Re: submissiond xoauth2 authentication: line too long
Hi all, this was a bug in old pear/net_smtp versions used by my roundcube installation. My suspicion was correct though. Roundcube did indeed send a non-compliant SMTP command. Cheers, Tobi
submissiond xoauth2 authentication: line too long
Hi, I am running the latest container image which has dovecot-submissiond2:2.3.20-3+debian11 I am running into the following problem. I have successfully set up xoauth2 for IMAP and ManageSieve. Now when roundcube tries to send email to submissiond it fails with 500 5.5.2 Line too long This happens right after roundcube sends AUTH XOAUTH2 dXNlcj10ZkBzY2hhZWZmZXItYWcu[...] (a line of length 2149 characters). Reading RFC 4954, section 4 I suppose that this does not look standard compliant. Am I correct? I will raise this issue with roundcube as well. Cheers, Tobi
Re: doveadm proxy list has strange entries
Thank you for the answer. So I'll just have to filter it for now.
doveadm proxy list has strange entries
Hi! I am using dovecot from the latest docker image: Version 2:2.3.20-3+debian11 When getting the proxy list I get the following entries. # doveadm -f flow proxy list username=u...@example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port username=us...@example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port username=us...@example.com proto=imap src ip=10.254.0.13 dest ip=172.23.6.194 port=143 username=username proto=service src ip=src-ip dest ip=dest-ip port=dest-port ... These correspond to the http API's response: # curl -H "Authorization: X-Dovecot-API $(echo -n MY_API_KEY|base64 -w0)" http://localhost:8080/doveadm/v1 -H "Content-Type: application/json" -d '[["proxyList",{},"tag1"]]' | jq [ [ "doveadmResponse", [ { "username": "u...@example.com", "service": "imap", "src-ip": "10.254.0.13", "dest-ip": "172.23.6.194", "dest-port": "143" }, { "username": "username", "service": "service", "src-ip": "src-ip", "dest-ip": "dest-ip", "dest-port": "dest-port" }, ... ], "tag1" ] ] This does not look right. Cheers, Tobias Florek
Re: access dict in lua auth script
Getting back to the old topic. It's not yet possible to get dict objects on demand in Lua scripts. I assume it's also not possible to get a predefined dict in Lua `auth_passdb_lookup` functions. Can this be added? This will make using Lua for pass- and userdb, and event push notification more powerful. Cheers, Tobi
access dict in lua auth script
Hi! I want to access a configured dictionary in a lua authentication script. Unfortunately the documentation <https://doc.dovecot.org/admin_manual/lua/> does mention a dict object but no way to get one. I also did not find any lua tests in dovecot's source code. Is using the built-in dict not supported? Cheers, Tobias Florek
Re: Bug report: TLS SNI for LDAP userdb/passdb
Cheers, On Thu, 2022-09-15 at 07:18 +0300, Aki Tuomi wrote: > On September 14, 2022 5:29:46 PM GMT+03:00, Tobias Wolter > wrote: > > Cheers, > > > > Dovecot 2.3.4.1 (Debian stable) here, and the changelog does not > > offer > > any hope of salvation, so a bug report it is. > > > > The LDAP connections for userdb/passdb do not support SNI via TLS. > > > > Simple construct to reproduce this: > > > > 0.) Have a.pem with SAN `foo.example.com`, b.pem with > > `bar.example.com` > > 1.) Configure haproxy frontend with `bind *:636 ssl crt /foo/a.pem > > ssl > > crt /foo/b.pem` > > 2.) Try to use ldaps://bar.example.com/ in passdb, receive > > "auth: Error: LDAP: Can't connect to server: > > ldaps://bar.example.com" > > > > Expectation, of course, would be for this to work; most libraries > > should support it, it's probably just a matter of convincing the > > appropriate binding. > > Can you verify with > > openssl s_client -connect bar.example.com:ldaps -servername > bar.example.com > > that correct cert is served? Forgot to mention that I of course tested with `s_client` and `ldapsearch`/`ldapwhoami`; HAProxy correctly serves the right certificate as per the SNI indication. Regards, -towo signature.asc Description: This is a digitally signed message part
Bug report: TLS SNI for LDAP userdb/passdb
Cheers, Dovecot 2.3.4.1 (Debian stable) here, and the changelog does not offer any hope of salvation, so a bug report it is. The LDAP connections for userdb/passdb do not support SNI via TLS. Simple construct to reproduce this: 0.) Have a.pem with SAN `foo.example.com`, b.pem with `bar.example.com` 1.) Configure haproxy frontend with `bind *:636 ssl crt /foo/a.pem ssl crt /foo/b.pem` 2.) Try to use ldaps://bar.example.com/ in passdb, receive "auth: Error: LDAP: Can't connect to server: ldaps://bar.example.com" Expectation, of course, would be for this to work; most libraries should support it, it's probably just a matter of convincing the appropriate binding. Kind regards, -towo signature.asc Description: This is a digitally signed message part
Re: Config file syntax: secrets from file in key=value
Hi Aki! > You can use $ENV:variable syntax with Dovecot v2.3.14+. The environment variable needs to be listed in `import_environment` setting and be available for dovecot process on startup. Thank you for your answer. I will test it tomorrow. I thought it was not supported because I interpreted > Expansion only works when it’s surrounded by spaces. as it not being able to use for e.g. default_fields = pass=$ENV:MY_ENV_VARIABLE If it does indeed work I will submit a pull request clarifying the documentation. Cheers, Tob
Config file syntax: secrets from file in key=value
Hi! I'd like to set up proxy authentication. This works fine, but I cannot get the passwords in to be read from file. Specifically I have this passdb block. passdb { driver = passwd-file mechanisms = plain scram-sha-256 default_fields = proxy=y host=dovecot-backend master=imapc-master-user proxy_mech=plain pass= args = /run/secrets/dovecot.generated.app-passwd-file/passwd } This sets the password to the string /run/secrets/dovecot.imapc-master-user/password. I'd like the password to be set to the content of said file. Is it possible to get the password from a file or less desirable from the environment? Reading https://doc.dovecot.org/configuration_manual/config_file/ I assume it's not. Cheers, Tobias Florek
Re: Shared mailboxes, users with dots and a bug in subscriptions
Hi, Thanks for your support. So a workaround would involve the migration from the flat to an hierarchical LAYOUT=fs, change the hierarchy separator to „/‟ and the namespace separator to a rarely used symbol like „§‟. Okay, that actually sounds like a nightmare to me. > But this would not resolve the actual bug, that subscriptions > are not split and persisted correctly. > In the end i would just be forced to use :LAYOUT=fs > to mitigate the bug, even if i like the flat layout. :-) What do you think about accepting the miss-behaviour and fixing the splitting function in "subscription-file.c" ? :-D Best regards Tobias -- Rockstable IT UG (haftungsbeschränkt) Löhrstr. 19 04105 Leipzig Sitz der Gesellschaft: Leipzig Registergericht: Amtsgericht Leipzig, HRB 36289 Geschäftsführer: Tobias Stein USt-IdNr.: DE324059204 https://www.rockstable.it/ Free Software Foundation Europe - Was ist Freie Software? https://fsfe.org/freesoftware/freesoftware.de.html Public Money? Public Code! https://publiccode.eu/de/ Am Donnerstag, 28. Januar 2021, 16:06:46 CEST schrieb Aki Tuomi: > > On 28/01/2021 16:55 Tobias Stein wrote: > > > > > > Hi Aki, > > > > Thanks for your prompt reply! :-) > > And because i classically forgot to attach > > the dovecot-sysreport, i'll deliver it now. :-) > > > > > > Yes, you're right. Setting :LAYOUT=fs would be a workaround. > > I'd also have to migrate every > > single mailbox to the new hierarchical layout. > > The hierarchical separator list->sep would > > indeed change to „/‟ and the subscriptions > > would be split differently. > > > > Please correct me when i'm wrong, but > > the namespace/separator would have to be changed too, > > to prevent splitting on another "wrong" position. > > The current > > shared/root@example com/testsubtest > > would become to > > shared r...@example.comtestsubtest. > > Which is also wrong because there is no user shared. > > So the namespace separator could be set to again something > > different (from „auth_username_chars‟ + "/+") > > like „^°!§%&=?;:#¹²³‟ which all would be ugly. > > And with namespace/sep set to „°‟ leading to the form > > shared°r...@example.com°testsubtest. > > > > But this would not resolve the actual bug, that subscriptions > > are not split and persisted correctly. > > In the end i would just be forced to use :LAYOUT=fs > > to mitigate the bug, even if i like the flat layout. :-) > > > > I think there should be a default, which is valid > > for a common deployment with all features working. > > Maildir++ for sure is a great choice for this, > > but the implementation has a flaw: > > a hard-coded „separator‟, which collides with > > the DNS label delimiter, when storing subscriptions. > > signature.asc Description: This is a digitally signed message part.
Re: 100 MB RAM per clinet in an imap-proxy setup ...
- On Sep 3, 2021, at 10:06 AM, Aki Tuomi aki.tu...@open-xchange.com wrote: >> On 03/09/2021 10:25 Tobias Oetiker wrote: >> >> >> - On Sep 3, 2021, at 9:01 AM, Aki Tuomi aki.tu...@open-xchange.com wrote: >> >> >> On 03/09/2021 09:35 Tobias Oetiker wrote: >> >> >> >> >> >> Hi All, >> >> >> >> I spent some quality time yesterday, tuning dovecot on a server which >> >> serves as >> >> an imap-proxy in front of a zimbra setup >> >> the imap proxy does ldap client-cert authentication and works well. >> >> >> >> BUT >> >> >> >> I found that the imap-login processes seem to gain 100 MB per connection >> >> they >> >> are accepting ... this seems pretty hefty. >> [...] >> > >> > I would strongly recommend using "high performance" configuration on your >> > proxy. >> > >> > See >> > https://doc.dovecot.org/admin_manual/login_processes/#high-performance-mode >> >> yes that is what we have: >> >> service imap-login { >> service_count = 0 >> client_limit = 380 >> process_limit = 10 >> vsz_limit = 39G >> } >> >> the machine has 180 GB ram >> > > Which version of dovecot are you running? > 2.3.9 I am planning to do a testsetup and maybe add mtrace to the code to see who is using this memory ... :) cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902
Re: 100 MB RAM per clinet in an imap-proxy setup ...
- On Sep 3, 2021, at 9:01 AM, Aki Tuomi aki.tu...@open-xchange.com wrote: >> On 03/09/2021 09:35 Tobias Oetiker wrote: >> >> >> Hi All, >> >> I spent some quality time yesterday, tuning dovecot on a server which serves >> as >> an imap-proxy in front of a zimbra setup >> the imap proxy does ldap client-cert authentication and works well. >> >> BUT >> >> I found that the imap-login processes seem to gain 100 MB per connection they >> are accepting ... this seems pretty hefty. [...] > > I would strongly recommend using "high performance" configuration on your > proxy. > > See > https://doc.dovecot.org/admin_manual/login_processes/#high-performance-mode yes that is what we have: service imap-login { service_count = 0 client_limit = 380 process_limit = 10 vsz_limit = 39G } the machine has 180 GB ram cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902
100 MB RAM per clinet in an imap-proxy setup ...
Hi All, I spent some quality time yesterday, tuning dovecot on a server which serves as an imap-proxy in front of a zimbra setup the imap proxy does ldap client-cert authentication and works well. BUT I found that the imap-login processes seem to gain 100 MB per connection they are accepting ... this seems pretty hefty. It does not seem to be a leak, since the setup is stable when client_limit and process_limit are set appropriately. Any ideas what part of the code I should be looking at ? Or is this a configuration problem ? cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902
Re: Deleting an active sieve script leaves sieve unfunctional
> My educated guess is, yes this is a KMail issue. Okay, thanks :-) I'll file a bug report there. Am Montag, 5. Juli 2021, 21:30:54 CEST schrieb dove...@ptld.com: > > On 07-05-2021 2:04 pm, Tobias Leupold wrote: > > > > When I delete a sieve script via the managesieve interface of KMail, I > > would > > expect that this script is removed from the USER.sieve script so that > > it's no > > longer included and not run anymore. Then, it should be deleted. > > As far as sieve is concerned, USER.sieve is the script, still exist and > is still active. > > Sounds like all you have done is removed a required component of the > script being an include file. Sieve doesn't know this, all it knows is > USER.sieve is the script, and its active, so it runs it, which fails > cause as you know, missing an include file. > > The issue is that you have a corrupted sieve script (USER.sieve). I > would not consider this a sieve issue. I would consider this a poor > design by the makers of whatever control panel you using to update your > includes as it should rebuild the script after making such changes. I > think your language choice could be confusing, you aren't deleting "a > script". You are deleting an include file for "the script" being > USER.sieve. >
Re: Deleting an active sieve script leaves sieve unfunctional
Okay, I'll try to explain it better ;-) What I would expect is: When I delete a sieve script via the managesieve interface of KMail, I would expect that this script is removed from the USER.sieve script so that it's no longer included and not run anymore. Then, it should be deleted. What happens is: The script is deleted, but USER.sieve is unchanged and still tries to include it. This leads to a compile error when the next filtering is done. IMO this simply should not happen: After deleting a script, sieve should simply continue to work -- without the script. But what I actually have to do is that I disable the script, so that USER.sieve doesn't include it anymore and then delete it. So the question is if KMail should do this automatically (and thus it's a KMail bug) or if Dovecot doesn't act properly (and thus it's a Dovecot bug) -- or if this is a config issue caused by me not being able to setup dovecot properly :-D I simply think that deleting a sieve script via a managesieve interface should not make the filtering crash and make it necessary to fix this manually ... Am Montag, 5. Juli 2021, 19:45:37 CEST schrieb dove...@ptld.com: > > On 07-05-2021 1:34 pm, Tobias Leupold wrote: > >> Yes, that is the one im talking about: active-script.sieve > >> Just remove that symlink and sieve will be disabled for that user and > >> you shouldn't have any errors. > > > > Yeah, of course I won't -- but sieve filtering won't work as well > > without the > > symlink ... > > Maybe im misunderstanding what answer you are looking for. > Ofcourse sieve wont work without the symlink, that's the point. That is > how you disable it. To prevent errors generated by a missing / corrupt > script. > > Then when you want to use sieve again, create a proper script and enable > it, which will autocreate the symlink again.
Re: Deleting an active sieve script leaves sieve unfunctional
> Yes, that is the one im talking about: active-script.sieve > Just remove that symlink and sieve will be disabled for that user and > you shouldn't have any errors. Yeah, of course I won't -- but sieve filtering won't work as well without the symlink ... Am Montag, 5. Juli 2021, 19:27:50 CEST schrieb dove...@ptld.com: > > On 07-05-2021 1:04 pm, Tobias Leupold wrote: > > There's no symlink pointing to that very script. I have virtual users, > > so I > > keep the respective sieve scripts in /srv/sieve/user@domain/. > > > > Such a directory looks like that: > > active-script.sieve -> USER.sieve > > USER.sieve > > some-script.sieve > > some-other-script.sieve >
Re: Deleting an active sieve script leaves sieve unfunctional
There's no symlink pointing to that very script. I have virtual users, so I keep the respective sieve scripts in /srv/sieve/user@domain/. Such a directory looks like that: active-script.sieve -> USER.sieve USER.sieve some-script.sieve some-other-script.sieve ... Where USER.sieve is the generated file which includes the activated scripts: # USER Management Script # # This script includes the various active sieve scripts # it is AUTOMATICALLY GENERATED. DO NOT EDIT MANUALLY! # # For more information, see http://wiki.kolab.org/KEP:14#USER # require ["include"]; include :personal "some-script"; include :personal "some-other-script"; Am Montag, 5. Juli 2021, 18:46:30 CEST schrieb dove...@ptld.com: > > On 07-05-2021 10:29 am, Tobias Leupold wrote: > > > > So, to avoid this, one has to FIRST deactivate the respectice script, > > so that > > USER.sieve is updated and THEN delete the script. Or to manually fix > > USER.sieve on the server, which is surely not what's intended. > > Curious, can you also fix the situation by just removing the symlink > pointing to the non existent script?
Re: Deleting an active sieve script leaves sieve unfunctional
Well, my workaround for KMail is to simply disable the script to delete before deleting it. This way, it's removed from the auto-generated USER.sieve (where active-script.sieve points to) and it's no problem when the file is actually deleted. Question is if KMail should do this automatically, or if Dovecot should remove a script to delete from USER.sieve before deleting it. Or if I did something wrong configuring Dovecot ;-) Am Montag, 5. Juli 2021, 18:58:15 CEST schrieb Benny Pedersen: > On 2021-07-05 16:29, Tobias Leupold wrote: > > So the question is now: Is this a KMail bug, a Doveceot bug, or is the > > server > > misconfigured?! > > in roundcube one would create another filter-set, with no filter-rules > in, then one set the filter-set with no rules in to be default, this > will disable sieve, reason is that it must always be atleast one > filter-set active, but its not required to have rules in a filter set > > hope this works
Re: Deleting an active sieve script leaves sieve unfunctional
There's no symlink pointing to that very script. I have virtual users, so I keep the respective sieve scripts in /srv/sieve/user@domain/. Such a directory looks like that: active-script.sieve -> USER.sieve USER.sieve some-script.sieve some-other-script.sieve ... Where USER.sieve is the generated file which includes the activated scripts: # USER Management Script # # This script includes the various active sieve scripts # it is AUTOMATICALLY GENERATED. DO NOT EDIT MANUALLY! # # For more information, see http://wiki.kolab.org/KEP:14#USER # require ["include"]; include :personal "some-script"; include :personal "some-other-script"; Am Montag, 5. Juli 2021, 18:46:30 CEST schrieb dove...@ptld.com: > > On 07-05-2021 10:29 am, Tobias Leupold wrote: > > > > So, to avoid this, one has to FIRST deactivate the respectice script, > > so that > > USER.sieve is updated and THEN delete the script. Or to manually fix > > USER.sieve on the server, which is surely not what's intended. > > Curious, can you also fix the situation by just removing the symlink > pointing to the non existent script?
Deleting an active sieve script leaves sieve unfunctional
Dear devs, I noticed this using Dovecot 2.3.7.2, set up on a newly created Ubuntu 20.04 server. If I delete a sieve script via KMail's managesieve interface, and the script is active, it leaves sieve unfunctional afterwards. What's happening is this: Dovecot creates a USER.sieve script containing all active scripts, e. g.: require ["include"]; include :personal "some-script"; include :personal "some-other-script"; Now if I delete "some-script", it's actually deleted, but USER.sieve is not updated (and still contains 'include :personal "some-script";'). So next time an email is filtered, this happens: mail log: Jul 5 15:20:01 server dovecot: lda(user@domain)<123456> : sieve: Failed to compile script `/srv/sieve/user@domain/active-script.sieve' (view user logfile `/srv/sieve/user@domain/active-script.sieve.log' for more information) active-script.sieve.log: sieve: info: started log at Jul 05 14:57:54. USER: line 12: error: included personal script 'some_script' does not exist. USER: error: validation failed. So, to avoid this, one has to FIRST deactivate the respectice script, so that USER.sieve is updated and THEN delete the script. Or to manually fix USER.sieve on the server, which is surely not what's intended. So the question is now: Is this a KMail bug, a Doveceot bug, or is the server misconfigured?! Thanks for all help! Cheers, Tobias
Re: Shared mailboxes, users with dots and a bug in subscriptions
Hi Aki, Thanks for your prompt reply! :-) And because i classically forgot to attach the dovecot-sysreport, i'll deliver it now. :-) Yes, you're right. Setting :LAYOUT=fs would be a workaround. I'd also have to migrate every single mailbox to the new hierarchical layout. The hierarchical separator list->sep would indeed change to „/‟ and the subscriptions would be split differently. Please correct me when i'm wrong, but the namespace/separator would have to be changed too, to prevent splitting on another "wrong" position. The current shared/root@example com/testsubtest would become to shared r...@example.comtestsubtest. Which is also wrong because there is no user shared. So the namespace separator could be set to again something different (from „auth_username_chars‟ + "/+") like „^°!§%&=?;:#¹²³‟ which all would be ugly. And with namespace/sep set to „°‟ leading to the form shared°r...@example.com°testsubtest. But this would not resolve the actual bug, that subscriptions are not split and persisted correctly. In the end i would just be forced to use :LAYOUT=fs to mitigate the bug, even if i like the flat layout. :-) I think there should be a default, which is valid for a common deployment with all features working. Maildir++ for sure is a great choice for this, but the implementation has a flaw: a hard-coded „separator‟, which collides with the DNS label delimiter, when storing subscriptions. Best Regards Tobias dovecot-sysreport-mx1-1611828216.tar.gz Description: application/compressed-tar
Shared mailboxes, users with dots and a bug in subscriptions
Hi, i'm running Dovecot 2.3.14.alpha0 with shared namespaces and stumbled across some errors messages logged, when the list of subscribed mailboxes is queried by a client. For every distinct account of in the list of subscriptions two corresponding lines are logged: Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users Jan 28 11:42:36 mx1 dovecot: imap(example_u...@example.com)<3638>: Error: mkdir(/var/run/dovecot/user-not-found/noc@example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) Jan 28 11:42:36 mx1 dovecot: imap(example_u...@example.com)<3638>: Error: mkdir(/var/run/dovecot/user-not-found/info@example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) Jan 28 11:42:36 mx1 dovecot: imap(example_u...@example.com)<3638>: Error: mkdir(/var/run/dovecot/user-not-found/root@example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) Similar messages are logged, when invalid entries are listed in '/var/lib/dovecot/db/shared-mailboxes', which i already pruned and haven't received them anymore since. I think these errors are caused by an unintended behaviour when writing "~/Maildir/subscriptions", which looks (shortened) like this. V 2 INBOX/INBOX shared/noc@example com/INBOX shared/info@example com/INBOX shared/root@example com/test shared/root@example com/testtest_sub The subscription-file.c explodes the name on every hierarchy separator ('.','\0') and inserts a TAB character. Unfortunately it also explodes on the DNS label delimiter „.‟. This should probably be fixed by passing a structure containing the required information to the formatter to distinguish mailboxes from domain-names. Subscription in combination with multiple domains and shared mailboxes seems broken to me. Actually i can't even explain to me, why it is working in face of the errors. :-) Unfortunately in Maildir++ the separator dot is hard-coded. There is a very old thread on this mailing list, that suggests using „auth_username_translation‟ to replace dots with a different character, but this idea is getting worse the longer i think about it. I absolutely dislike the idea to set LAYOUT=fs, namespace/separator = § to change the separators to split on, because this would mean to restructure the physical layout of all mailboxes (hierarchically) and mess around with lots of files. I attached a dovecot-sysreport to reproduce the behaviour. /etc/dovecot/private/example.com/users looks like this: ###user:password:uid:gid:(gecos):home:(shell):extra_fields noc:{SSHA512}_hash_:: info:{SSHA512}_hash_:: root:{SSHA512}_hash_:: Please correct me if i'm wrong or point me to a workaround, but i think the layout code needs some love. :-) Best regards Tobias
Re: Packages for CentOS 8
On 1 Jun 2020, at 17:02, Peter wrote: On 2/06/20 1:49 am, Aki Tuomi wrote: we are still waiting for CentOS 8 Repo for current Dovecot version from here https://repo.dovecot.org/. Do you have an idea when it will come? Who does it maintain? Is it the Dovecot team? Thanks, Tobias Yes, it's maintained by us. We are working on it and hopefully we are able to publish next release for CentOS8. There are unfortunately some package dependency issues which are not yet fixed in CentOS8, so let's hope those are fixed before we do our release. Aki: If you're talking about quota-devel it has been available now from CentOS in the Devel repo for a while. If you're talking about tcp_wrappers-devel, that is not available and I don't think it ever will be because CentOS 8 has obsoleted tcp wrappers. I have simply disabled tcp wrappers functionality in my GhettoForge build. I'm not aware of any other missing dependencies. Tobias: You are more than welcome to use the packages from GhettoForge which are now in the gf-plus repo. I would love to hear feedback if you have any issues with them. We will have a look at gf-plus, thank you! Tobias
Re: Packages for CentOS 8
Hi Peter, On 9 Apr 2020, at 12:53, Peter wrote: I've now successfully built Dovecot packages for CentOS 8 that do not have the quota support stripped out. I was able to do this because CentOS has now finally shipped the quota-devel package as well as the other -devel packages that were previously missing from CentOS 8. For those of you who are interested they are in the GhettoForge Testing repo for el8 at: http://mirror.ghettoforge.org/distributions/gf/el/8/testing/x86_64/ These are untested so let me know if anyone experiences any issues with them. we are still waiting for CentOS 8 Repo for current Dovecot version from here https://repo.dovecot.org/. Do you have an idea when it will come? Who does it maintain? Is it the Dovecot team? Thanks, Tobias
Re: shared folder name or public folder with mail address
On 15 Feb 2020, at 19:04, Armin Schindler wrote: The shared and public folders need of course the anyone post right to let fileinto work. Or you have a special „list user“ which has the appropriate permissions - depends all on the use case. Now it works. Thank you Tobias. Well done! :) -- collect@shift.agency
Re: shared folder name or public folder with mail address
On 15 Feb 2020, at 12:27, Armin Schindler wrote: On 15.02.2020 12:16, Tobias Kirchhofer wrote: ... the sieve part seems to be very tricky. My test is now working with a public folder and I have a "sieve_before" script in place which works for rules of the private namespace. But when the rule shall "fileinto" a public folder, the mail isn't filtered (moved) and syslog says dovecot: lmtp(.): Error ... sieve...: Mailbox doesn't exist. After some tests I found out it always looks in the private (or shared) namespace for that specfied folder. Do I miss a config option to let dovecot sieve "fileinto" a public namespace folder? I use dovecot version 2.2.13. We „fileinto“ in this manner : |fileinto „Namespace/folder“; | This is what is not working for me. Your procedure below is good and maybe I will use parts of it, thank you. But this part is working for already. The incoming mail is sent to dovecot (postfix virtual alias working) and the match in sieve script is correct too. The problem is that dovecot (sieve) refuses to fileinto "Namespace/folder" because it seems it wants to store the mail in private namespace with "folder1/folder2" instead. The first part of the fileinto path isn't used as namespace name. Is there a config option for this behaviour? Maybe you are missing an include? We have: ``` require "fileinto"; require "mailbox"; require "envelope"; require "subaddress"; require "variables"; require "regex"; require "editheader"; require "include"; ``` In dovecot.conf* i found no directly related settings. Just the usual sieve settings explained here https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration Can you see the Public namespace and the folder in your MUA or via telnet? Are you sure the ACL are correct? Can be that the error message „Mailbox doesn't exist“ is misleading and the permissions are not correct. Here you can see how to debug if not already https://wiki.dovecot.org/Pigeonhole/Sieve/Configuration#Trace_Debugging Armin The procedure in our setup is like this: 1. Virtual alias for each public-Folder email address within postfix: Pattern: fol...@domain.tld <mailto:fol...@domain.tld> listadm+Namespace/fol...@domain.tld <mailto:fol...@domain.tld> Example: i...@domain.tld <mailto:i...@domain.tld> listadm+Verteiler/i...@domain.tld <mailto:i...@domain.tld> Verteiler is the namespace, info the mailbox. listadm is a pseudo user in this context which holds the ACL for fileinto the resulting mailbox with proper permissions. 2. Disassemble the virtual alias address with sieve: Excerpt of the script. It is actually more code because we sort out spam for public folder. German comments, sorry. |# Hat Subadresse? if envelope :matches :detail "to" "*" { # Adressaufbau: listadm+Namespace/liste@ # ${liste} wird Namespace/box set "liste" "${1}"; } […] fileinto "${liste}"; | I can send you the whole script if you need. -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
On 14 Feb 2020, at 10:59, Peter wrote: On 14/02/20 10:10 pm, Tobias Kirchhofer wrote: would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? As others have mentioned there are missing -devel packages in CentOS 8, which is because there are missing -devel packages in RHEL 8, most notably in this case is quota-devel. tcp wrappers is also missing but that's because they are deprecated in CentOS 8 so building without tcp wrapper support is not a big deal, but I would assume that a lot of people will want quota support, so I wouldn't want to build a dovecot package without it. Personally I'm trying to get the GhettoForge build system modified so it can get missing -devel packages by rebuilding the source rpms for them, this is a work in progress. There is also work on the CentOS side to build and offer up the missing -devel packages. At the end of the day nobody will be able to build decent dovecot packages until one of these things happens. For now you can use the stock dovecot 2.2.36 that comes with CentOS or you can wait. CentOS and Red Hat have not made this easy so it is going to take time. Okay, will try 2.2.36. Our protoype is on Debian 10 with the latest Dovecot. Don’t know yet if we rely on features from the latest version. Will see. Thank you. Also on a personal note, I think that pushing out any production server on CentOS 8 at this time is premature. CentOS 8 simply is not ready yet, imo. We have CentOS 8.1 VMs productive with either of nginx, PostgreSQL, MariaDB, Node.js. No problems so far. Cross your fingers! :-) Peter -- collect@shift.agency
Re: shared folder name or public folder with mail address
On 15 Feb 2020, at 10:43, Armin Schindler wrote: On 14.02.2020 11:44, Tobias Kirchhofer wrote: On 14 Feb 2020, at 11:06, Armin Schindler wrote: ... The sorting in the according public folder happens in a global sieve script before user scripts are fireing. It is combined with the ‚+‘ notation in postfix for sub addresses and an special ‚listadm‘ user postfix: | listadm+Verteiler/info@$DOMAIN | The sieve script is then reading the generated address and delivers it into the according public folder. We learned a lot about sieve scripting with this task :-) |sieve_before = /var/vmail/sieve/global/global-before.sieve […] | More details would be to much here. To be honest, we needed some time to get it done properly. It is a combination of features and A LOT OF testing and analysing the behaviour of postfix/dovecot/public-folder/sieve/acl. the sieve part seems to be very tricky. My test is now working with a public folder and I have a "sieve_before" script in place which works for rules of the private namespace. But when the rule shall "fileinto" a public folder, the mail isn't filtered (moved) and syslog says dovecot: lmtp(.): Error ... sieve...: Mailbox doesn't exist. After some tests I found out it always looks in the private (or shared) namespace for that specfied folder. Do I miss a config option to let dovecot sieve "fileinto" a public namespace folder? I use dovecot version 2.2.13. We „fileinto“ in this manner : ``` fileinto „Namespace/folder“; ``` The procedure in our setup is like this: 1. Virtual alias for each public-Folder email address within postfix: Pattern: fol...@domain.tld listadm+Namespace/fol...@domain.tld Example: i...@domain.tld listadm+Verteiler/i...@domain.tld Verteiler is the namespace, info the mailbox. listadm is a pseudo user in this context which holds the ACL for fileinto the resulting mailbox with proper permissions. 2. Disassemble the virtual alias address with sieve: Excerpt of the script. It is actually more code because we sort out spam for public folder. German comments, sorry. ``` # Hat Subadresse? if envelope :matches :detail "to" "*" { # Adressaufbau: listadm+Namespace/liste@ # ${liste} wird Namespace/box set "liste" "${1}"; } […] fileinto "${liste}"; ``` I can send you the whole script if you need. Greetings! Tobias -- collect@shift.agency
Re: shared folder name or public folder with mail address
On 14 Feb 2020, at 15:02, Armin Schindler wrote: On 2/14/20 2:23 PM, Tobias Kirchhofer wrote: On 14 Feb 2020, at 14:05, Armin Schindler wrote: On 2/14/20 11:44 AM, Tobias Kirchhofer wrote: On 14 Feb 2020, at 11:06, Armin Schindler wrote: Hello! […] For our new setup (planned with CentOS 8, waiting for the official repo for the latest dovecot version…) we have a prototype on Debian base with the latest version of Dovecot. In opposite to our current solution we will implement global acls with user and groups from LDAP. This is very nice. Wow, thanks. This seem to be exactly what I need to go on. Our base system is a Univention UCS, so LDAP users and groups is what we already have working :-) With your elements I think we really could have the cyrus shared folders with dovecot by using a namespace of type=public but with prefix=shared/ (we might use type=shared with prefix=usershared/ later). There is not something like one way do to this. You could also make your life easier and choose to create a „Share user“ which is only there to share folders. This will then be Dovecot „Shared folders“ shared by this pseudo user to other users. You then could use Roundcube or such to maintain acl with this pseudo user. But we did not follow this path then for reasons i cannot remember anymore :) For each Public folder we have a defined namespace. „Newsletter“, „Client1“, „Client2“ etc. We have many, around 30 or so. ACL goes on this namespace (namespace/*). I guess ACL are first match. Each namespace has its own prefix. (eq. prefix = Newsletter/, prefix = Client1 etc.) User can subscribe namespace by namespace acl assumed. What is the benefit using own namespace for each public folder? If the config is equal for all folders, wouldn't one namespace with subfolders be the same? One public namespace would look like it is with cyrus in the client: one "shared/" folder to open/close. Yes, this was a misunderstanding - we have a lot of subfolders per namespace. The subfolders have ACLs. -- collect@shift.agency
Re: shared folder name or public folder with mail address
On 14 Feb 2020, at 14:05, Armin Schindler wrote: On 2/14/20 11:44 AM, Tobias Kirchhofer wrote: On 14 Feb 2020, at 11:06, Armin Schindler wrote: Hello! […] For our new setup (planned with CentOS 8, waiting for the official repo for the latest dovecot version…) we have a prototype on Debian base with the latest version of Dovecot. In opposite to our current solution we will implement global acls with user and groups from LDAP. This is very nice. Wow, thanks. This seem to be exactly what I need to go on. Our base system is a Univention UCS, so LDAP users and groups is what we already have working :-) With your elements I think we really could have the cyrus shared folders with dovecot by using a namespace of type=public but with prefix=shared/ (we might use type=shared with prefix=usershared/ later). There is not something like one way do to this. You could also make your life easier and choose to create a „Share user“ which is only there to share folders. This will then be Dovecot „Shared folders“ shared by this pseudo user to other users. You then could use Roundcube or such to maintain acl with this pseudo user. But we did not follow this path then for reasons i cannot remember anymore :) For each Public folder we have a defined namespace. „Newsletter“, „Client1“, „Client2“ etc. We have many, around 30 or so. ACL goes on this namespace (namespace/*). I guess ACL are first match. Each namespace has its own prefix. (eq. prefix = Newsletter/, prefix = Client1 etc.) User can subscribe namespace by namespace acl assumed. But as i sad - by writing this i get nervous, cause i now that you must immerse deeply with this topic. Otherwise you will not get happy :) Tobias Or is the idea of just *one* public folder with name "shared" and with subdirs for different "projects/departments/topics" not working as expected? ACL is something I didn't look at yet. Is it possible to set different permissions for the folders in the public prefix like /shared/dir1 , /shared/dir2 , etc. or even for sub-subfolders? Global ACLs aren't neccessary when using folder acls, right? Armin […] -- collect@shift.agency
Re: shared folder name or public folder with mail address
On 14 Feb 2020, at 11:06, Armin Schindler wrote: Hello! we are about to move from cyrus to dovecot and have one open issue for that migration. With cyrus we have "shared/" folders with a name that is self defined like shared/project-xyz but the email address for direct delivery to that folder my be different (not project-...@domain.com). With dovecot we try to have it similar (at least how the user sees it in the client) like it is now. When configuring a namespace of type=shared, I see in the docs the the prefix can be configured with %%u , %%n or %%d. But is it possible to configure the name different to the email address? E.g. to hide the email address of that folder and show a nice name instead? I also thought about using public namespace instead. Does this make sense here? With public (maybe configured with prefix=shared/) folder I can set any name as subdir in prefix, right? So would this be more like what we have with cyrus shared folder? If so, how could these public folders have an email address for direct mail delivery into? Can something like a global sieve rule do that? Or can a public folder have an email address? Thanks in advance. Armin Hi, we went through this some years ago. It is a bit tricky in the details. Involved is postfix, public namespace, subscriptions, acl, sieve. We found a quite comprehensive solution so far. It is working similar to Cyrus shared folder. Do not mix the names. Cyrus „shared“ folders are „public“ folders in Dovecot. Dovecot „shared“ folders are personally shared folders from one user to another. For our new setup (planned with CentOS 8, waiting for the official repo for the latest dovecot version…) we have a prototype on Debian base with the latest version of Dovecot. In opposite to our current solution we will implement global acls with user and groups from LDAP. This is very nice. Some elements: Global ACL: ``` [..] Newsletter group=administrator lrwstipekxa Newsletter/* group=team lrwstipe Newsletter/* user=n...@domain.tld lrwstipe […] ``` Public folder: ``` namespace { type = public prefix = Newsletter/ separator = / location = maildir:/var/vmail/public/$DOMAIN/newsletter:LAYOUT=fs:INDEXPVT=~/public/$DOMAIN/newsletter subscriptions = no hidden = no list = children } ``` Subscriptions (! This one was tricky) ``` namespace subscriptions { subscriptions = yes prefix = separator = / list = no hidden = yes } namespace inbox { inbox = yes separator = / prefix = INBOX/ subscriptions = no […] ``` „Dovecot“ Shared folder (optional): ``` namespace shared { type = shared separator = / prefix = Shared/%%u/ location = maildir:%%h/:INDEXPVT=~/shared/%%u list = children subscriptions = no } ``` The sorting in the according public folder happens in a global sieve script before user scripts are fireing. It is combined with the ‚+‘ notation in postfix for sub addresses and an special ‚listadm‘ user postfix: ``` listadm+Verteiler/info@$DOMAIN ``` The sieve script is then reading the generated address and delivers it into the according public folder. We learned a lot about sieve scripting with this task :-) ``` sieve_before = /var/vmail/sieve/global/global-before.sieve […] ``` More details would be to much here. To be honest, we needed some time to get it done properly. It is a combination of features and A LOT OF testing and analysing the behaviour of postfix/dovecot/public-folder/sieve/acl. For now we have a Public folder setup which is as nice like it is with Cyrus. With Cyrus this issue is less complex to implement. Maybe this helps a bit. Take exclusivly one to two weeks for this task and read and test a lot! :-) Tobias -- collect@shift.agency
Re: Dovecot 2.3 repo for CentOS 8.
Hi Filip, On 12 Dec 2019, at 12:01, fil...@centrum.cz wrote: > Hello, > I have builded some dovecot packages for CentOS 8 in my personal > repository: > http://repo.joomhosting.eu/centos/8/x86_64/ > and SRPMS are in > http://repo.joomhosting.eu/centos/8/SRPMS/ > > I you want you can try it. > > With best regards, > Filip Bartmann would it be useful/advisable to use this repo for productive operation? An official repo is still not available for CentOS 8 https://repo.dovecot.org/ We would like to set up our new mail server on CentOS 8 and are waiting… :) What is your advice? Tobias > On Thu, 12 Dec 2019 12:31:45 +0200 > Reio Remma wrote: > >> On 09/12/2019 17:25, Aki Tuomi via dovecot wrote: >>>> On 09/12/2019 17:20 Reio Remma via dovecot >>>> wrote: >>>> >>>> >>>> Hello! >>>> >>>> Are there any plans for an official Dovecot repo for CentOS 8? >>>> >>>> Thanks, >>>> Reio >>> (sorry for duplicate, user error in earlier one...) >>> >>> Yes. There are plans for the repo, unfortunately there are still >>> technical problems due to how CentOS8 repositories are organized. >>> But soon. >>> >>> Aki >> >> I tried rebuilding the RPM for CentOS 8 but I see it's missing some >> notable required packages like tcp wrappers and quota-devel. Managed >> to rebuild by switching these off in the spec file >> (--without-libwrap), but that's probably not a good idea. :) >> >> Reio -- collect@shift.agency
Re: [ext] Dovecot Wiki: Please disable edit on double click
On 20 Mar 2019, at 11:59, Ralf Hildebrandt via dovecot wrote: * Michael Goth via dovecot : could you maybe disable the 'edit on doubleclick' feature on wiki2.dovecot.org? Everytime I try to select a word by double clicking on it, I end up in editing mode. It's just a minor thing, but maybe I'm not the only one who's annoyed by this ;) Amen to that. I never bothered to ask, but it annoys the shit out of me! Same same here :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de -- collect@shift.agency
Re: Error with virtual index "Broken mailbox_count header"
On 2 Jan 2019, at 9:48, Aki Tuomi wrote: Can you try INBOX INBOX/* -INBOX/Trash -INBOX/Spam all This worked already, all E-Mails from Namespace INBOX and below. What we want is „All E-Mails from all Namespaces“. We have several beside INBOX/, like Admin/ News/ Clients/ a.s.o. Do we have to name each Namespace explicitly? Aki On 02 January 2019 at 10:40 Tobias Kirchhofer wrote: On 2 Jan 2019, at 9:27, Aki Tuomi wrote: Please provide doveconf -n Sure: https://crypto.shift.agency/?66a9e34e83032c3e#ovF5Yq5qTNa8ii7Qup4oy8h5HyEVLKl/RbhCFpQGkkY= Aki On 02 January 2019 at 10:26 Tobias Kirchhofer wrote: Hi, we experience trouble with one of our virtual mailboxes. dovecot-virtual: ` * -INBOX/Trash -INBOX/Spam all ` Error log: ```Error: virtual index /var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken mailbox_count header``` This happens only with the filter form above. All other virtual mailboxes works fine. Jakobus Schürz experienced something similar: https://www.dovecot.org/list/dovecot/2018-January/110656.html We do not have the panic message. Is this probably something on our side or is this Dovecot? ``` namespace virtual { prefix = Virtual/ separator = / location = virtual:~/virtual } -- collect@shift.agency -- collect@shift.agency -- collect@shift.agency
Re: Error with virtual index "Broken mailbox_count header"
On 2 Jan 2019, at 9:27, Aki Tuomi wrote: Please provide doveconf -n Sure: https://crypto.shift.agency/?66a9e34e83032c3e#ovF5Yq5qTNa8ii7Qup4oy8h5HyEVLKl/RbhCFpQGkkY= Aki On 02 January 2019 at 10:26 Tobias Kirchhofer wrote: Hi, we experience trouble with one of our virtual mailboxes. dovecot-virtual: ` * -INBOX/Trash -INBOX/Spam all ` Error log: ```Error: virtual index /var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken mailbox_count header``` This happens only with the filter form above. All other virtual mailboxes works fine. Jakobus Schürz experienced something similar: https://www.dovecot.org/list/dovecot/2018-January/110656.html We do not have the panic message. Is this probably something on our side or is this Dovecot? ``` namespace virtual { prefix = Virtual/ separator = / location = virtual:~/virtual } -- collect@shift.agency -- collect@shift.agency
Error with virtual index "Broken mailbox_count header"
Hi, we experience trouble with one of our virtual mailboxes. dovecot-virtual: ` * -INBOX/Trash -INBOX/Spam all ` Error log: ```Error: virtual index /var/vmail/mailboxes/kirchhofer.net/tobias/virtual/all: Broken mailbox_count header``` This happens only with the filter form above. All other virtual mailboxes works fine. Jakobus Schürz experienced something similar: https://www.dovecot.org/list/dovecot/2018-January/110656.html We do not have the panic message. Is this probably something on our side or is this Dovecot? ``` namespace virtual { prefix = Virtual/ separator = / location = virtual:~/virtual } -- collect@shift.agency
Namespaces for Apple Client
Hi, i have a plesk server with postfix an dovecot. Webmail is roundcube. Version of Dovecot is 2.3.0.1 I want apple clients to use the default special folders. My config for namespaces worked till last week. Now I cant get it to work again. Hope someone can help me. # 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca20) # OS: Linux 4.4.0-042stab130.1 x86_64 Ubuntu 16.04.4 LTS reiserfs auth_mechanisms = plain login digest-md5 cram-md5 apop auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&.-_@' disable_plaintext_auth = no first_valid_uid = 30 imap_client_workarounds = delay-newmail imap_logout_format = rcvd=%i, sent=%o mail_home = /var/qmail/mailnames/%Ld/%Ln mail_location = maildir:/var/qmail/mailnames/%Ld/%Ln/Maildir mail_log_prefix = "service=%s, user=%u, ip=[%r]. " mail_plugins = " quota" managesieve_logout_format = rcvd=%i, sent=%o managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = create special_use = \Sent } prefix = INBOX. separator = . type = private } passdb { driver = plesk } plugin { mail_crypt_global_private_key = http://www.heimhaus.de USt-IdNr.: DE 272301801 Sitz Duisburg, HRB 22438 Gesch?ftsf?hrer: Michael Demming, Dipl.-Ing. Klaus Rappers
dsync backup public namespace - how?
Hello, We just celebrated the launch of our new mailserver setup (Dovecot and Postfix). Really nice! Now we want to change our quickfix backup with rsync to dsync. For mailder backup of users this was an easy task: dsync -v -f -u "${user}" backup "maildir:${destination}" (local file path destination) We use many public folder with ACL and now we are wondering how we can backup these folder in a similar manner: a) dsync -u dove...@domain.com backup -n Namespacename "maildir:/var/vmail-backup/backup/public" or b) dsync -v -u dove...@domain.com -N backup "maildir:${destination} But this is not working. a) does nothing, no error b) Error message: doveadm(dove...@domain.com): Fatal: -N parameter requires syncing with remote host Any ideas? # dovecot --version 2.2.13 -- Tobias Kirchhofer tob...@kirchhofer.net signature.asc Description: OpenPGP digital signature
Re: shared/public mailbox application
Sounds good - this could do the trick. Post the final and working concept :) On 29 Nov 2016, at 17:58, Michael Fox wrote: >> Basically we alias n...@domain.com to dove...@domain.com. doveadm@ has a >> sieve-Script which files into the public folder. You could also configure >> a postfix transport which does the job. > > Ah. OK. That may be more complexity than I need for my situation. So > please bear with me as I try to understand this. > > IF: > > Postfix is already configured to deliver mail destined for the virtual domain > "domain.com" to Dovecot > --and-- > I create the NAMESPACE and NAME setup as you described > --and-- > I create a Dovecot userdb entry for n...@domain.com (but no passdb entry) > --and-- > I configure ACLs so that all domain.com users can read NAME's mailbox but > only admin users can delete messages in NAME's mailbox > --and-- > I configure the virtual INBOX for POP users to include "RealMails" and "NAME" > > THEN, I'm thinking that: > > Because there is no passdb entry, user n...@domain.com cannot log in > --and-- > Because userdb defines NAME's home directory, incoming mail to > n...@domain.com would be delivered to the NAME mailbox, just like any other > user in domain.com, without the need for aliasing or sieve > --and-- > Because of the ACLs, IMAP admin users would be able to delete/manage NAME's > messages and everyone else would be able to read NAME's messages > --and-- > Because of the virtual INBOX, POP users would be able to read the NAME > messages. > > Does that make sense? Am I missing something? > > >> Its necessary to overlook the whole process chain to properly configure >> everything. > > Yes! Agreed! That's why I'm trying to think through the whole thing before > diving down a rabbit hole that leads to a dead end. > >> And a lot of try out :) > > For sure. (Just as soon as I understand what I'm trying to do.) ;-) > > Michael -- Tobias Kirchhofer tob...@kirchhofer.net signature.asc Description: OpenPGP digital signature
Re: shared/public mailbox application
Basically we alias n...@domain.com to dove...@domain.com. doveadm@ has a sieve-Script which files into the public folder. You could also configure a postfix transport which does the job. Its necessary to overlook the whole process chain to properly configure everything. And a lot of try out :) On 29 Nov 2016, at 6:34, Michael Fox wrote: > Thanks Tobias. Thanks for the detailed reply. > > > > I think I see what you’re doing. But I’m unclear on something (since I’m a > nube): > > > > Can anyone send mail to n...@domain.com <mailto:n...@domain.com> and have it > appear in the public mailbox? > > > > If not, would it be enough to create a userdb entry which defines a > pseudo-user NAME, including its home directory, such that imcoming mail > addressed to n...@domain.com <mailto:n...@domain.com> could be delivered > into that mailbox? > > > > Thanks, > > Michael > > > > > > > > From: Tobias Kirchhofer [mailto:tob...@kirchhofer.net] > Sent: Monday, November 28, 2016 7:19 AM > To: Michael Fox <n...@mefox.org> > Cc: Dovecot Mailing List <dovecot@dovecot.org> > Subject: Re: shared/public mailbox application > > > > Hi Michael, > > we migrated from Cyrus Shared Folders to Dovecot Public Folder. > > Our setup with Dovecot: > > * Public Namespace type=public > * prefix=NAMESPACE > * > location=maildir:/var/vmail/public/domain.com/folder:INDEXPVT=~/public/domain.com/NAME > * list=children to show NAMESPACE only if acl is given > * Restart Dovecot > * cd /var/vmail/public/domain.com/NAMESPACE > * mkdir .NAME > * We utilise one user <mailto:dove...@domain.com> dove...@domain.com to > control acl > * doveadm acl set -u <mailto:dove...@domain.com> dove...@domain.com > NAMESPACE/NAME user= <mailto:dove...@domain.com> dove...@domain.com all (this > creates also the Maildir) > * doveadm mailbox subscribe -u <mailto:dove...@domain.com> > dove...@domain.com NAMESPACE/NAME > * dm acl set -u <mailto:dove...@domain.com> dove...@domain.com > NAMESPACE/NAME user= <mailto:firstname.lastn...@domain.com> > firstname.lastn...@domain.com lookup read write write-seen write-deleted > insert post expunge > > User <mailto:firstname.lastn...@domain.com> firstname.lastn...@domain.com > can now subscribe to the public folder „NAMESPACE/NAME“. > > With this base you could create a more specific setup which more precisely > fits your need. > > There are also other strategies achieving Shared Folders the Cyrus way. :) > > Hope that helps. > > Tobias > > On 28 Nov 2016, at 15:38, Michael Fox wrote: > > No answer. Trying again. Surely someone with experience with public > mailboxes can offer some insight on whether the application below should be > a public or shared namespace ... > > Thanks > Michael > > -Original Message- > From: dovecot [mailto: <mailto:dovecot-boun...@dovecot.org> > dovecot-boun...@dovecot.org] On Behalf Of Michael Fox > Sent: Thursday, November 24, 2016 11:53 AM > To: Dovecot Mailing List <mailto:dovecot@dovecot.org> dovecot@dovecot.org > Subject: shared/public mailbox application > > I'm new to Dovecot and I need help configuring a shared or public mailbox - > I'm not sure which is appropriate. I've read the wiki and Peer's book and > neither appears to cover what I'd like to do. So I could use some specific > help on how to configure a solution for the following: > > I'd like to create two real mailboxes, let's call them AAA and BBB. Let's > call the domain "mydomain". By "real", I mean that users aaa@mydomain and > bbb@mydomain can log into their own mailbox. > > Anyone user can send mail to them, just like any other address: > aaa@mydomain or bbb@mydomain. > > I'd like all IMAP users in mydomain to be able to read the messages in those > mailboxes. > > I'd like all POP users in mydomain to also see those messages. (But I don't > think I need help with the virtual part). > > I'd like only a few designated IMAP users to be able to delete the messages > in those mailboxes, including dummy users AAA and BBB themselves. > > Ideally, I'd like them to appear in the client under a separate namespace > from shared mailboxes. Example: > > INBOX > > +--- the normal stuff. > > Shared > > +--- user1 > > +--- user2 > > Special > > +--- AAA > > +--- BBB > > My confusion: > > 1) I don't know if this requires a shared namespace or a public > namespace. It "feels" like it's "public", since all users would have > access. But Peer's b
Re: shared/public mailbox application
Hi Michael, we migrated from Cyrus Shared Folders to Dovecot Public Folder. Our setup with Dovecot: - Public Namespace type=public - prefix=NAMESPACE - location=maildir:/var/vmail/public/domain.com/folder:INDEXPVT=~/public/domain.com/NAME - list=children to show NAMESPACE only if acl is given - Restart Dovecot - cd /var/vmail/public/domain.com/NAMESPACE - mkdir .NAME - We utilise one user dove...@domain.com to control acl - doveadm acl set -u dove...@domain.com NAMESPACE/NAME user=dove...@domain.com all (this creates also the Maildir) - doveadm mailbox subscribe -u dove...@domain.com NAMESPACE/NAME - dm acl set -u dove...@domain.com NAMESPACE/NAME user=firstname.lastn...@domain.com lookup read write write-seen write-deleted insert post expunge User firstname.lastn...@domain.com can now subscribe to the public folder „NAMESPACE/NAME“. With this base you could create a more specific setup which more precisely fits your need. There are also other strategies achieving Shared Folders the Cyrus way. :) Hope that helps. Tobias On 28 Nov 2016, at 15:38, Michael Fox wrote: > No answer. Trying again. Surely someone with experience with public > mailboxes can offer some insight on whether the application below should be > a public or shared namespace ... > > Thanks > Michael > > > -Original Message- > From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox > Sent: Thursday, November 24, 2016 11:53 AM > To: Dovecot Mailing List <dovecot@dovecot.org> > Subject: shared/public mailbox application > > I'm new to Dovecot and I need help configuring a shared or public mailbox - > I'm not sure which is appropriate. I've read the wiki and Peer's book and > neither appears to cover what I'd like to do. So I could use some specific > help on how to configure a solution for the following: > > > > I'd like to create two real mailboxes, let's call them AAA and BBB. Let's > call the domain "mydomain". By "real", I mean that users aaa@mydomain and > bbb@mydomain can log into their own mailbox. > > Anyone user can send mail to them, just like any other address: > aaa@mydomain or bbb@mydomain. > > I'd like all IMAP users in mydomain to be able to read the messages in those > mailboxes. > > I'd like all POP users in mydomain to also see those messages. (But I don't > think I need help with the virtual part). > > I'd like only a few designated IMAP users to be able to delete the messages > in those mailboxes, including dummy users AAA and BBB themselves. > > Ideally, I'd like them to appear in the client under a separate namespace > from shared mailboxes. Example: > > > > INBOX > > +--- the normal stuff. > > Shared > > +--- user1 > > +--- user2 > > Special > > +--- AAA > > +--- BBB > > > > My confusion: > > 1) I don't know if this requires a shared namespace or a public > namespace. It "feels" like it's "public", since all users would have > access. But Peer's book and the wiki describe manually creating folders for > public namespaces and controlling the contents with manual file > manipulation, which leads me to believe that they can't be used for regular > mail (although the book and the wiki never say one way or the other). I > don't want to manually control files. I want to send mail to the mailbox > and delete (see above) it with a client. > > 2) There are several examples in Peer's book and the wiki, but none > seem to match what I want. (This is the problem with documentation that is > predominantly example-based). I guess I need more explanation of the > mechanical differences between shared and public and why one would pick one > over the other. > > > > Can someone help? Please be as specific as you can. > > > > Thanks much, > > Michael -- Tobias Kirchhofer tob...@kirchhofer.net signature.asc Description: OpenPGP digital signature
Re: Authentication Penalty with ID x-originating-ip, HAproxy
A quick test confirms that HAproxy header IP information does properly delay the authentication failures upon successive failed login attempts from the same IP. And furthermore if the webmail client is delayed on the IMAP level, this could potentially be exploited for DoS and as such may not be a good idea after all. Even with the auth_failure_delay=2 by default this is possible, but it's much easier to achieve the DoS if the pre-auth delay increases to 17 seconds (maximum delay I've observed). Is there any other brute force / DoS mitigation option for dovecot / webmail interaction, short of fail2ban type IP blocking in a firewall (which will not work on a machine several layers deep behind e.g. a proxy), that isn't exclusively relying on the webmail client for such mitigation? Can dovecot itself temp-ban remote IPs (as reported by HAproxy protocol, or IMAP ID x-originating-ip), perhaps with a notice to try again in X seconds, instead of delaying them? /Tobias On 2016-06-24 13:27, Tobias wrote: The wiki states that anvil's authentication penalties are skipped when IP is in login_trusted_networks. http://wiki.dovecot.org/Authentication/Penalty Is there a way to enable the authentication penalties for specific advertised remote IPs, when the connecting IP is in "login_trusted_networks", and it advertises the originating remote IP via 'ID ("x-originating-ip", "")'? And with regards to HAproxy, is anvil's authentication penalties by default transparent with regards to the remote IP advertised in the proxy protocol header? /Tobias
Authentication Penalty with ID x-originating-ip, HAproxy
The wiki states that anvil's authentication penalties are skipped when IP is in login_trusted_networks. http://wiki.dovecot.org/Authentication/Penalty Is there a way to enable the authentication penalties for specific advertised remote IPs, when the connecting IP is in "login_trusted_networks", and it advertises the originating remote IP via 'ID ("x-originating-ip", "")'? And with regards to HAproxy, is anvil's authentication penalties by default transparent with regards to the remote IP advertised in the proxy protocol header? /Tobias
Re: Mailbox location
Hi Doug, "home" from your userdb query will dictate where mail will be dropped. If you want to store in /var/mail/home_mail/, then use %n. You were almost there with /%d/%n in your current configuration, posted below, just remove the %d completely. http://wiki.dovecot.org/Variables The domain part is added by postfix. Postfix most often requires some kind of domain, and if not added will append one (unless you have an unorthodox configuration). It's not recommended to remove this feature from your postfix configuration. /Tobias On 2016-06-17 16:10, Doug Hardie wrote: On 16 June 2016, at 22:53, Doug Hardie <bc...@lafn.org> wrote: I am running a small server with a fixed number of users. Postfix is using dovecot lda so that I can run pigeonhole. I have setup a user file with the ids and passwords and everything authenticates properly. Postfix uses that also. However, mail is consistently delivered to user@domain. How do I tell it to deliver to just user? I have tried setting a variety of different things like: 10-mail.conf:mail_location = maildir:/var/mail/home_mail/%u userdb { driver = static args = uid= gid= home=/var/mail/home_mail/%u } and a few other things. None of them affected the mailbox location. Fortunately, this is a test system as I probably have mucked up the config files by now. — Doug here is config: root@test:/usr/local/etc/dovecot/conf.d # doveconf -n # 2.2.22 (fe789d2): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: FreeBSD 10.3-RELEASE amd64 ufs auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose_passwords = yes base_dir = /var/run/home_mail/ first_valid_gid = 0 login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k session=<%{session}> port=%a mail_debug = yes mail_gid = mail_location = maildir:/var/mail/home_mail/%u mail_uid = managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from } postmaster_address = d...@sermon-archive.info protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } ssl_cert =
Found 4 bugs in latest SquirrelMail related to IMAP and SMTP STARTTLS, Dovecot capabilities
This is a cross-post from the squirrelmail-devel list. It may be of interest if you want to run SquirrelMail and connect to Dovecot (and Postfix, possibly other servers) on a remote host using STARTTLS. BR Tobias Forwarded Message Subject:[SM-DEVEL] 4 bugs, IMAP and SMTP STARTTLS, Dovecot capabilities Date: Sun, 3 Apr 2016 04:27:56 +0200 From: Tobias <lists.zx...@otaking.se> Reply-To: Squirrelmail Developers Mailing List <squirrelmail-de...@lists.sourceforge.net> To: squirrelmail-de...@lists.sourceforge.net Hello! I've looked for and have not seen any similar issues reported related to STARTTLS. Sourceforge wouldn't let me create an account or else I could have submitted bug reports directly. I'm using SquirrelMail 1.4.23 installed from latest FreeBSD Ports, together with PHP 5.6. I'm attempting to connect using STARTTLS to Dovecot 2.2.22 and Postfix 3.1.0. I've verified the code is not fixed for any of these four issues in the latest 1.5.2 SVN. Issue 2 is not as much of a problem in 1.5.2 as it is in 1.4.23 when using 'login' authentication. I connect to the IMAP and SMTP servers using their IP, but need to override the 'peer_name' to validate the certificate properly. New in PHP 5.6 is also that verify_peer defaults to TRUE, which means I need to either be able to set the peer_name, or disable verify_peer. I've found three issues in functions/imap_general.php, related to STARTTLS and Dovecot IMAP server, as well as one STARTTLS issue in class/deliver/Deliver_SMTP.class.php, class class Deliver_SMTP, function initStream. Issue 1: Stream options ($imap_stream_options) are not used with STARTTLS ($use_imap_tls = 2) in function sqimap_create_stream. The stream options are only used for $use_imap_tls = 1. How to fix: Add something like this: // set context options to allow for SSL option overrides @stream_context_set_option($imap_stream,$stream_options); Before trying to initiate the TLS session here: functions/imap_general.php :: function sqimap_create_stream 826:// start crypto on connection. suppress function errors. 827:if (@stream_socket_enable_crypto($imap_stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { Issue 2: IMAP capabilities are only read once in function sqimap_create_stream (and subsequently used in sqimap_login to determine certain login options), however the capability list for Dovecot is not the same before and after STARTTLS. From Dovecot, before STARTTLS (telnet 143): * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. From Dovecot, after successful STARTTLS (openssl s_client -starttls imap -connect :143): --- . OK Pre-login capabilities listed, post-login capabilities have more. a capability * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN a OK Pre-login capabilities listed, post-login capabilities have more. How to fix: Issue "capability" command after successful STARTTLS to re-read the capabilities. Either as part of function sqimap_create_stream, or after call to sqimap_create_stream and before login options are checked in function sqimap_login. SquirrelMail 1.4.23 uses the return value with capabilities from function sqimap_create_stream to determine if 'login' is a viable option. Dovecot reports LOGINDISABLED prior to STARTTLS. (1.5.2 does not have this check for 'login'.) Issue 3: Multi-line response from the server to the AUTHENTICATE PLAIN (and likely cram/digest md5, possibly even login) are not accepted. The IMAP protocol allows the server to prefix responses which are incomplete with "*", and Dovecot uses this to report capabilities after successful login, but this is not handled by SquirrelMail's sqimap_login function. SquirrelMail reports: Unknown error: IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY SPECIAL-USE QUOTA The full output from Dovecot is: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SEARCH=FUZZY SPECIAL-USE QUOTA A003 OK Logged in How to fix: Check if '*' is the first token in a response, and read another line from the stream. Possibly something similar to this: while (substr($read,0,1) == '*') { // OK so far.. $read = sqimap_fgets($imap_stream); } Issue 4: Identical to issue 1 but for SMTP. $use_smtp_tls = 2 and STARTTLS in class/deliver/Del
Re: no login with MySQL
On 2015-09-13 22:52, Andreas Meyer wrote: Christian Kivalo <ml+dove...@valo.at> schrieb am 13.09.15 um 22:08:04 Uhr: I think the query-string für MySQL would overwrite this mail_location, right? But how do I define it in the query? yes thats how it should work but your query (looking at the query result from your first email) overwrites the mail_location with "/var/spool/vhosts/nimmini.de/" without a username. With my setup "mail" and "home" is returned from the userdb query from mysql home: /srv/mail/%u mail: /srv/mail/%u/Maildir The query-strings for virtual users look like this: password_query = SELECT username AS username, password FROM mailbox WHERE username = '%u' AND active = 1 user_query = SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u' what about user_query = SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u' With this query above I can login again with Roundcube and claws-mail but with the mysql-client I get: mysql> SELECT CONCAT(maildir, SUBSTRING_INDEX(username,'@',+1)) as mail, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; Empty set (0,00 sec) This is my old query with wich I couldn't log in. mysql> SELECT maildir, uid, gid, concat('*:storage=', quota) AS quota_rule, concat('Trash:storage=+', quota_trash) AS quota_rule2 FROM mailbox WHERE username = '%u'; Empty set (0,00 sec) The SUBSTRING_INDEX returns everything left of the '@' from field username, that should give you something like +--+--+--+---++ | mail | uid | gid | quota_rule | quota_rule2| +--+--+--+---++ | /var/spool/vhosts/nimmini.de/a.meyer | 5000 | 5000 | *:storage=5242880 | Trash:storage=+100 | +--+--+--+---++ which hopefully is the path to your maildir. I get am Emty set Don't understand it. Andreas Hi Andreas, Make sure to return a "home" attribute, and only optionally a "mail" attribute, from your SQL user query. Your "home" attribute for user "a.me...@nimmini.de" should return "/var/spool/vhosts/nimmini.de/a.meyer", and only if you want to override the global mail_location specify a "mail" attribute to return something like "maildir:/var/spool/vhosts/nimmini.de/a.meyer/Maildir". There is no "maildir" attribute used from the SQL query, to my knowledge. If you want to have the maildir stored directly in the user's home folder, e.g. "/var/spool/vhosts/nimmini.de/a.meyer", and your global mail_location already is "maildir:~/", then you only need to return a proper "home" attribute from SQL. BR Tobias
Re: [Dovecot] Dovecot LDA/LMTP vs postfix virtual delivery agent and the x-original-to header
mapping in postfix before sending the content to amavisd-new. This may be possible to circumvent either with alias lookup in amavisd-new, or if I can find another way to use the postfix-available orig_to to populate X-Original-To header after scanning in amavisd-new. I've tried to split the mails into one per recipient after address mapping and amavisd-new, instead of before as my solution above, without default_destination_recipient_limit=1 in main.cf. Instead I tried the options as part of smtp (and even smtpd) services in master.cf, unfortunately without success. I keep ending up with multiple X-Original-To with all local recipients (including BCC) in all internal copies delivered. Have anyone successfully tackled this conundrum with other solutions? Regards, Tobias
Re: Differences in Delivered-To header between deliver and LMTP
On 2014-07-11 11:23, Charles Marcus wrote: On 7/10/2014 11:29 AM, Timo Sirainen t...@iki.fi wrote: On 9.7.2014, at 21.20, Jeff Rice j...@jrice.me wrote: I'm transitioning my server over from using the deliver LDA and LMTP. Suddenly a bunch of sieve filters stopped working, and I noticed the contents of the Delivered-To header are different. Using Dovecot's deliver LDA, the contents are a bare email address (f...@bar.com). Using Dovecot LMTP, they are in brackets (f...@bar.com). Is there a reason why this isn't consistent between the two delivery agents? It seems like it ought to be. Oh, that's annoying. Dovecot LDA doesn't actually add this header, it was your MTA that added it. But looks like I hadn't checked what the MTAs actually write to the header when I added this feature to LMTP, and nobody had mentioned this before either. I wonder if anybody's system breaks if I just change it now.. If you do this Timo, would you please also consider going ahead and adding the 20 or so lines of code you said it would take to also add support for the x-original-to header (this specific was in a private email to me while our support contract was active), as we discussed on this list - and you then discussed with Wietse, back in April or so of 2012: http://dovecot.org/list/dovecot/2012-April/082585.html Thanks! Charles I am also very interested in the outcome of these discussions for X-Original-To header together with LMTP. My setup will be migrating from an old Courier-IMAP install with Postfix VDA and plan to keep using Postfix but this time with Dovecot and potentially Dovecot LMTP. My users have multiple aliases and rely on the X-Original-To header for filters, however they mostly reside within the same domain handled by the same mail server. Old threads in this and Postfix mail lists indicate that Timo thinks LMTP cannot solve this. Some of this could possibly be solved for local implementations if LMTP can expand aliases itself for local delivery. Is this possible? In general it seems that LMTP has to rely on previous layers to keep the original recipient in for example X-Original-To header. For reference: http://archives.neohapsis.com/archives/postfix/2012-04/0179.html http://dovecot.org/list/dovecot/2012-April/082585.html http://www.dovecot.org/list/dovecot/2014-January/094396.html Charles, you seem to also have been involved in the following Postfix list thread from 2011. Are you using this Postfix workaround detailed at the end to add X-Original-To? https://groups.google.com/forum/#!topic/mailing.postfix.users/ceRuhB8NFWQ Postfix/main.cf: # to make sure Delivered-To header contains only one address lmtp_destination_recipient_limit=1 # for X-Original-To header smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/recipient_access.pcre /etc/postfix/recipient_access.pcre /(.+)/prepend X-Original-To: $1 Dovecot: lda_original_recipient_header = X-Original-To /Tobias
Dovecot authentication against active directory
Hello, i´ve got a problem with the dovecot authentication against active directory. I´m using dovecot 2.0.19 and windows server 2008 R2. When I try to login via telnet I get the following error message: a NO [AUTHENTICATIONFAILED] Authentication failed. My dovecot configuration: # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-60-generic x86_64 Ubuntu 12.04.4 LTS ext4 auth_mechanisms = plain login auth_username_format = %Lu disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 last_valid_gid = 1001 last_valid_uid = 1001 log_path = /var/log/dovecot.log mail_location = maildir:/srv/mail/%u passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } protocols = imap ssl = no syslog_facility = local7 userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } valid_chroot_dirs = /srv/mail My dovecot-ldap.conf: hosts = ** dn = CN=*,OU=*,OU=*,OU=*,DC=**,DC=*,DC=de dnpass = tls = no debug_level = -1 ldap_version = 2 base = OU=*,DC=*,DC=*,DC=de deref = never scope = subtree user_attrs = sAMAccountName=home user_filter = ((ObjectClass=user)(|(mail=%u)(sAMAccountName=%u))) pass_filter = ((ObjectClass=user)(sAMAccountName=%u)) default_pass_scheme = plain could anybody help me with this problem? Thanks in advance! Regards, Tobias Dummert
Re: [Dovecot] how to enable debugging in imapc
Hi Teemu, Today Teemu Huovila wrote: On 04/01/2014 05:49 PM, Tobias Oetiker wrote: specifically, how can i set conn-client-set.debug in ./src/lib-imap-client/imapc-connection.c Set mail_debug = yes somewhere in your configuration file(s). hmm that does not seem to get ./src/lib-imap-client/imapc-connection.c to talk more ... or is this not the part of the code that gets active when implementing an imap proxy with dovecot ? cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs ***
[Dovecot] BUG dovecot and nginx
we have setup a two level proxy configuration for our zimbra server: [ dovecot 2.2.12 (imap proxy mode) ] V [ nginx (imap proxy mode) ] V [ zimbra imap server] and it does not work ... after tying a login, the connection just hangs and ends after 30 seconds with a timeout. - if I try again rightaway in the same dovecot connection, the login goes though without trouble. - looking at this with tshark I can see that on the second attempt, there is no capabilities query, dovecot just goes ahead and connects. if we drop nginx from the setup all is well also (login works directly as expected) - investigating the traffic differences between the setups with and without nginx, we find that for some reason dovecot does not react to the capabily answer from nginx. while it seems to happily accept the same answer when it is coming from zimbra directly. - the only difference I can see on the wire is that nginx is much quicker (2.5ms) in responding than the zimbra (25ms) server and that the position of the STARTTLS and SASL=PLAIN capabilities in the capability answer differs between the two. any ideas ? cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs ***
[Dovecot] how to enable debugging in imapc
Hi Net, How can I enable debug messages in the imap-proxy client? Trying to figure why the imap-proxy mode does not work towards ngnix. specifically, how can i set conn-client-set.debug in ./src/lib-imap-client/imapc-connection.c cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch t...@oetiker.ch +41 62 775 9902 *** We are hiring IT staff: www.oetiker.ch/jobs ***
Re: [Dovecot] Integrating with Drupal SQL db SOLVED
Hi again I have now solved this with a workaround. In short, it involves a Drupal 7 module called HTPasswdSync that intercepts password creation and changes in Drupal, and writes the password in SHA-1 hash format to a file (/etc/apache2/dovecot). I then point Dovecot to use this file as userdb and passdb source. I have written an more in detail explanation that is available at http://www.stos.se/?q=node/12 . The question remains; Will Dovecot ever be compatible with Drupal 7 password hashes? Regards Tobias Rådenholt i...@stos.se wrote 2013-03-11 17:57: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] POLL: v2.2 to allow one mail over quota?
On Monday 11 February 2013 17:19:06 Michael Grimm wrote: Timo Sirainen t...@iki.fi wrote: I wonder if there's a better name for this than last_extra.. quota_surplus I like this. But my English isn't good enough to know if that word really fits it? It does, but what about: quota_final_add_on What means surplus? Why not simplify things and calll it - quota_mailplus - quota_plusmail - quota_oneplus - quota_plusone Tobias Hachmer
Re: [Dovecot] Dovecot 2.2.beta1
On Sunday 10 February 2013 10:13:54 Luigi Rosa wrote: Would like to, but on the server I use for testing I have pigeonhole and I cannot compile it against 2.2B1 Is there a version for 2.2? Yes, see http://pigeonhole.dovecot.org/download.html Pigeonhole package for Dovecot v2.2 (development) # v2.2 code tree: hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ Regards, Tobias Hachmer
Re: [Dovecot] 回复: 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto
On Saturday 01 December 2012 08:34:09 Sam DWH wrote: Did you installed openssh? Well, no, I have installed libssl-dev (Ubuntu Precise). What I have really done is to add the libssl-dev to the dependencies of my dovecot-dev package. This dovecot-dev package is a dependency of my pigeonhole package. Regards, Tobias
[Dovecot] 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto
Hello list, Although timos bugfix release this morning I can't build pigeonhole 0.3.3 for dovecot 2.1.12 successfully. I don't know if it is a new bug or if I do something wrong but with dovecot 2.1.10 all worked fine, with the same configure options. configure options (out of debian/rules for building debian package): ./configure --with-dovecot=/usr/lib/dovecot \ --host=$(DEB_HOST_GNU_TYPE) \ --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=\$${prefix}/lib \ --localstatedir=/var \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --with-moduledir=\$${prefix}/lib/dovecot/modules buildlogextraction with error, the full log is available here: https://launchpadlibrarian.net/124478979/buildlog_ubuntu-precise- amd64.dovecot-2.1-pigeonhole_0.3.3-7~kokelnet~precise_FAILEDTOBUILD.txt.gz Thanks in advance for any help, Tobias Hachmer Making all in lib-sieve-tool make[4]: Entering directory `/build/buildd/dovecot-2.1- pigeonhole-0.3.3/src/lib-sieve-tool' /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc - DHAVE_CONFIG_H -I. -I../.. -I../../src/lib-sieve -I/usr/include/dovecot - D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer- size=4 -Wformat -Wformat-security -Wall -W -Wmissing-prototypes -Wmissing- declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -MT sieve-tool.lo -MD -MP -MF .deps/sieve-tool.Tpo -c -o sieve-tool.lo sieve-tool.c libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. - I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security - Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar- subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict- aliasing=2 -MT sieve-tool.lo -MD -MP -MF .deps/sieve-tool.Tpo -c sieve-tool.c -fPIC -DPIC -o .libs/sieve-tool.o libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. - I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security - Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar- subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict- aliasing=2 -MT sieve-tool.lo -MD -MP -MF .deps/sieve-tool.Tpo -c sieve-tool.c -o sieve-tool.o /dev/null 21 mv -f .deps/sieve-tool.Tpo .deps/sieve-tool.Plo /bin/bash ../../libtool --tag=CC --mode=compile x86_64-linux-gnu-gcc - DHAVE_CONFIG_H -I. -I../.. -I../../src/lib-sieve -I/usr/include/dovecot - D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer- size=4 -Wformat -Wformat-security -Wall -W -Wmissing-prototypes -Wmissing- declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -MT mail-raw.lo -MD -MP -MF .deps/mail-raw.Tpo -c -o mail-raw.lo mail-raw.c libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. - I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security - Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar- subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict- aliasing=2 -MT mail-raw.lo -MD -MP -MF .deps/mail-raw.Tpo -c mail-raw.c -fPIC -DPIC -o .libs/mail-raw.o libtool: compile: x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. - I../../src/lib-sieve -I/usr/include/dovecot -D_FORTIFY_SOURCE=2 -std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security - Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar- subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict- aliasing=2 -MT mail-raw.lo -MD -MP -MF .deps/mail-raw.Tpo -c mail-raw.c -o mail-raw.o /dev/null 21 mv -f .deps/mail-raw.Tpo .deps/mail-raw.Plo /bin/bash ../../libtool --tag=CC --mode=link x86_64-linux-gnu-gcc - std=gnu99 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat- security -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime - Wstrict-aliasing=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -o libsieve-tool.la sieve-tool.lo mail-raw.lo -lrt libtool: link: ar cru .libs/libsieve-tool.a .libs/sieve-tool.o .libs/mail- raw.o libtool: link: ranlib .libs/libsieve-tool.a libtool: link: ( cd .libs rm -f libsieve-tool.la ln -s ../libsieve- tool.la libsieve-tool.la ) make[4]: Leaving directory `/build/buildd/dovecot-2.1- pigeonhole-0.3.3/src/lib-sieve-tool' Making all in sieve-tools make[4
Re: [Dovecot] 2.1.12 - Pigeonhole 0.3.3 build failed: /usr/bin/ld: cannot find -lssl -lcrypto
On Friday 30 November 2012 10:44:48 Timo Sirainen wrote: You built Dovecot from a Debian package too, but don't have OpenSSL installed?.. Thanks Timo for hte hint. openssl was installed, but the openssl development files (libssl-dev) dependency for my dovecot-dev package was missing. Regards, Tobias Hachmer
Re: [Dovecot] cmd-vacation.c:4:17: fatal error: lib.h: No such file or directory ./configure: line 11410: -lssl: command not found
On Thursday 29 November 2012 16:18:14 Gilles Chauvin wrote: The post I linked above wasn't my post but I had the exact same problem this morning while trying to compile pigeonhole against dovecot 2.1.11. Manually adding the quotes in the dovecot-config file fixed the issue for me. Oh, sorry, I will test, thanks! Regards, Tobias Hachmer
[Dovecot] Question about salted hashes
Hello. I'm switching from b1gmail to my own setup which consists of Postfix+Dovecot+MySQL (and maybe VBoxAdm). There are two problems: - b1gmail is using unsalted MD5 hashes. Is there any good way to make my new setup backward compatible? So I don't have to force all of my 50k users to change their password. - How do I change my setup to salted SHA256 (or an even better algorithm). And how do I make the hashes compatible between Postfix, Dovecot, MySQL (and maybe VBoxAdm)? My system: Debian Squeeze Postfix version: 2.7.1 Dovecot version: 1.2.15 --- dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.6 protocols: imap pop3 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_access_groups: vmail mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): UID%u-%v lda: postmaster_address: postmaster-address auth_socket_path: /var/run/dovecot/auth-master mail_plugins: quota sendmail_path: /usr/sbin/sendmail auth default: mechanisms: plain login user: vmail passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: quota: maildir --- driver = mysql connect = host=127.0.0.1 dbname=smail user=smail password=mypw default_pass_scheme = CRYPT password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp') user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') --- Regards, Tobi M.
Re: [Dovecot] Help!
Am 12.10.2012 19:09, schrieb Justin Vore: I have installed sendmail, dovecot, and squirrel mail. The squirrel mail portion of it works just fine, but I would like to have Mozilla Thunderbird as a client. Whenever I try and connect to the server it says Thunderbird failed to find the settings for your email account. We do have an MX record in DNS pointing to our server. Enter settings manually or set up automx (http://www.automx.org/). Regards, Tobias Hachmer
[Dovecot] doveadm backup - Fatal: All your namespaces have a location setting.
Hello list, I am using dovecot v2.1.9 and have a problem with doveadm backup: # doveadm backup -u u...@domain.com maildir:/backup/domain.com/user/Maildir doveadm(u...@domain.com): Fatal: All your namespaces have a location setting. It should be empty (default mail_location) in the namespace to be converted. Here my namespace config: namespace { list = children location = maildir:/var/vmail/%%d/%%n/Maildir:INDEX=/var/vmail/%d/%n/shared/%%u prefix = Gemeinsame-Postfaecher/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/indexes/%u prefix = separator = / subscriptions = yes type = private } Have I got a problem with my namespace config? Regards, Tobias Hachmer
[Dovecot] Dovecot SASL on another machine
Hello list, is there a way to use Dovecot SASL Authentication for submission on a different machine dovecot runs? e.g.: Dovecot machine - postfix machine(for submission) How can I authenticate my senders on a different physical machine against Dovecot SASL? Thanks, Tobias
Re: [Dovecot] Dovecot SASL on another machine
Am 05.11.2011 17:01, schrieb Timo Sirainen: On Sat, 2011-11-05 at 15:13 +0100, Tobias Hachmer wrote: is there a way to use Dovecot SASL Authentication for submission on a different machine dovecot runs? With v2.0 you should be able to add inet_listener for auth service, which acts as an auth-client socket. Thanks for your reply. I think I didn't couch correct. I want a postfix machine to authenticate against Dovecot SASL for submission service which hasn't installed dovecot locally. The postfix machine has to ask my central dovecot which is at the moment dovecot v1.2.15 but will be soon v2. Is this possible, if yes, how? Greetz, Tobias
Re: [Dovecot] Dovecot SASL on another machine
Am 05.11.2011 17:35, schrieb Timo Sirainen: On Sat, 2011-11-05 at 17:31 +0100, Tobias Hachmer wrote: Am 05.11.2011 17:01, schrieb Timo Sirainen: On Sat, 2011-11-05 at 15:13 +0100, Tobias Hachmer wrote: is there a way to use Dovecot SASL Authentication for submission on a different machine dovecot runs? With v2.0 you should be able to add inet_listener for auth service, which acts as an auth-client socket. Thanks for your reply. I think I didn't couch correct. I want a postfix machine to authenticate against Dovecot SASL for submission service which hasn't installed dovecot locally. The postfix machine has to ask my central dovecot which is at the moment dovecot v1.2.15 but will be soon v2. Yes, this is how I understood it. OK, sorry. Is this possible, if yes, how? With v2.0: service auth { inet_listener { port = 12345 } } Postfix: smtpd_sasl_path = inet:dovecot.foobar.com:12345 Thanks a lot for your quick help!!! Greetz, Tobias
[Dovecot] setacl on complete mailbox
Hi List, how can I grant a user full control on another mailbox (the complete mailbox with all folder and subfolders). With the setacl command I could do this but first I have to list all folders and then I have to do one setacl command for each folder. Is there a command to this in one line? Also for new created folders? Greetz, Tobias
[Dovecot] BestPractice to migrate imap mailbox from one machine to another
Hi list, currently I use dovecot v1.2.15 with maildir++ mailboxes. (Debian Squeeze) I want to set up a different server with dovecot v2, also maildir++ mailboxes. (also Debian Squeeze) What is the best way to copy the existing mailboxes from the older machine running dovecot v1.2.15 to the new naked machine? Greetz, Tobias
Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another
On Fri, 09 Sep 2011 15:22:54 +0200, Robert Schetterer wrote: Am 09.09.2011 15:14, schrieb Tobias Hachmer: What is the best way to copy the existing mailboxes from the older machine running dovecot v1.2.15 to the new naked machine? i used imapsync in a bash script http://ks.lamiral.info/imapsync/ at a massive migration ok, but this tool is not free of charge. Are there any known problems just copying the mailboxes with scp or rsync? Tobias
Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another
On Fri, 09 Sep 2011 15:42:57 +0200, Giulio Casella wrote: Have you tried dsync (part of dovecot)? I don't know if it works for migration to a different (major) version of dovecot, but it's a nice tool. And it works also over ssh. Yeah, I read the sections in the dovecot v2 wiki, but I don't get how to use for migration. As far as I understood it's to keep several dovecot server at a unique data bank. An well, can I use it between dovecot v1.2 and v2? Tobias
Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another
On Fri, 09 Sep 2011 17:16:57 +0200, Giulio Casella wrote: This is working for me: root@oldserver # dsync -v -D -u $user backup ssh newserver dsync -u $user where $user is a username. oldserver and newserver can also have different mailbox format (in my case was mbox - maildir) Thanks for your replies, I will test first the simple copy of the maildirs when the new server is set up. So thanks a lot. Greetz, Tobias
Re: [Dovecot] BestPractice to migrate imap mailbox from one machine to another
On Fri, 09 Sep 2011 20:26:59 +0200, Robert Schetterer wrote: i used imapsync in a bash script http://ks.lamiral.info/imapsync/ at a massive migration ok, but this tool is not free of charge. ? you should donate but you can use it without too, i.e its part of ubuntu Oh, cool, thanks for the hint. Yes, I will test simple copy, imapsnc and dsync. Thanks a lot. Tobias
Re: [Dovecot] Quotas not recalculating
On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: On 5.9.2011, at 4.28, Kyle Brantley wrote: Okay, something else isn't cooperating with this at all. I reconfigured it to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf instead of quota = maildir:User quota), and it is still trying to use maildir quotas: Your user_query in dovecot-sql.conf overrides the quota setting. Same problem here. But how can I use maildirsize quota user_query in dovecot-slq.conf ? I want to manage my users in a sql table and use maildirsize quota. Greetz, Tobias
Re: [Dovecot] Quotas not recalculating
On Tue, 6 Sep 2011 23:08:37 +0300, Timo Sirainen wrote: On 6.9.2011, at 23.01, Tobias Hachmer wrote: On Mon, 5 Sep 2011 08:39:39 +0300, Timo Sirainen wrote: On 5.9.2011, at 4.28, Kyle Brantley wrote: Okay, something else isn't cooperating with this at all. I reconfigured it to use dirsize just to test (quota = dirsize:User quota in 90-quota.conf instead of quota = maildir:User quota), and it is still trying to use maildir quotas: Your user_query in dovecot-sql.conf overrides the quota setting. Same problem here. But how can I use maildirsize quota user_query in dovecot-slq.conf ? I want to manage my users in a sql table and use maildirsize quota. There's nothing special in that. Just about all the examples in wiki assume you want to do that. http://wiki2.dovecot.org/Quota/Configuration#Per-user_quota OK, thanks. Removing CONCAT('*:bytes=', CAST(quota AS CHAR)) AS userdb_quota_rule from user_query as well as from password_query in dovecot-sql.conf worked for me. Greetz, Tobias
[Dovecot] Bug found, assertion failed
Hi there, We're running dovecot 2.06, with mdbox. Following message was in our syslog: Jan 20 09:26:48 servername dovecot: [ID 583609 mail.crit] imap(user): Panic: file istream-limit.c: line 79: assertion failed: (v_offset = lstream-v_size) The problem could be solved on client side, by just deleting the ImapMail-Folder in Thunderbird. Why? Thunderbird tried to move a message, that obviously wasn't there. Dovecot got killed and the message above was in the syslog. Connection was closed and Thunderbird told me the server is dead. Thunderbird tried this every few seconds, and there was no way to say thunderbird stop try moving. So the only way was to delete thunderbirds mail cache. I think it would be very nice, if dovecot doesn't die, just because the client tries to move a message, which isn't there. Thanks, Tobias Daucher -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
Re: [Dovecot] dsync not copying all mail
Am 10.01.2011 14:59, schrieb Nick Rosier: Hi, I'm still trying to migrate from Dovecot 1.2.16 to 2.0.7 on FreeBSD. Previous attempts have failed with mails not being visible after the upgrade. Version 1.2.16 was migrated from maildir to dbox about a year ago via the convert-plugin. After previous attempts to clean the hybrid maildir-dbox situation I used imapsync to copy all mails from the old account to a new account. I would assume in this case I get a clean dbox-mailmap. I tried to run dsync on this new map but noticed a lot of mails are not syncing: [vm...@mail ~]$ find /vmail2/new/bunbun.be/nick | wc -l 5329 [vm...@mail ~]$ find /vmail2/old/bunbun.be/nick | wc -l 6134 Any ideas? N. deleted mails on old server... do expunge or purge befor syncing. imapsync will not copy deleted messages i think... -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
[Dovecot] shared boxes
Hi there, is it possible in any way to have private seen flags for users in a shared mailbox? http://wiki2.dovecot.org/SharedMailboxes/Shared says no, but i'm not sure, if newer mailbox formats can do this... like mdbox oder something like that. thanks for your help Tobi --
Re: [Dovecot] Virtual inbox folder bug
Got the same problem with thunderbird... thunderbird wants to be intelligent and caches information... the server would remove the message, but thunderbird says hey it was not me so i don't anything about moving and reads the message from its cache... close thunderbird, delete the imapmail folder in your profile, and restart thunderbird = mail is gone... and if you find a way to turn off this fu***ing caching of thunderbird it would be nice to tell it to me... caching sucks with imap and i don't find any option to turn it off... bye tobi Am 02.11.2010 22:50, schrieb Antonio Henrique Oliveira: Hi all, I've been using dovecot as our internal mail server for quite some time. It works very well. Each of our mailboxes have 1000+ messages (some have more than 4-5000 messages). I have recently started using virtual folders and, using an adaptation of an example script in the dovecot site (http://wiki.dovecot.org/Plugins/Virtual), to have a virtual folder changed to act as inbox. All of my email is delivered in some folder other than the real inbox via sieve scripts. My inbox is, therefore, a virtual folder, which only displays the unread emails on all the folders in the account. Everything works fine *except* that, when I mark an email as read or when I open an email directly on the inbox, it does not disappear from the inbox (as it should since it is not unread after being open or being marked as read). I'm not sure if this is a bug, a feature, or a misconfiguration :) I'm using dovecot 1.2.13 on Debian Etch (installed using the backports repository). Attached is the file with the output of dovecot -n, the script for the virtual folder and the custom login script to change the virtual folder to act as the inbox. I'm using Thunderbird 3.1.6 on Windows XP SP3 as the main mail client and also using an Android phone (Samsung Galaxy) to access the same account. Regards, -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
Re: [Dovecot] dsync, separator, but really - Default Namespace
Am 28.10.2010 16:35, schrieb Daniel L. Miller: Just made the leap from 1.2 to 2.0.6 - and several maddening config typos I think I have a working system again! Getting closer to converting from maildir to mdbox, but first... Trying to use dsync gives me: dsync(root): Fatal: Mail locations must use the same virtual mailbox hierarchy separator (specify separator for the default namespace) Ok - I 've never configured namespaces before...time to learn. So my first attempt - is the following config the same as having no explicit namespace declaration?: # My Default Namespace namespace { type = private separator = '.' prefix =. location = /var/mail/%d/%n/Maildir inbox = yes hidden = no list = yes subscriptions = yes } the first thing i see is that there must not be quotes around the separator, don't know who dovecot is working with the quotes... the locatin needs a prefix about the format so anything like maildir:/var/mail/%d/%n/Maildir -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
Re: [Dovecot] Convert Plugin
Am 27.10.2010 20:26, schrieb Daniel Luttermann: Dr Matthew Williams wrote on 10/27/2010: Hello, I have been investigating mailbox conversions and have used the convert plugin under Dovecot V1.x. I cannot find the plugin in the list on the wiki for Dovcot V2.x, is it not included for a reason? I understand that I can do a post-login script to do the conversion, any guidance on best practices? you can use dsync instead. Link: http://wiki2.dovecot.org/Tools/Dsync -- Daniel after having some problems with dsync, we did all convertings like this (imap-tool/daemon) 1. make a namespace for the old format 2. make a namespace for the new format 3. use something like this: (echo 1 select .mboxnamespace/old; echo 2 copy 1:* mdboxnamespace/new; echo 3 logout)| /usr/local/libexec/dovecot/imap -u user after checking the result you can do (echo 1 select .mboxnamespace/old; echo 2 delete .mboxnamespace/old; echo 3 logout)| /usr/local/libexec/dovecot/imap -u user and thats it... works for every formats that dovecot can access... perhaps it is possible to add this way as an alternative for dsync to the wiki - cause dsync has some problems.. i.e. wenn old mailboxes have little errors or something like that... note: you have to create the new folder in the new namespace of course before copying... bye and i hope this will help all of you! Tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
Re: [Dovecot] merge mdboxes
Am 25.10.2010 15:53, schrieb Timo Sirainen: On Sat, 2010-10-23 at 16:27 +0200, Tobias Daucher wrote: Hi there, after migration we have a very big problem... there are two mailboxes in /var/mail/username/mailboxes/ /var/mail/username/mailboxes/inbox /var/mail/username/mailboxes/inbox2 So they are in the same mdbox storage, just in different mailboxes? By the way - logging in via imap with thunderbird und move them on that way is not my favorite solution cause i have to do this for hundreds of users... IMAP would still be the simplest solution. You could do something like: printf 1 select inbox2\n2 copy 1:* INBOX\n3 delete inbox2\n | /usr/local/libexec/dovecot/imap -u username All right it works! dsync is sometimes not s stable but the imap server is... so why do a converting oder something like that not always via this way? (echo 1 select .NCarchiv/tsdauche; echo 2 copy 1:* INBOX; echo 3 logout)| su tsdauche -c /usr/local/libexec/dovecot/imap and after that you can delte the old box... (echo 1 select .NCarchiv/tsdauche; echo 2 delete .NCarchiv/tsdauche; echo 3 logout)| su tsdauche -c /usr/local/libexec/dovecot/imap so there are no faults and no problems with converting and merging boxes... thanks for that hint timo! bye tobias daucher -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
[Dovecot] merge mdboxes
Hi there, after migration we have a very big problem... there are two mailboxes in /var/mail/username/mailboxes/ /var/mail/username/mailboxes/inbox /var/mail/username/mailboxes/inbox2 i DO have to merge these boxes, but i found no tools for this step. is there any way with doveadm oder dsync to move alle messages from mdbox inbox2 into mdbox inbox? i hope you all can tell me a way to do this - its a very very big problem at the moment. By the way - logging in via imap with thunderbird und move them on that way is not my favorite solution cause i have to do this for hundreds of users... i hope you can help me! thanks a lot! Tobias Daucher
[Dovecot] bug with null pointer
Hi, we found a serious bug while testing our migration scripts. in Solaris (or other system 5) the user variable is not always set. Dsync is not very happy about that and crashes with an segmentation fault. After hours of debugging and TWOE simple lines # USER=$LOGNAME # export USER the problem was solved! The null pointer was found - so i will go home now an drink a bottle of Erdinger... hope this hint helps for development - and we hope that we don't find more of these bugs :) bye Tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Hauptsitz: Schnaittenbach Handelregister: Amberg HRB 4653 Gerichtsstand: Amberg Steuernummer: 201/118/51825 USt.-ID-Nummer: DE 273143997 Geschäftsführer:Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
[Dovecot] acl allow creation of special foldernames
Hi, ACL works fine now... But is it possible so allow users the creation of specific folder names? so users should be able to create a folder Sent but not the folder Send or something like that I just want to allow some folder names and only THESE folders... Thanks for you help! Tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Handy: 0160-5348073 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Amberg HRB 2845 Gerichtsstand Amberg Steuernummer 201/118/51809 USt.-ID-Nummer DE 813066264 Geschäftsführer: Dr. Martin Nagler
Re: [Dovecot] bug in dsync
Am 14.10.2010 18:33, schrieb Timo Sirainen: On Wed, 2010-10-13 at 07:55 +0200, Tobias Daucher wrote: Hi, I'm trying to convert mailboxes from mbox zu mdbox. The following command was performed: dsync mirror -u tsdauche mbox:~/.NCmail/Drafts dsync -u tsdauche mirror mbox:~/.NCmail/Drafts dsync(tsdauche): Panic: file dsync-worker-local.c: line 185 (dsync_drop_extra_namespaces): assertion failed: (ns != NULL) [1] Abort trap (core dumped) dsync mirror -u tsdauche This is strange though. Anyway, with your config I get an error instead of the above crash: dsync(tss): Fatal: All your namespaces have a location setting. It should be empty (default mail_location) in the namespace to be converted. I tried this right now... i commented out the location from one namespace... put you line to the shell... exactly the same error... thanks but this was not the fault... -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Handy: 0160-5348073 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Amberg HRB 2845 Gerichtsstand Amberg Steuernummer 201/118/51809 USt.-ID-Nummer DE 813066264 Geschäftsführer: Dr. Martin Nagler
Re: [Dovecot] mbox folder deleting
Am 14.10.2010 17:23, schrieb Timo Sirainen: On Tue, 2010-10-12 at 16:30 +0200, Tobias Daucher wrote: Hi there again, I just wanna tell you what little bug we've found... Namespace is in mbox format. After deleting an mbox the entry in the .imap stays so not everyting is moved away and ist just hanging around... not so bad, but would be nice if it was cleaned up... You didn't mention what Dovecot version. I think in earlier v2.0.x there was such a bug, but at least now with v2.0.5 it gets deleted just fine. ok thanks, we just tried 2.0.3 - sorry... in the other posting i made there was the version number and so on... tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Handy: 0160-5348073 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Amberg HRB 2845 Gerichtsstand Amberg Steuernummer 201/118/51809 USt.-ID-Nummer DE 813066264 Geschäftsführer: Dr. Martin Nagler
[Dovecot] mbox folder deleting
Hi there again, I just wanna tell you what little bug we've found... Namespace is in mbox format. After deleting an mbox the entry in the .imap stays so not everyting is moved away and ist just hanging around... not so bad, but would be nice if it was cleaned up... thanks Tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Handy: 0160-5348073 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Amberg HRB 2845 Gerichtsstand Amberg Steuernummer 201/118/51809 USt.-ID-Nummer DE 813066264 Geschäftsführer: Dr. Martin Nagler
[Dovecot] bug in dsync
Hi, I'm trying to convert mailboxes from mbox zu mdbox. The following command was performed: dsync mirror -u tsdauche mbox:~/.NCmail/Drafts dsync(tsdauche): Fatal: execvp(-u) failed: No such file or directory dsync(tsdauche): Panic: file dsync-worker-local.c: line 185 (dsync_drop_extra_namespaces): assertion failed: (ns != NULL) [1] Abort trap (core dumped) dsync mirror -u tsdauche mbox:~/.NCmail/Drafts I also tried other combinations with dsync, but they all fail... :( I'm sending the core file and the conf output with this mail. Hope you can find out whats the problem, thanks a lot! Tobi -- Dr. Nagler Company GmbH Hauptstraße 9 92253 Schnaittenbach Tel : 09622-7197-38 Fax : 09622-7197-50 Handy: 0160-5348073 Web : http://www.nagler-company.com E-Mail : tobias.dauc...@nagler-company.com Amberg HRB 2845 Gerichtsstand Amberg Steuernummer 201/118/51809 USt.-ID-Nummer DE 813066264 Geschäftsführer: Dr. Martin Nagler dovecot.conf # 2.0.3: /usr/local/etc/dovecot/dovecot.conf # OS: NetBSD 5.0.2 amd64 auth_cache_size = 10485760 auth_cache_ttl = 36000 s auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes base_dir = /var/run/dovecot/ debug_log_path = /var/tmp/dovecot-debug-log default_internal_user = open-xchange default_login_user = open-xchange deliver_log_format = msgid=%m: %$ From = %f Size = %p disable_plaintext_auth = no dotlock_use_excl = yes hostname = s051 info_log_path = syslog lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_plugin_dir = /usr/lib/dovecot mdbox_rotate_size = 209715200 namespace { hidden = yes inbox = no list = yes location = mdbox:%h/.NCmailmd prefix = NCmailmd/ separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = yes list = children location = mdbox:/var/mail/%u prefix = _INBOX_/ separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = no list = yes location = mbox:%h/.NCmailmd/ARCHIV prefix = ARCHIV/ separator = / subscriptions = yes type = private } namespace { hidden = yes inbox = no list = children location = mdbox:%h/.NONEXISTENT no_storage_autocreate = yes no_storage_autodetect = yes prefix = NONEXISTENT/ separator = / subscriptions = yes type = private } passdb { driver = passwd } postmaster_address = postmas...@nagler-company.com protocols = imap quota_full_tempfail = yes sendmail_path = /usr/pkg/libexec/sendmail/sendmail service auth-worker { user = root } service auth { unix_listener auth-userdb { group = mode = 0666 user = } user = $default_internal_user } service imap-login { process_min_avail = 1 service_count = 0 vsz_limit = 67108864 } service imap { process_limit = 1024 vsz_limit = 268435456 } ssl = no userdb { driver = passwd } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail imap_idle_notify_interval = 120 s imap_logout_format = bytes=%i/%o imap_max_line_length = 65536 mail_max_userip_connections = 0 mail_plugins = }
Re: [Dovecot] Patch: New event mailbox_create for the mail_log plugin
Am 02.08.2010 um 16:34 schrieb Timo Sirainen: On Thu, 2010-07-29 at 13:28 +0200, Tobias Joch wrote: the following patch for the mail_log plugin (source version = 1.2.13) adds a new logging event mailbox_create. Perhaps this is also of interest to other people except me ;) I added mailbox_create event now to v2.0, but I had to pretty much rewrite the patch because v2.0's mail_log plugin works via notify plugin. Cool ;) Thanks!
Re: [Dovecot] Using Dovecot deliver with Postfix
Am 29.12.2009 um 22:34 schrieb Timo Sirainen: On Fri, 2009-12-25 at 13:30 +0100, Tobias Lang wrote: while installing Dovecot sieve, I am not able to deliver email for root. That's because you should be redirecting root's mails to some other user. root shouldn't have mail. Well, I do redirect mail to admin accounts. However, I use SuSE 11 as a base system. And there it is a default to also deliver root mail to the root account, default aliases looks like this: root: tobi, \root I was not aware, that root should not be allowed to recieve mail at all and by removing the '\root' from /etc/aliases, deliver is working as expected. Tobi P.S.: Sorry for private double-post
Re: [Dovecot] pop3+leave messages on server
On Tue, 29 Dec 2009 09:48:46 +0100, Papp Tamas tom...@martos.bme.hu wrote: hi All, I have a srange problem. Before dovecot there was a courier imap and it worked just fine. The client(s) are the same then before, so I think, this is an server side problem. I have a user with Outlook and he uses pop3 and leaves messages on server. Sometimes the messages get downloaded again, when he starts the outlook. Not all, but 7-9 hours back. uidl format is like it's suggested: pop3_uidl_format = %08Xu%08Xv Any idea, what's wrong and what I can do? Thank you very much, tamas Is that a problem with other MUAs too? Or is Outlook the only affected one? You tried Thunderbird or Windows Live Mail to verify? Regards tobi
Re: [Dovecot] pop3+leave messages on server
On Tue, 29 Dec 2009 11:27:49 +0100, Papp Tamas tom...@martos.bme.hu wrote: Tobias wrote: Is that a problem with other MUAs too? Or is Outlook the only affected one? You tried Thunderbird or Windows Live Mail to verify? No, the users are using only Outlook. Should I try it with TB? It would be a bit hard, because the failure does not depend on anything, I don't know, how to cause it. Thanks, tamas Hi Tamas yes I would try with another MUA just to verify whether it's a MUA- or server problem. Btw: No chance to persuade the user to use IMAP instead of POP3? Cheers tobi
[Dovecot] Using Dovecot deliver with Postfix
Hello, while installing Dovecot sieve, I am not able to deliver email for root. The strange thing is, that mails to ordinary users get delivered. And no, I do not use virtual mail, just ordinary unix accounts with an entry to passwd / shadow. Also before switching from Postfix deliver to Dovecot deliver, everything worked fine. Current versions for dovecot and postfix are: dovecot-1.2.8 postfix-2.6.5 Anybody an idea, where I misconfigured something? Thanks in advance Tobi dovecot.log (Dovecot daemon) - Dec 25 13:15:01 deliver(root): Error: chdir(/root) failed: Permission denied Dec 25 13:15:01 deliver(root): Error: stat(/root/Maildir) failed: Permission denied Dec 25 13:15:01 deliver(root): Error: stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65533(nobody) missing +x perm: /root) - mail.log (Postfix daemon) - Dec 25 13:15:01 h636004 postfix/pickup[9007]: ABD64208163: uid=0 from=root Dec 25 13:15:01 h636004 postfix/cleanup[9073]: ABD64208163: message-id=20091225121501.abd64208...@domain.net Dec 25 13:15:01 h636004 postfix/qmgr[9006]: ABD64208163: from=r...@domain.net, size=629, nrcpt=1 (queue active) Dec 25 13:15:01 h636004 postfix/local[9075]: ABD64208163: to=t...@domain.net, orig_to=root, relay=local, delay=0.26, delays=0.14/0.01/0/0.12, dsn=2.0.0, status=sent (delivered to command: /usr/local/libexec/dovecot/deliver) Dec 25 13:15:01 h636004 postfix/local[9075]: ABD64208163: to=r...@domain.net, orig_to=root, relay=local, delay=0.36, delays=0.14/0.01/0/0.21, dsn=4.3.0, status=deferred (temporary failure) - Here is an excerpt from my dovecot.conf: dovecot.conf: - protocol lda { postmaster_address = postmas...@domain #mail_plugins = sieve # Disabled to fix deliver issue } mail_location = maildir:%h/Maildir auth default { mechanisms = plain login passdb pam { args = * } userdb passwd { } socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } -
Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve
Am 28.12.2009 um 11:55 schrieb Steve Wagner: if header :contains Organization web.de { discard; stop; } This often works, but sometimes it fails. Procmail reports then that deliver reported an error (but not which) and delivers them to my inbox. There are also no message in dovecots or dovecot delivers log file. This rule will fail, when there is no HeaderEntry called Organization. You should try From instead, this HeaderEntry should always be there to test against. Tobi
Re: [Dovecot] Pigeonhole Sieve IMAP flag question
Am 29.12.2009 um 12:58 schrieb Julian Cowley: Hello, Here is a small script that I've been running to test a problem I've been seeing. Shouldn't this result in the mail being delivered to the inbox as a new message (ie. without the \Seen flag)? require imap4flags; addflag \\Seen; removeflag \\Seen; Every message gets delivered to the inbox as though it's already been read. Hello Julian, by removing the Seen flag, you mark the message as read. New mails arrives with the Seen flag set - thus your command addflag \\Seen is useless. Check out RFC 3501 for the meaning of the different flags. Tobi
Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve
Am 28.12.2009 um 11:55 schrieb Steve Wagner: if header :contains Organization web.de { discard; stop; } This often works, but sometimes it fails. Procmail reports then that deliver reported an error (but not which) and delivers them to my inbox. There are also no message in dovecots or dovecot delivers log file. This rule will fail, when there is no HeaderEntry called Organization. You should try From instead, this HeaderEntry should always be there to test against. Tobi
Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve
Am 28.12.2009 um 13:02 schrieb Steve Wagner: Hi Tobi, yes but it is correct. It should only discard messages that have this header. The sieve filter is larger, this are only the parts witch use discard. Steve Am 28.12.2009 12:25, schrieb Tobias Lang: Am 28.12.2009 um 11:55 schrieb Steve Wagner: if header :contains Organization web.de { discard; stop; } This often works, but sometimes it fails. Procmail reports then that deliver reported an error (but not which) and delivers them to my inbox. There are also no message in dovecots or dovecot delivers log file. This rule will fail, when there is no HeaderEntry called Organization. You should try From instead, this HeaderEntry should always be there to test against. Tobi Hey Steve, as you can not provide some error messages, it is quite hard to help you with your problem. However, I would guess that there is something wrong with your sieve rules - based on the information, that most mails get filtered correctly. Try analyzing the mails causing errors separately with e.g.: http://www.fastmail.fm/docs/sieve/sievetest.php Maybe you can isolate the error there. Tobi
Re: [Dovecot] Dovecot-deliver sometimes fails when message set to discard via sieve
Am 28.12.2009 um 14:34 schrieb Steve Wagner: Ok ive tested it. The sieve script works as expected. The only error message i have, come from procmail.log: 24918-Folder: /opt/dovecot/libexec/dovecot/deliver 3720 24919-procmail: Error while writing to /opt/dovecot/libexec/dovecot/deliver 24920:From keineantwortadre...@web.de Tue Dec 8 07:19:55 2009 The procmail-deliver error logfile is empty and the normal log file dose not contains that error. Do you have an idea how else i can get the error message? Steve Try using 'VERBOSE=on' in .procmailrc . Moreover I find it curious that, procmail tries to write to dovecot/deliver. This should be a binary file and no writing should occur to it. What does your .procmailrc look like? Tobi
Re: [Dovecot] checking all folders for new mail (IMAP STATUS command)
On Mon, 28 Dec 2009 14:30:14 +0100, Florian Effenberger flo...@gmail.com wrote: Hello, I use Thunderbird as IMAP client and do a lot of server-side filtering with Sieve scripts. To be notified of new mails, I want to check all folders (a lot of them...) at once for new mails, and not only the inbox. According to http://kb.mozillazine.org/Checking_for_new_messages_in_other_folders_-_Thunderbird it should be sufficient to enable one setting -- given that the IMAP server returns the STATUS command correctly. I still run Dovecot 1.0 (from Debian 4.0), and it seems this version doesn't support the IMAP STATUS command, as I have to explictly query each folder with the second mentioned setting. What is the recommended way of checking all folders for new mails? Is there any server-side setting I can activate? Do newer versions of Dovecot support the STATUS command in the way Thunderbird expects it? Or does Dovecot even offer an option like the mentioned IMAP_CHECK_ALL_FOLDERS=1 and IMAP_ENHANCEDIDLE=1 in Courier? Sorry for my maybe dumb question... :-) Thanks, Florian This might be help you... **quote** If Thunderbird doesn't recognize that a folder contains unread messages try setting mail.imap.use_status_for_biff true. It causes Thunderbird to explicitly select each folder to update the message summaries, rather than using the STATUS command. It has more overhead, but some IMAP servers don't return STATUS correctly. **quote**
Re: [Dovecot] checking all folders for new mail (IMAP STATUS command)
Am 28.12.2009 um 16:14 schrieb Florian Effenberger: Hi Tobias, This might be help you... **quote** If Thunderbird doesn't recognize that a folder contains unread messages try setting mail.imap.use_status_for_biff true. It causes Thunderbird to explicitly select each folder to update the message summaries, rather than using the STATUS command. It has more overhead, but some IMAP servers don't return STATUS correctly. **quote** thanks, that's exactly what I am refering to. ;-) This paragraph talks about some IMAP servers don't return STATUS correctly, and I'm interested to hear if this is true for recent Dovecot versions and whether a patch or a configuration directive is available to fix it... :) Florian Locking at http://www.dovecot.org/ : Overview ... * Dovecot is standards compliant. Dovecot v1.1 passes all IMAP server standard compliancy tests while most other servers fail many of them. ... Hope, this answers your question. Maybe you should use a recent version of Dovecot (stable is 1.2.9) and not v1.0 Tobi (another one)