiring IT staff: www.oetiker.ch/jobs ***

[Dovecot] how to enable debugging in imapc

2014-04-01 Thread Tobias Oetiker

Hi Net,

How can I enable debug messages in the imap-proxy client?

Trying to figure why the imap-proxy mode does not work towards
ngnix.

specifically, how can i set

   conn-client-set.debug in ./src/lib-imap-client/imapc-connection.c

cheers
tobi
-- 
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
www.oetiker.ch t...@oetiker.ch +41 62 775 9902
*** We are hiring IT staff: www.oetiker.ch/jobs ***

Re: [Dovecot] Integrating with Drupal SQL db SOLVED

2013-03-19 Thread Tobias


Hi again

I have now solved this with a workaround.

In short, it involves a Drupal 7 module called HTPasswdSync that 
intercepts password creation and changes in Drupal, and writes the 
password in SHA-1 hash format to a file (/etc/apache2/dovecot). I then 
point Dovecot to use this file as userdb and passdb source.


I have written an more in detail explanation that is available at 
http://www.stos.se/?q=node/12 .


The question remains; Will Dovecot ever be compatible with Drupal 7 
password hashes?


Regards
Tobias Rådenholt

i...@stos.se wrote 2013-03-11 17:57:

Hi

I'm trying to get Dovecot to use Drupal users password for authenticating
IMAP users. But I just cant figure out how to make Dovecot understand the
password hash type that Drupal 7 is using.

My example user with password Teacher1 looks like this in Drupal database:
$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU

Dovecot retrieves this hash but complains that its not a recognized hash
type, or that the hash is wrong, depending on if I change the default hash
type in Dovecot config.

Any help appreciated.


root@SSiS:/etc/postfix# dovecot --version
1.2.15
root@SSiS:/etc/postfix# dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:/home/vmail/
mbox_write_locks: fcntl dotlock
auth default:
   verbose: yes
   debug: yes
   debug_passwords: yes
   passdb:
 driver: pam
   passdb:
 driver: sql
 args: /etc/dovecot/dovecot-sql.conf
   userdb:
 driver: passwd
root@SSiS:/etc/postfix#
root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$'
/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu
default_pass_scheme = CRYPT
password_query = SELECT name AS user, pass AS password FROM users WHERE
name='%n'
user_query = SELECT
CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS
mail FROM users WHERE name='%n'
root@SSiS:/etc/postfix# tail /var/log/mail.log
Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593
Mar 11 16:17:51 SSiS dovecot: auth(default): client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): lookup service=dovecot
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password:
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure
(password mismatch?) (given password: Teacher1)
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM
users WHERE name='Teacher1'
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): Password mismatch
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1):
Not a valid MD5-CRYPT or PLAIN-MD5 password
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): CRYPT(Teacher1) !=
'$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU'
Mar 11 16:17:56 SSiS dovecot: auth(default): client out:
FAIL#0111#011user=Teacher1
Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, secured
Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075
Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
root@SSiS:/etc/postfix#

Re: [Dovecot] POLL: v2.2 to allow one mail over quota?

2013-02-11 Thread Tobias Hachmer

On Monday 11 February 2013 17:19:06 Michael Grimm wrote:
  Timo Sirainen t...@iki.fi wrote:
  I wonder if there's a better name for this than last_extra..
  
  quota_surplus
  
  I like this. But my English isn't good enough to know if that word really
  fits it?
 It does, but what about:
 
 quota_final_add_on

What means surplus?

Why not simplify things and calll it
- quota_mailplus
- quota_plusmail

- quota_oneplus
- quota_plusone

Tobias Hachmer

Re: [Dovecot] Dovecot 2.2.beta1

2013-02-10 Thread Tobias Hachmer

On Sunday 10 February 2013 10:13:54 Luigi Rosa wrote:
 Would like to, but on the server I use for testing I have pigeonhole and I
 cannot compile it against 2.2B1
 
 Is there a version for 2.2?

Yes,

see http://pigeonhole.dovecot.org/download.html

Pigeonhole package for Dovecot v2.2 (development) 
# v2.2 code tree:
hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/
Regards,
Tobias Hachmer

Re: [Dovecot] 回复： 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto

2012-12-01 Thread Tobias Hachmer

On Saturday 01 December 2012 08:34:09 Sam DWH wrote:
 Did you installed openssh?

Well, no, I have installed libssl-dev (Ubuntu Precise).
What I have really done is to add the libssl-dev to the dependencies of my 
dovecot-dev package. This dovecot-dev package is a dependency of my pigeonhole 
package.

Regards,
Tobias

[Dovecot] 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto

2012-11-30 Thread Tobias Hachmer

Hello list,

Although timos bugfix release this morning I can't build pigeonhole 0.3.3 for 
dovecot 2.1.12 successfully. I don't know if it is a new bug or if I do 
something wrong but with dovecot 2.1.10 all worked fine, with the same 
configure 
options.

configure options (out of debian/rules for building debian package):

./configure --with-dovecot=/usr/lib/dovecot \
--host=$(DEB_HOST_GNU_TYPE) \
--build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr \
--sysconfdir=/etc \
--libexecdir=\$${prefix}/lib \
--localstatedir=/var \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--with-moduledir=\$${prefix}/lib/dovecot/modules


buildlogextraction with error, the full log is available here: 
https://launchpadlibrarian.net/124478979/buildlog_ubuntu-precise-
amd64.dovecot-2.1-pigeonhole_0.3.3-7~kokelnet~precise_FAILEDTOBUILD.txt.gz

Thanks in advance for any help,
Tobias Hachmer

Making all in lib-sieve-tool
make[4]: Entering directory `/build/buildd/dovecot-2.1-
pigeonhole-0.3.3/src/lib-sieve-tool'
/bin/bash ../../libtool --tag=CC   --mode=compile x86_64-linux-gnu-gcc -
DHAVE_CONFIG_H -I. -I../..  -I../../src/lib-sieve -I/usr/include/dovecot   -
D_FORTIFY_SOURCE=2  -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-
size=4 -Wformat -Wformat-security -Wall -W -Wmissing-prototypes -Wmissing-
declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast 
-fno-builtin-strftime -Wstrict-aliasing=2  -MT sieve-tool.lo -MD -MP -MF 
.deps/sieve-tool.Tpo -c -o sieve-tool.lo sieve-tool.c
libtool: compile:  x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -
I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g 
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -
Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-
subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-
aliasing=2 -MT sieve-tool.lo -MD -MP -MF .deps/sieve-tool.Tpo -c sieve-tool.c  
-fPIC -DPIC -o .libs/sieve-tool.o
libtool: compile:  x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -
I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g 
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -
Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-
subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-
aliasing=2 -MT sieve-tool.lo -MD -MP -MF .deps/sieve-tool.Tpo -c sieve-tool.c 
-o sieve-tool.o /dev/null 21
mv -f .deps/sieve-tool.Tpo .deps/sieve-tool.Plo
/bin/bash ../../libtool --tag=CC   --mode=compile x86_64-linux-gnu-gcc -
DHAVE_CONFIG_H -I. -I../..  -I../../src/lib-sieve -I/usr/include/dovecot   -
D_FORTIFY_SOURCE=2  -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-
size=4 -Wformat -Wformat-security -Wall -W -Wmissing-prototypes -Wmissing-
declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast 
-fno-builtin-strftime -Wstrict-aliasing=2  -MT mail-raw.lo -MD -MP -MF 
.deps/mail-raw.Tpo -c -o mail-raw.lo mail-raw.c
libtool: compile:  x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -
I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g 
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -
Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-
subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-
aliasing=2 -MT mail-raw.lo -MD -MP -MF .deps/mail-raw.Tpo -c mail-raw.c  -fPIC 
-DPIC -o .libs/mail-raw.o
libtool: compile:  x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -
I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g 
-O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -
Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-
subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-
aliasing=2 -MT mail-raw.lo -MD -MP -MF .deps/mail-raw.Tpo -c mail-raw.c -o 
mail-raw.o /dev/null 21
mv -f .deps/mail-raw.Tpo .deps/mail-raw.Plo
/bin/bash ../../libtool --tag=CC   --mode=link x86_64-linux-gnu-gcc  -
std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-
security -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith 
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -
Wstrict-aliasing=2   -Wl,-Bsymbolic-functions -Wl,-z,relro -o libsieve-tool.la  
sieve-tool.lo mail-raw.lo  -lrt
libtool: link: ar cru .libs/libsieve-tool.a .libs/sieve-tool.o .libs/mail-
raw.o 
libtool: link: ranlib .libs/libsieve-tool.a
libtool: link: ( cd .libs  rm -f libsieve-tool.la  ln -s ../libsieve-
tool.la libsieve-tool.la )
make[4]: Leaving directory `/build/buildd/dovecot-2.1-
pigeonhole-0.3.3/src/lib-sieve-tool'
Making all in sieve-tools
make[4

Re: [Dovecot] 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto

2012-11-30 Thread Tobias Hachmer

On Friday 30 November 2012 10:44:48 Timo Sirainen wrote:
 You built Dovecot from a Debian package too, but don't have OpenSSL
 installed?..

Thanks Timo for hte hint. openssl was installed, but the openssl development 
files (libssl-dev) dependency for my dovecot-dev package was missing.

Regards,
Tobias Hachmer

Re: [Dovecot] cmd-vacation.c:4:17: fatal error: lib.h: No such file or directory ./configure: line 11410: -lssl: command not found

2012-11-29 Thread Tobias Hachmer

On Thursday 29 November 2012 16:18:14 Gilles Chauvin wrote:
 The post I linked above wasn't my post but I had the exact same problem
 this morning while trying to compile pigeonhole against dovecot 2.1.11.
 Manually adding the quotes in the dovecot-config file fixed the issue
 for me.

Oh, sorry, I will test, thanks!

Regards,
Tobias Hachmer

[Dovecot] Question about salted hashes

2012-10-19 Thread Tobias Maffert

Hello.

I'm switching from b1gmail to my own setup which consists of
Postfix+Dovecot+MySQL (and maybe VBoxAdm). There are two problems: -
b1gmail is using unsalted MD5 hashes. Is there any good way to make my
new setup backward compatible? So I don't have to force all of my 50k
users to change their password. - How do I change my setup to salted
SHA256 (or an even better algorithm). And how do I make the hashes
compatible between Postfix, Dovecot, MySQL (and maybe VBoxAdm)?

My system:

Debian Squeeze
Postfix version: 2.7.1
Dovecot version: 1.2.15

---
dovecot -n

# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686 i686 Debian 6.0.6
protocols: imap pop3
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_access_groups: vmail
mail_debug: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): UID%u-%v
lda:
  postmaster_address: postmaster-address
  auth_socket_path: /var/run/dovecot/auth-master
  mail_plugins: quota
  sendmail_path: /usr/sbin/sendmail
auth default:
  mechanisms: plain login
  user: vmail
  passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
  userdb:
driver: prefetch
  userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
  socket:
type: listen
client:
  path: /var/spool/postfix/private/auth
  mode: 432
  user: postfix
  group: postfix
master:
  path: /var/run/dovecot/auth-master
  mode: 432
  user: vmail
  group: vmail
plugin:
  quota: maildir

---

driver = mysql
connect = host=127.0.0.1 dbname=smail user=smail password=mypw
default_pass_scheme = CRYPT
password_query = SELECT username AS user, password_enc AS password,
CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS
userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail,
CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users
WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' =
'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp')
user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:',
homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024))
as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')

---

Regards,
Tobi M.

Re: [Dovecot] Help!

2012-10-12 Thread Tobias Hachmer


Am 12.10.2012 19:09, schrieb Justin Vore:

I have installed sendmail, dovecot, and squirrel mail.  The squirrel
mail portion of it works just fine, but I would like to have Mozilla
Thunderbird as a client. Whenever I try and connect to the server it
says Thunderbird failed to find the settings for your email 
account.

We do have an MX record in DNS pointing to our server.


Enter settings manually or set up automx (http://www.automx.org/).

Regards,
Tobias Hachmer

[Dovecot] doveadm backup - Fatal: All your namespaces have a location setting.

2012-09-16 Thread Tobias Hachmer


Hello list,

I am using dovecot v2.1.9 and have a problem with doveadm backup:

# doveadm backup -u u...@domain.com 
maildir:/backup/domain.com/user/Maildir
doveadm(u...@domain.com): Fatal: All your namespaces have a location 
setting. It should be empty (default mail_location) in the namespace to 
be converted.


Here my namespace config:
namespace {
  list = children
  location = 
maildir:/var/vmail/%%d/%%n/Maildir:INDEX=/var/vmail/%d/%n/shared/%%u

  prefix = Gemeinsame-Postfaecher/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/indexes/%u

  prefix =
  separator = /
  subscriptions = yes
  type = private
}

Have I got a problem with my namespace config?

Regards,
Tobias Hachmer

[Dovecot] Dovecot SASL on another machine

2011-11-05 Thread Tobias Hachmer


Hello list,

is there a way to use Dovecot SASL Authentication for submission on a 
different machine dovecot runs?


e.g.:

Dovecot machine - postfix machine(for submission)

How can I authenticate my senders on a different physical machine 
against Dovecot SASL?


Thanks,

Tobias

Re: [Dovecot] Dovecot SASL on another machine

2011-11-05 Thread Tobias Hachmer


Am 05.11.2011 17:01, schrieb Timo Sirainen:

On Sat, 2011-11-05 at 15:13 +0100, Tobias Hachmer wrote:
is there a way to use Dovecot SASL Authentication for submission on 
a

different machine dovecot runs?


With v2.0 you should be able to add inet_listener for auth service,
which acts as an auth-client socket.


Thanks for your reply. I think I didn't couch correct.
I want a postfix machine to authenticate against Dovecot SASL for 
submission service which hasn't installed dovecot locally.
The postfix machine has to ask my central dovecot which is at the 
moment dovecot v1.2.15 but will be soon v2.


Is this possible, if yes, how?

Greetz,

Tobias

Re: [Dovecot] Dovecot SASL on another machine

2011-11-05 Thread Tobias Hachmer


Am 05.11.2011 17:35, schrieb Timo Sirainen:

On Sat, 2011-11-05 at 17:31 +0100, Tobias Hachmer wrote:

Am 05.11.2011 17:01, schrieb Timo Sirainen:
 On Sat, 2011-11-05 at 15:13 +0100, Tobias Hachmer wrote:
 is there a way to use Dovecot SASL Authentication for submission 
on

 a
 different machine dovecot runs?

 With v2.0 you should be able to add inet_listener for auth 
service,

 which acts as an auth-client socket.

Thanks for your reply. I think I didn't couch correct.
I want a postfix machine to authenticate against Dovecot SASL for
submission service which hasn't installed dovecot locally.
The postfix machine has to ask my central dovecot which is at the
moment dovecot v1.2.15 but will be soon v2.


Yes, this is how I understood it.


OK, sorry.


Is this possible, if yes, how?


With v2.0:

service auth {
  inet_listener {
port = 12345
  }
}

Postfix:

smtpd_sasl_path = inet:dovecot.foobar.com:12345


Thanks a lot for your quick help!!!

Greetz, Tobias

[Dovecot] setacl on complete mailbox

2011-09-11 Thread Tobias Hachmer


Hi List,

how can I grant a user full control on another mailbox (the complete 
mailbox with all folder and subfolders).
With the setacl command I could do this but first I have to list all 
folders and then I have to do one setacl command for each folder.


Is there a command to this in one line? Also for new created folders?

Greetz, Tobias

[Dovecot] BestPractice to migrate imap mailbox from one machine to another


Hi list,

currently I use dovecot v1.2.15 with maildir++ mailboxes. (Debian 
Squeeze)
I want to set up a different server with dovecot v2, also maildir++ 
mailboxes. (also Debian Squeeze)


What is the best way to copy the existing mailboxes from the older 
machine running dovecot v1.2.15 to the new naked machine?


Greetz, Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another


On Fri, 09 Sep 2011 15:22:54 +0200, Robert Schetterer wrote:

Am 09.09.2011 15:14, schrieb Tobias Hachmer:

What is the best way to copy the existing mailboxes from the older
machine running dovecot v1.2.15 to the new naked machine?


i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration


ok, but this tool is not free of charge.
Are there any known problems just copying the mailboxes with scp or 
rsync?


Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another


On Fri, 09 Sep 2011 15:42:57 +0200, Giulio Casella wrote:

Have you tried dsync (part of dovecot)? I don't know if it works for
migration to a different (major) version of dovecot, but it's a nice
tool. And it works also over ssh.


Yeah, I read the sections in the dovecot v2 wiki, but I don't get how 
to use for migration.
As far as I understood it's to keep several dovecot server at a unique 
data bank. An well, can I use it between dovecot v1.2 and v2?


Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another


On Fri, 09 Sep 2011 17:16:57 +0200, Giulio Casella wrote:

This is working for me:

root@oldserver # dsync -v -D -u $user backup ssh newserver dsync -u 
$user


where $user is a username. oldserver and newserver can also have
different mailbox format (in my case was mbox - maildir)


Thanks for your replies, I will test first the simple copy of the 
maildirs when the new server is set up.

So thanks a lot.

Greetz, Tobias

Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another


On Fri, 09 Sep 2011 20:26:59 +0200, Robert Schetterer wrote:

i used imapsync in a bash script
http://ks.lamiral.info/imapsync/
at a massive migration


ok, but this tool is not free of charge.


? you should donate
but you can use it without too, i.e its part of ubuntu


Oh, cool, thanks for the hint. Yes, I will test simple copy, imapsnc 
and dsync.

Thanks a lot.

Tobias

Re: [Dovecot] Quotas not recalculating

2011-09-06 Thread Tobias Hachmer


On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote:

On 5.9.2011, at 4.28, Kyle Brantley wrote:

Okay, something else isn't cooperating with this at all. I 
reconfigured it to use dirsize just to test (quota = dirsize:User 
quota in 90-quota.conf instead of quota = maildir:User quota), and it 
is still trying to use maildir quotas:


Your user_query in dovecot-sql.conf overrides the quota setting.


Same problem here.
But how can I use maildirsize quota  user_query in dovecot-slq.conf ?

I want to manage my users in a sql table and use maildirsize quota.

Greetz, Tobias

Re: [Dovecot] Quotas not recalculating

2011-09-06 Thread Tobias Hachmer


On Tue, 6 Sep 2011 23:08:37 +0300, Timo Sirainen wrote:

On 6.9.2011, at 23.01, Tobias Hachmer wrote:


On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote:

On 5.9.2011, at 4.28, Kyle Brantley wrote:

Okay, something else isn't cooperating with this at all. I 
reconfigured it to use dirsize just to test (quota = dirsize:User 
quota in 90-quota.conf instead of quota = maildir:User quota), and 
it is still trying to use maildir quotas:


Your user_query in dovecot-sql.conf overrides the quota setting.


Same problem here.
But how can I use maildirsize quota  user_query in 
dovecot-slq.conf ?


I want to manage my users in a sql table and use maildirsize quota.


There's nothing special in that. Just about all the examples in wiki
assume you want to do that.
http://wiki2.dovecot.org/Quota/Configuration#Per-user_quota


OK, thanks. Removing CONCAT('*:bytes=', CAST(quota AS CHAR)) AS  
userdb_quota_rule from user_query as well as from password_query in 
dovecot-sql.conf worked for me.


Greetz, Tobias

[Dovecot] Bug found, assertion failed

2011-01-20 Thread Tobias Daucher


Hi there,
We're running dovecot 2.06, with mdbox.
Following message was in our syslog:
Jan 20 09:26:48 servername dovecot: [ID 583609 mail.crit] imap(user): Panic: file istream-limit.c: 
line 79: assertion failed: (v_offset = lstream-v_size)


The problem could be solved on client side, by just deleting the 
ImapMail-Folder in Thunderbird.
Why? Thunderbird tried to move a message, that obviously wasn't there. Dovecot got killed and the 
message above was in the syslog. Connection was closed and Thunderbird told me the server is dead. 
Thunderbird tried this every few seconds, and there was no way to say thunderbird stop try moving. 
So the only way was to delete thunderbirds mail cache.


I think it would be very nice, if dovecot doesn't die, just because the client tries to move a 
message, which isn't there.


Thanks,
Tobias Daucher

--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz:  Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand:  Amberg
Steuernummer:   201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

Re: [Dovecot] dsync not copying all mail

2011-01-10 Thread Tobias Daucher


Am 10.01.2011 14:59, schrieb Nick Rosier:

Hi,

I'm still trying to migrate from Dovecot 1.2.16 to 2.0.7 on FreeBSD. Previous 
attempts have failed
with mails not being visible after the upgrade. Version 1.2.16 was migrated 
from maildir to dbox
about a year ago via the convert-plugin. After previous attempts to clean the 
hybrid maildir-dbox
situation I used imapsync to copy all mails from the old account to a new 
account. I would assume in
this case I get a clean dbox-mailmap. I tried to run dsync on this new map but 
noticed a lot of
mails are not syncing:

[vm...@mail ~]$ find /vmail2/new/bunbun.be/nick | wc -l
5329
[vm...@mail ~]$ find /vmail2/old/bunbun.be/nick | wc -l
6134

Any ideas?
N.



deleted mails on old server... do expunge or purge befor syncing. imapsync will not copy deleted 
messages i think...



--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz:  Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand:  Amberg
Steuernummer:   201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

[Dovecot] shared boxes

2010-12-21 Thread Tobias Daucher


Hi there,
is it possible in any way to have private seen flags for users in a shared 
mailbox?
http://wiki2.dovecot.org/SharedMailboxes/Shared says no, but i'm not sure, if newer mailbox formats 
can do this... like mdbox oder something like that.

thanks for your help
Tobi
--

Re: [Dovecot] Virtual inbox folder bug

2010-11-03 Thread Tobias Daucher

Got the same problem with thunderbird... thunderbird wants to be intelligent and caches
information...
the server would remove the message, but thunderbird says hey it was not me so i don't anything
about moving and reads the message from its cache...
close thunderbird, delete the imapmail folder in your profile, and restart thunderbird = mail is
gone...
and if you find a way to turn off this fu***ing caching of thunderbird it would be nice to tell it
to me...

caching sucks with imap and i don't find any option to turn it off...
bye
tobi

Am 02.11.2010 22:50, schrieb Antonio Henrique Oliveira:

Hi all,

I've been using dovecot as our internal mail server for quite some time. It
works very well. Each of
our mailboxes have 1000+ messages (some have more than 4-5000 messages).

I have recently started using virtual folders and, using an adaptation of an
example script in the
dovecot site (http://wiki.dovecot.org/Plugins/Virtual), to have a virtual
folder changed to act as
inbox.

All of my email is delivered in some folder other than the real inbox via sieve
scripts.
My inbox is, therefore, a virtual folder, which only displays the unread emails
on all the folders
in the account.

Everything works fine *except* that, when I mark an email as read or when I
open an email directly
on the inbox, it does not disappear from the inbox (as it should since it is
not unread after being
open or being marked as read).

I'm not sure if this is a bug, a feature, or a misconfiguration :)

I'm using dovecot 1.2.13 on Debian Etch (installed using the backports
repository). Attached is the
file with the output of dovecot -n, the script for the virtual folder and the
custom login script
to change the virtual folder to act as the inbox.

I'm using Thunderbird 3.1.6 on Windows XP SP3 as the main mail client and also
using an Android
phone (Samsung Galaxy) to access the same account.

Regards,

Dr. Nagler Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz: Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand: Amberg
Steuernummer: 201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

Re: [Dovecot] dsync, separator, but really - Default Namespace

2010-10-29 Thread Tobias Daucher


Am 28.10.2010 16:35, schrieb Daniel L. Miller:

Just made the leap from 1.2 to 2.0.6 - and several maddening config typos I 
think I have a working
system again! Getting closer to converting from maildir to mdbox, but first...

Trying to use dsync gives me:
dsync(root): Fatal: Mail locations must use the same virtual mailbox hierarchy 
separator (specify
separator for the default namespace)

Ok - I 've never configured namespaces before...time to learn. So my first 
attempt - is the
following config the same as having no explicit namespace declaration?:

# My Default Namespace
namespace {
type = private
separator = '.'
prefix =.
location = /var/mail/%d/%n/Maildir
inbox = yes
hidden = no
list = yes
subscriptions = yes
}



the first thing i see is that there must not be quotes around the separator, don't know who dovecot 
is working with the quotes...

the locatin needs a prefix about the format so anything like
maildir:/var/mail/%d/%n/Maildir

--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz:  Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand:  Amberg
Steuernummer:   201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

Re: [Dovecot] Convert Plugin

2010-10-28 Thread Tobias Daucher


Am 27.10.2010 20:26, schrieb Daniel Luttermann:

Dr Matthew Williams wrote on 10/27/2010:


Hello,

I have been investigating mailbox conversions and have used the convert
plugin under Dovecot V1.x. I cannot find the plugin in the list on the
wiki for Dovcot V2.x, is it not included for a reason?

I understand that I can do a post-login script to do the conversion,
any guidance on best practices?


you can use dsync instead.

Link: http://wiki2.dovecot.org/Tools/Dsync

--
Daniel


after having some problems with dsync, we did all convertings like this 
(imap-tool/daemon)
1. make a namespace for the old format
2. make a namespace for the new format
3. use something like this:
(echo 1 select .mboxnamespace/old; echo 2 copy 1:* mdboxnamespace/new; echo 3 logout)| 
/usr/local/libexec/dovecot/imap -u user

after checking the result you can do
(echo 1 select .mboxnamespace/old; echo 2 delete .mboxnamespace/old; echo 3 logout)| 
/usr/local/libexec/dovecot/imap -u user
and thats it... works for every formats that dovecot can access... perhaps it is possible to add 
this way as an alternative for dsync to the wiki - cause dsync has some problems.. i.e. wenn old 
mailboxes have little errors or something like that...

note: you have to create the new folder in the new namespace of course before 
copying...

bye and i hope this will help all of you!
Tobi

--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz:  Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand:  Amberg
Steuernummer:   201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

Re: [Dovecot] merge mdboxes

2010-10-26 Thread Tobias Daucher

Am 25.10.2010 15:53, schrieb Timo Sirainen:

On Sat, 2010-10-23 at 16:27 +0200, Tobias Daucher wrote:

Hi there,
after migration we have a very big problem...
there are two mailboxes in /var/mail/username/mailboxes/
/var/mail/username/mailboxes/inbox
/var/mail/username/mailboxes/inbox2

So they are in the same mdbox storage, just in different mailboxes?

By the way - logging in via imap with thunderbird und move them on
that way is not my favorite solution cause i have to do this for
hundreds of users...

IMAP would still be the simplest solution. You could do something like:

printf 1 select inbox2\n2 copy 1:* INBOX\n3 delete inbox2\n |
/usr/local/libexec/dovecot/imap -u username

All right it works!
dsync is sometimes not s stable but the imap server is... so why do a converting oder something
like that not always via this way?
(echo 1 select .NCarchiv/tsdauche; echo 2 copy 1:* INBOX; echo 3 logout)| su tsdauche -c
/usr/local/libexec/dovecot/imap

and after that you can delte the old box...
(echo 1 select .NCarchiv/tsdauche; echo 2 delete .NCarchiv/tsdauche; echo 3 logout)| su
tsdauche -c /usr/local/libexec/dovecot/imap

so there are no faults and no problems with converting and merging boxes...
thanks for that hint timo!
bye
tobias daucher

Dr. Nagler Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz: Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand: Amberg
Steuernummer: 201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

[Dovecot] merge mdboxes

2010-10-23 Thread Tobias Daucher


Hi there,
after migration we have a very big problem...
there are two mailboxes in /var/mail/username/mailboxes/
/var/mail/username/mailboxes/inbox
/var/mail/username/mailboxes/inbox2
i DO have to merge these boxes, but i found no tools for this step. is  
there any way with doveadm oder dsync to move alle messages from mdbox  
inbox2 into mdbox inbox?
i hope you all can tell me a way to do this - its a very very big  
problem at the moment.
By the way - logging in via imap with thunderbird und move them on  
that way is not my favorite solution cause i have to do this for  
hundreds of users...

i hope you can help me! thanks a lot!
Tobias Daucher

[Dovecot] bug with null pointer

2010-10-21 Thread Tobias Daucher


Hi,
we found a serious bug while testing our migration scripts.
in Solaris (or other system 5) the user variable is not always set.
Dsync is not very happy about that and crashes with an segmentation fault.
After hours of debugging and TWOE simple lines
# USER=$LOGNAME
# export USER
the problem was solved! The null pointer was found - so i will go home now an
drink a bottle of Erdinger...
hope this hint helps for development - and we hope that we don't find
more of these bugs :)
bye
Tobi

--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Hauptsitz:  Schnaittenbach
Handelregister: Amberg HRB 4653
Gerichtsstand:  Amberg
Steuernummer:   201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze

[Dovecot] acl allow creation of special foldernames

2010-10-14 Thread Tobias Daucher


Hi,
ACL works fine now...
But is it possible so allow users the creation of specific folder names?
so users should be able to create a folder Sent but not the folder 
Send or something like that

I just want to allow some folder names and only THESE folders...
Thanks for you help!
Tobi


--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler

Re: [Dovecot] bug in dsync

2010-10-14 Thread Tobias Daucher


Am 14.10.2010 18:33, schrieb Timo Sirainen:

On Wed, 2010-10-13 at 07:55 +0200, Tobias Daucher wrote:

Hi,
I'm trying to convert mailboxes from mbox zu mdbox.
The following command was performed:

dsync mirror -u tsdauche mbox:~/.NCmail/Drafts


dsync -u tsdauche mirror mbox:~/.NCmail/Drafts


dsync(tsdauche): Panic: file dsync-worker-local.c: line 185
(dsync_drop_extra_namespaces): assertion failed: (ns != NULL)
[1]   Abort trap (core dumped) dsync mirror -u tsdauche


This is strange though.

Anyway, with your config I get an error instead of the above crash:

dsync(tss): Fatal: All your namespaces have a location setting. It
should be empty (default mail_location) in the namespace to be
converted.

I tried this right now... i commented out the location from one 
namespace... put you line to the shell... exactly the same error...

thanks but this was not the fault...


--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler

Re: [Dovecot] mbox folder deleting

2010-10-14 Thread Tobias Daucher


Am 14.10.2010 17:23, schrieb Timo Sirainen:
 On Tue, 2010-10-12 at 16:30 +0200, Tobias Daucher wrote:
 Hi there again,
 I just wanna tell you what little bug we've found...
 Namespace is in mbox format.
 After deleting an mbox the entry in the .imap stays so not everyting is
 moved away and ist just hanging around...
 not so bad, but would be nice if it was cleaned up...

 You didn't mention what Dovecot version. I think in earlier v2.0.x there
 was such a bug, but at least now with v2.0.5 it gets deleted just fine.

ok thanks, we just tried 2.0.3 - sorry...
in the other posting i made there was the version number and so on...
tobi

--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler

[Dovecot] mbox folder deleting

2010-10-13 Thread Tobias Daucher


Hi there again,
I just wanna tell you what little bug we've found...
Namespace is in mbox format.
After deleting an mbox the entry in the .imap stays so not everyting is 
moved away and ist just hanging around...

not so bad, but would be nice if it was cleaned up...
thanks
Tobi
--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler

[Dovecot] bug in dsync

2010-10-13 Thread Tobias Daucher


Hi,
I'm trying to convert mailboxes from mbox zu mdbox.
The following command was performed:

dsync mirror -u tsdauche mbox:~/.NCmail/Drafts
dsync(tsdauche): Fatal: execvp(-u) failed: No such file or directory
dsync(tsdauche): Panic: file dsync-worker-local.c: line 185 
(dsync_drop_extra_namespaces): assertion failed: (ns != NULL)
[1]   Abort trap (core dumped) dsync mirror -u tsdauche 
mbox:~/.NCmail/Drafts



I also tried other combinations with dsync, but they all fail... :(
I'm sending the core file and the conf output with this mail.
Hope you can find out whats the problem, thanks a lot!
Tobi
--


Dr. Nagler  Company GmbH
Hauptstraße 9
92253 Schnaittenbach

Tel : 09622-7197-38
Fax : 09622-7197-50
Handy: 0160-5348073
Web : http://www.nagler-company.com
E-Mail : tobias.dauc...@nagler-company.com

Amberg HRB 2845
Gerichtsstand Amberg
Steuernummer 201/118/51809
USt.-ID-Nummer DE 813066264
Geschäftsführer: Dr. Martin Nagler


dovecot.conf

# 2.0.3: /usr/local/etc/dovecot/dovecot.conf
# OS: NetBSD 5.0.2 amd64
auth_cache_size = 10485760
auth_cache_ttl = 36000 s
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
base_dir = /var/run/dovecot/
debug_log_path = /var/tmp/dovecot-debug-log
default_internal_user = open-xchange
default_login_user = open-xchange
deliver_log_format = msgid=%m: %$ From = %f Size = %p
disable_plaintext_auth = no
dotlock_use_excl = yes
hostname = s051
info_log_path = syslog
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
mail_plugin_dir = /usr/lib/dovecot
mdbox_rotate_size = 209715200
namespace {
  hidden = yes
  inbox = no
  list = yes
  location = mdbox:%h/.NCmailmd
  prefix = NCmailmd/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = yes
  list = children
  location = mdbox:/var/mail/%u
  prefix = _INBOX_/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = no
  list = yes
  location = mbox:%h/.NCmailmd/ARCHIV
  prefix = ARCHIV/
  separator = /
  subscriptions = yes
  type = private
}
namespace {
  hidden = yes
  inbox = no
  list = children
  location = mdbox:%h/.NONEXISTENT
  no_storage_autocreate = yes
  no_storage_autodetect = yes
  prefix = NONEXISTENT/
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  driver = passwd
}
postmaster_address = postmas...@nagler-company.com
protocols = imap
quota_full_tempfail = yes
sendmail_path = /usr/pkg/libexec/sendmail/sendmail
service auth-worker {
  user = root
}
service auth {
  unix_listener auth-userdb {
group =
mode = 0666
user =
  }
  user = $default_internal_user
}
service imap-login {
  process_min_avail = 1
  service_count = 0
  vsz_limit = 67108864
}
service imap {
  process_limit = 1024
  vsz_limit = 268435456
}
ssl = no
userdb {
  driver = passwd
}
verbose_proctitle = yes
protocol imap {
  imap_client_workarounds = delay-newmail
  imap_idle_notify_interval = 120 s
  imap_logout_format = bytes=%i/%o
  imap_max_line_length = 65536
  mail_max_userip_connections = 0
  mail_plugins =
}

Re: [Dovecot] Patch: New event mailbox_create for the mail_log plugin

2010-08-02 Thread Tobias Joch

Am 02.08.2010 um 16:34 schrieb Timo Sirainen:

 On Thu, 2010-07-29 at 13:28 +0200, Tobias Joch wrote:
 
 the following patch for the mail_log plugin (source version = 1.2.13) adds a 
 new logging event mailbox_create. 
 Perhaps this is also of interest to other people except me ;)
 
 I added mailbox_create event now to v2.0, but I had to pretty much
 rewrite the patch because v2.0's mail_log plugin works via notify
 plugin.
 

Cool ;) Thanks!

Re: [Dovecot] Using Dovecot deliver with Postfix

2009-12-30 Thread Tobias Lang

Am 29.12.2009 um 22:34 schrieb Timo Sirainen:

 On Fri, 2009-12-25 at 13:30 +0100, Tobias Lang wrote:
 
 while installing Dovecot sieve, I am not able to deliver email for root. 
 
 That's because you should be redirecting root's mails to some other
 user. root shouldn't have mail.

Well, I do redirect mail to admin accounts. However, I use
SuSE 11 as a base system. And there it is a default to also
deliver root mail to the root account, default aliases looks like this:

 root:  tobi, \root

I was not aware, that root should not be allowed to recieve mail
at all and by removing the '\root' from /etc/aliases, deliver is working as
expected.

Tobi

P.S.: Sorry for private double-post

Re: [Dovecot] pop3+leave messages on server

2009-12-29 Thread Tobias

On Tue, 29 Dec 2009 09:48:46 +0100, Papp Tamas tom...@martos.bme.hu
wrote:
 hi All,
 
 I have a srange problem.
 
 Before dovecot there was a courier imap and it worked just fine. The 
 client(s) are the same then before, so I think, this is an server side 
 problem.
 
 I have a user with Outlook and he uses pop3 and leaves messages on
server.
 
 
 Sometimes the messages get downloaded again, when he starts the outlook. 
 Not all, but 7-9 hours back.
 
 uidl format is like it's suggested:
 
   pop3_uidl_format = %08Xu%08Xv
 
 
 
 Any idea, what's wrong and what I can do?
 
 Thank you very much,
 
 tamas

Is that a problem with other MUAs too? Or is Outlook the only affected one?
You tried Thunderbird or Windows Live Mail to verify?

Regards

tobi

Re: [Dovecot] pop3+leave messages on server

2009-12-29 Thread Tobias

On Tue, 29 Dec 2009 11:27:49 +0100, Papp Tamas tom...@martos.bme.hu
wrote:
 Tobias wrote:

 Is that a problem with other MUAs too? Or is Outlook the only affected
 one?
 You tried Thunderbird or Windows Live Mail to verify?
   
 
 No, the users are using only Outlook. Should I try it with TB? It would 
 be a bit hard, because the failure does not depend on anything, I don't 
 know, how to cause it.
 
 Thanks,
 
 tamas

Hi Tamas

yes I would try with another MUA just to verify whether it's a MUA- or
server problem. 
Btw: No chance to persuade the user to use IMAP instead of POP3?

Cheers

tobi

[Dovecot] Using Dovecot deliver with Postfix

2009-12-29 Thread Tobias Lang

Hello,

while installing Dovecot sieve, I am not able to deliver email for root. The 
strange thing is,
that mails to ordinary users get delivered. And no, I do not use virtual mail, 
just ordinary
unix accounts with an entry to passwd / shadow.
Also before switching from Postfix deliver to Dovecot deliver, everything 
worked fine.
Current versions for dovecot and postfix are:

  dovecot-1.2.8
  postfix-2.6.5

Anybody an idea, where I misconfigured something?

Thanks in advance
Tobi


dovecot.log (Dovecot daemon)
-
Dec 25 13:15:01 deliver(root): Error: chdir(/root) failed: Permission denied
Dec 25 13:15:01 deliver(root): Error: stat(/root/Maildir) failed: Permission 
denied
Dec 25 13:15:01 deliver(root): Error: stat(/root/Maildir/tmp) failed: 
Permission denied (euid=65534(nobody) egid=65533(nobody) missing +x perm: /root)
-

mail.log (Postfix daemon)
-
Dec 25 13:15:01 h636004 postfix/pickup[9007]: ABD64208163: uid=0 from=root
Dec 25 13:15:01 h636004 postfix/cleanup[9073]: ABD64208163: 
message-id=20091225121501.abd64208...@domain.net
Dec 25 13:15:01 h636004 postfix/qmgr[9006]: ABD64208163: 
from=r...@domain.net, size=629, nrcpt=1 (queue active)
Dec 25 13:15:01 h636004 postfix/local[9075]: ABD64208163: to=t...@domain.net, 
orig_to=root, relay=local, delay=0.26, delays=0.14/0.01/0/0.12, dsn=2.0.0, 
status=sent (delivered to command: /usr/local/libexec/dovecot/deliver)
Dec 25 13:15:01 h636004 postfix/local[9075]: ABD64208163: to=r...@domain.net, 
orig_to=root, relay=local, delay=0.36, delays=0.14/0.01/0/0.21, dsn=4.3.0, 
status=deferred (temporary failure)
-

Here is an excerpt from my dovecot.conf:

dovecot.conf:
-
protocol lda {
  postmaster_address = postmas...@domain
  #mail_plugins = sieve # Disabled to fix deliver issue
}
mail_location = maildir:%h/Maildir
auth default {
  mechanisms = plain login
  passdb pam {
args = *
  }
  userdb passwd {
  }
  socket listen {
master {
  path = /var/run/dovecot/auth-master
  mode = 0600
}
client {
  path = /var/spool/postfix/private/auth
  mode = 0660
  user = postfix
  group = postfix
}
  }
}
-

Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve

2009-12-29 Thread Tobias Lang

Am 28.12.2009 um 11:55 schrieb Steve Wagner:

 if header :contains Organization web.de { discard; stop; }
 
 This often works, but sometimes it fails. Procmail reports then that
 deliver reported an error (but not which) and delivers them to my inbox.
 There are also no message in dovecots or dovecot delivers log file.

This rule will fail, when there is no HeaderEntry called Organization.
You should try From instead, this HeaderEntry should always be there
to test against.

Tobi

Re: [Dovecot] Pigeonhole Sieve IMAP flag question

2009-12-29 Thread Tobias Lang

Am 29.12.2009 um 12:58 schrieb Julian Cowley:

 Hello,
 
 Here is a small script that I've been running to test a problem I've been 
 seeing.  Shouldn't this result in the mail being delivered to the inbox as a 
 new message (ie. without the \Seen flag)?
 
   require imap4flags;
 
   addflag \\Seen;
   removeflag \\Seen;
 
 Every message gets delivered to the inbox as though it's already been read.


Hello Julian,

by removing the Seen flag, you mark the message as read. New mails arrives 
with the
Seen flag set - thus your command addflag \\Seen is useless. Check out 
RFC 3501
for the meaning of the different flags.

Tobi

Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve

Am 28.12.2009 um 11:55 schrieb Steve Wagner:

 if header :contains Organization web.de { discard; stop; }
 
 This often works, but sometimes it fails. Procmail reports then that
 deliver reported an error (but not which) and delivers them to my inbox.
 There are also no message in dovecots or dovecot delivers log file.

This rule will fail, when there is no HeaderEntry called Organization.
You should try From instead, this HeaderEntry should always be there
to test against.

Tobi

Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve


Am 28.12.2009 um 13:02 schrieb Steve Wagner:

 Hi Tobi, yes but it is correct. It should only discard messages that
 have this header. The sieve filter is larger, this are only the parts
 witch use discard.
 
 Steve
 
 Am 28.12.2009 12:25, schrieb Tobias Lang:
 Am 28.12.2009 um 11:55 schrieb Steve Wagner:
 
 if header :contains Organization web.de { discard; stop; }
 
 This often works, but sometimes it fails. Procmail reports then that
 deliver reported an error (but not which) and delivers them to my inbox.
 There are also no message in dovecots or dovecot delivers log file.
 
 This rule will fail, when there is no HeaderEntry called Organization.
 You should try From instead, this HeaderEntry should always be there
 to test against.
 
 Tobi


Hey Steve,

as you can not provide some error messages, it is quite hard to help you with
your problem. However, I would guess that there is something wrong with your
sieve rules - based on the information, that most mails get filtered correctly.
Try analyzing the mails causing errors separately with e.g.:

  http://www.fastmail.fm/docs/sieve/sievetest.php

Maybe you can isolate the error there.

Tobi

Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve

Am 28.12.2009 um 14:34 schrieb Steve Wagner:

 Ok ive tested it. The sieve script works as expected.
 
 The only error message i have, come from procmail.log:
 
 24918-Folder: /opt/dovecot/libexec/dovecot/deliver
  3720
 24919-procmail: Error while writing to
 /opt/dovecot/libexec/dovecot/deliver
 24920:From keineantwortadre...@web.de  Tue Dec  8 07:19:55 2009
 
 The procmail-deliver error logfile is empty and the normal log file dose
 not contains that error.
 
 Do you have an idea how else i can get the error message?
 
 Steve

Try using 'VERBOSE=on' in .procmailrc . Moreover I find it curious that, 
procmail
tries to write to dovecot/deliver. This should be a binary file and no writing 
should
occur to it. What does your .procmailrc look like?

Tobi

Re: [Dovecot] checking all folders for new mail (IMAP STATUS command)

2009-12-28 Thread Tobias

On Mon, 28 Dec 2009 14:30:14 +0100, Florian Effenberger flo...@gmail.com
wrote:
 Hello,
 
 I use Thunderbird as IMAP client and do a lot of server-side filtering
 with Sieve scripts. To be notified of new mails, I want to check all
 folders (a lot of them...) at once for new mails, and not only the
 inbox.
 
 According to

http://kb.mozillazine.org/Checking_for_new_messages_in_other_folders_-_Thunderbird
 it should be sufficient to enable one setting -- given that the IMAP
 server returns the STATUS command correctly. I still run Dovecot 1.0
 (from Debian 4.0), and it seems this version doesn't support the IMAP
 STATUS command, as I have to explictly query each folder with the
 second mentioned setting.
 
 What is the recommended way of checking all folders for new mails? Is
 there any server-side setting I can activate? Do newer versions of
 Dovecot support the STATUS command in the way Thunderbird expects it?
 Or does Dovecot even offer an option like the mentioned
 IMAP_CHECK_ALL_FOLDERS=1 and IMAP_ENHANCEDIDLE=1 in Courier?
 
 Sorry for my maybe dumb question... :-)
 
 Thanks,
 Florian
This might be help you...
**quote**
If Thunderbird doesn't recognize that a folder contains unread messages try
setting mail.imap.use_status_for_biff true. It causes Thunderbird to
explicitly select each folder to update the message summaries, rather than
using the STATUS command. It has more overhead, but some IMAP servers don't
return STATUS correctly. 
**quote**

Re: [Dovecot] checking all folders for new mail (IMAP STATUS command)