What is the current state of High Availability Dovecot ?
… without going to too much fuss ? Searching the Internet produces a lot of old results and many overly complicated results. My only complication is that I am using PostfixAdmin for mailbox management, and all the mailboxes are virtual. Thanks.
Dovecot High Availability ?
Are there any current, free high availability strategies for Dovecot ?
Dovecot, Last Login Plugin and PostfixAdmin
https://doc.dovecot.org/configuration_manual/lastlogin_plugin/ Is there any documentation about how to get the "Last Login" info into the PostfixAdmin database ?
Re: [EXTERNAL] Sv: function for whitelisting IPs
The custom login script -- in Dovecot or Roundcube or … ? Is there any documentation for such scripting ? -Original Message- From: dovecot on behalf of Sebastian Reply-To: Dovecot Mailing List Date: Thursday, July 15, 2021 at 06:56 To: 'Mailing List' Subject: [EXTERNAL] Sv: function for whitelisting IPs Most such functions would need to be custom. You need to write a custom login script, which also accepts the user's IP as input to a function, which then checks if password is right. And then it returns that password is invalid if IP isn't approved. Then you just need to write some custom functions in roundcube or similiar to have the webmail insert the IP into a database. Or just match it against a GeoIP database and save the latest country the webmail was logged in from, and then SMTP/IMAP is only approved for that country. That reduces the attack surface greatly. -Ursprungligt meddelande- Från: dovecot-boun...@dovecot.org För White, Daniel E. (GSFC-770.0)[NICS] Skickat: den 15 juli 2021 12:21 Till: Dovecot Mailing List Ämne: function for whitelisting IPs Sebastian, Do you have any examples of such a function and how/where it is used ? -Original Message- From: dovecot on behalf of Sebastian Reply-To: Dovecot Mailing List Date: Thursday, July 15, 2021 at 01:19 To: 'Mailing List' Subject: [EXTERNAL] Sv: 2FA/MFA with IMAP & postfix/submission Main problem is that not many clients do natively support multifactor. Some clients, do popup a login dialog if the server rejects the password as invalid, which can be used to create a "cheaty variant" of multifactor, but some clients just popup an error dialog and tell the user to just correct password in settings. Some clients even go as long as requiring the user to delete the account with wrong password and set up a new connection. So no, it cannot be relied upon. I have a better idea: Have a function for whitelisting IPs, possible /24's or similiar, where a login to roundcube or other webmail client (with 2FA) will add the IP onto a whitelist for that account. Or perhaps, just "set" the country of the account based on GeoIP. When an account tries to login via IMAP or SMTP, you just check if IP and/or GeoIP country is right, and reject the login as invalid if so not. The only thing a client needs to do to get his IMAP or SMTP client to work again if it stops working, is to login once via the web client. -Ursprungligt meddelande- Från: dovecot-boun...@dovecot.org För Alex Skickat: den 15 juli 2021 02:10 Till: dovecot@dovecot.org Ämne: 2FA/MFA with IMAP & postfix/submission Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred IMAP4 accounts, as well as postfix users using submission. Clients are using primarily Outlook on Windows and old squirrelmail. Are there multi-factor options available? If it is not available, do you have any recommendations on where I should look to do this? All of the links related to this topic appear to be very old, or limited to Linux PAM users.
function for whitelisting IPs
Sebastian, Do you have any examples of such a function and how/where it is used ? -Original Message- From: dovecot on behalf of Sebastian Reply-To: Dovecot Mailing List Date: Thursday, July 15, 2021 at 01:19 To: 'Mailing List' Subject: [EXTERNAL] Sv: 2FA/MFA with IMAP & postfix/submission Main problem is that not many clients do natively support multifactor. Some clients, do popup a login dialog if the server rejects the password as invalid, which can be used to create a "cheaty variant" of multifactor, but some clients just popup an error dialog and tell the user to just correct password in settings. Some clients even go as long as requiring the user to delete the account with wrong password and set up a new connection. So no, it cannot be relied upon. I have a better idea: Have a function for whitelisting IPs, possible /24's or similiar, where a login to roundcube or other webmail client (with 2FA) will add the IP onto a whitelist for that account. Or perhaps, just "set" the country of the account based on GeoIP. When an account tries to login via IMAP or SMTP, you just check if IP and/or GeoIP country is right, and reject the login as invalid if so not. The only thing a client needs to do to get his IMAP or SMTP client to work again if it stops working, is to login once via the web client. -Ursprungligt meddelande- Från: dovecot-boun...@dovecot.org För Alex Skickat: den 15 juli 2021 02:10 Till: dovecot@dovecot.org Ämne: 2FA/MFA with IMAP & postfix/submission Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred IMAP4 accounts, as well as postfix users using submission. Clients are using primarily Outlook on Windows and old squirrelmail. Are there multi-factor options available? If it is not available, do you have any recommendations on where I should look to do this? All of the links related to this topic appear to be very old, or limited to Linux PAM users.
High Availability Dovecot / Roundcube / PostfixAdmin ?
This is a new setup, running on RHEL 8 with the latest everything. Has anyone out there set up a high availability pair of Dovecot servers - with Roundcube and PostfixAdmin - successfully ? "Callahan's Law: Shared pain is lessened; shared joy, increased — thus do we refute entropy" (Spider Robinson)
Re: [EXTERNAL] Re: Help with "doveadm" - Socket ?
Many thanks, Alexander Your information was on target. -Original Message- From: dovecot on behalf of Alexander Dalloz Date: Monday, May 24, 2021 at 15:50 To: "dovecot@dovecot.org" Subject: Re: [EXTERNAL] Re: Help with "doveadm" - Socket ? Am 24.05.2021 um 19:23 schrieb White, Daniel E. (GSFC-770.0)[NICS]: > I found that /var/run/dovecot/doveadm-server is a socket > but adding it does not help. > > # doveadm mailbox status -A -S /var/run/dovecot/doveadm-server > doveadm mailbox status [-u |-A] [-S ] [-t] [...] > > Am I missing something else ? You must specify all mandatory parameters for doveadm mailbox status. doveadm mailbox status -A -S /var/run/dovecot/doveadm-server -t messages INBOX Specifying the socket is optional and not normally required. Alexander
Re: [EXTERNAL] Re: Help with "doveadm" - Socket ?
A bit more detail: I can do this: # doveadm mailbox list -A ... test_u Sent test_u Trash test_u Drafts test_u public test_u INBOX ... But I cannot do this: # doveadm mailbox status -A doveadm mailbox status [-u |-A] [-S ] [-t] [...] I found this: https://serverfault.com/questions/926034/do-i-need-a-dovecot-socket that suggested: Dovecot probably already listens in the sockets, this is a common configuration for dovecot. Try this command to verify. ss -ntpl | grep -e :143 -e :993 I tried it and got # ss -ntpl | grep -e :143 -e :993 -e :995 LISTEN 0 100 :::993 :::* users:(("dovecot",2572,42)) LISTEN 0 100*:993 *:* users:(("dovecot",2572,41)) LISTEN 0 100 :::995 :::* users:(("dovecot",2572,27)) LISTEN 0 100*:995 *:* users:(("dovecot",2572,26)) LISTEN 0 100 :::143 :::* users:(("dovecot",2572,40)) LISTEN 0 100*:143 *:* users:(("dovecot",2572,39)) I found that /var/run/dovecot/doveadm-server is a socket but adding it does not help. # doveadm mailbox status -A -S /var/run/dovecot/doveadm-server doveadm mailbox status [-u |-A] [-S ] [-t] [...] Am I missing something else ? -Original Message- From: dovecot on behalf of Aki Tuomi Date: Friday, May 21, 2021 at 17:02 To: Alexander Dalloz , "dovecot@dovecot.org" , "daniel.e.whi...@nasa.gov" <"daniel.e.white."@nasa.gov> Subject: [EXTERNAL] Re: Help with "doveadm" - Socket ? > On 21/05/2021 23:59 Alexander Dalloz wrote: > > > Am 21.05.2021 um 21:27 schrieb White, Daniel E. (GSFC-770.0)[NICS]: > > doveadm [-f formatter] mailbox status [-A|-u user] [-S socket_path] [-t] fields mailbox ... > > > > Where do I find this "socket_path", please ? > > > > I am trying to untangle a very old CentOS 6 instance. > > > > Thanks in advance. > > It should be /var/run/dovecot/doveadm-server > > Alexander It can also be a tcp socket. Maybe give us bit more insight on what you are dealing with? Aki
Help with "doveadm" - Socket ?
doveadm [-f formatter] mailbox status [-A|-u user] [-S socket_path] [-t] fields mailbox ... Where do I find this "socket_path", please ? I am trying to untangle a very old CentOS 6 instance. Thanks in advance.
Re: [EXTERNAL] Re: Separating Dovecot and Postfix
Vielen Dank. (Google Translate) LMTP seems the way to go. -Original Message- From: dovecot on behalf of Heiko Schlittermann Organization: schlittermann -- internet & unix support Date: Friday, May 14, 2021 at 11:08 To: Subject: [EXTERNAL] Re: Separating Dovecot and Postfix Hi, White, Daniel E. (GSFC-770.0)[NICS] (Fr 14 Mai 2021 14:37:15 CEST): > I am struggling to update a very old set of mail servers. > Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA) It depends on how your MTA hands-over the messages to the Mail Storage Agend (MSA). If both are on the same machine, in the same file system, there are multiple methods: - direct file system access: The MTA knows about the internal structure of the MSA and writes directly to the (mostly Maildir) mailboxes. This is considered bad practice. - local delivery agent: `dovecot-deliver` read the message from standard input and - as part of the MSA - it knows about the internal structure and hides it from the MTA. This is good practice, but it may impose permission issues. - LMTP: The MTA uses a variant of the SMTP protocol to push the message to the MSA, dovecot can listen on a Unix-Domain socket, as well as on an INET socket, and serve as an LMTP server. This is IMHO the best option, as it allows the best privilege separation, and addtionally it allows an easy migration from having both (MTA, MSA) on the same machine to separate machines. If you have both (MTA, MSA) on distinct machines, then only LMTP is your option. I'm pretty sure that Postfix can use LMTP over INET style network connections. Depending on how you trust into your network, you should consider using TLS for this connection. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE -
Re: [EXTERNAL] Re: Separating Dovecot and Postfix
Many thanks, Jeff. Online documentation is not clear. Everything implies both are necessary. -Original Message- From: Josef 'Jeff' Sipek Date: Friday, May 14, 2021 at 08:40 To: Daniel White Cc: "dovecot@dovecot.org" Subject: [EXTERNAL] Re: Separating Dovecot and Postfix On Fri, May 14, 2021 at 12:37:15 +0000, White, Daniel E. (GSFC-770.0)[NICS] wrote: > I am struggling to update a very old set of mail servers. > Some are supposed to be relays (MTAs by my understanding) while others are > where the mailboxes live (MDA) > > In rebuilding the MDA servers, is postfix required on the same server or > can dovecot connect to postfix on a separate MTA server ? The old MDAs > have both installed, but the config files are a mess. They can live on different servers. I have two - one with postfix and mailman, and a second one with dovecot. Postfix delivers mail to dovecot via lmtp. Jeff.
Separating Dovecot and Postfix
I am struggling to update a very old set of mail servers. Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA) In rebuilding the MDA servers, is postfix required on the same server or can dovecot connect to postfix on a separate MTA server ? The old MDAs have both installed, but the config files are a mess.
Re: Installation Question: Is a web server required ?
If you push the car off a cliff, it will fly for a few seconds. Thanks for responding. -Original Message- From: dovecot on behalf of Benny Pedersen Organization: junc.eu Date: Wednesday, April 28, 2021 at 13:43 To: "dovecot@dovecot.org" Subject: [EXTERNAL] Re: Installation Question: Is a web server required ? On 2021-04-28 19:28, White, Daniel E. (GSFC-770.0)[NICS] wrote: > Can Dovecot be installed with Postfix and without being behind a web > server ? > > I want a mail service that can only be accessed by POP3(s)/IMAP(s) and > not by a web UI. can a car fly without gasoline ? :=) none of the above software require x11 not even roundcube
Re: Installation Question: Is a web server required ?
Thanks. That is what we want. Just mail, no extras -Original Message- From: dovecot on behalf of Heiko Schlittermann Organization: schlittermann -- internet & unix support Date: Wednesday, April 28, 2021 at 13:36 To: Subject: [EXTERNAL] Re: Installation Question: Is a web server required ? White, Daniel E. (GSFC-770.0)[NICS] (Mi 28 Apr 2021 19:28:41 CEST): > Can Dovecot be installed with Postfix and without being behind a web server ? Yes. > I want a mail service that can only be accessed by POP3(s)/IMAP(s) and not by a web UI. Dovecot is a pure POP3/IMAP server. No Web-UI is required/provided. (I think, there are other "modules" planned or working already, like calendar or such. But maybe I'm confusing this with alternative mail access server software.) -- Heiko
Re: [EXTERNAL] Re: Installation Question: Is a web server required ?
Excellent. The documentation is not clear about this. We want the email users to use POP/IMAP clients. Many thanks. -Original Message- From: Shaun Johnson Organization: LinuxMagic Inc. Date: Wednesday, April 28, 2021 at 13:33 To: Daniel White Cc: "dovecot@dovecot.org" Subject: [EXTERNAL] Re: Installation Question: Is a web server required ? On Wed, 28 Apr 2021 17:28:41 + "White, Daniel E. (GSFC-770.0)[NICS]" wrote: > Can Dovecot be installed with Postfix and without being behind a web > server ? > > I want a mail service that can only be accessed by POP3(s)/IMAP(s) > and not by a web UI. > > Thanks. > > > Most definitely - web server is only required if you wanted things like webmail access - or any type of management interface.
Installation Question: Is a web server required ?
Can Dovecot be installed with Postfix and without being behind a web server ? I want a mail service that can only be accessed by POP3(s)/IMAP(s) and not by a web UI. Thanks.