Re: User-configurable time-based mail deletion in specific folders
> Op 25 feb 2024 om 16:51 heeft Steven Varco het > volgende geschreven: > > >>> Am 25.02.2024 um 09:38 schrieb Rupert Gallagher via dovecot >>> : >>> >>> >>> Things like this should be done locally on the Mailclient (MUA), IMHO. >> >> If you are a company, then you must delete old e-mails automatically, by GDPR >> law. > > In this case it comes back to that this is better done by an external script. > > First, dovecot is a global product, where not every company has to take care > about european nonense laws. :P Ouch. GDPR is objectively not nonsense. > Second, I would not want dovecot to become a „fullsize all in one solution > for everything“ (like MS Exchange). I like the concept of doing one thing > only, but doing this good. > > Steven > > >> >> >> Original Message >>> On Feb 21, 2024, 23:25, Steven Varco < dovecot@bbs.varco.ch> wrote: >>> >>> Am 21.02.2024 um 21:25 schrieb Peter Reinhold : > > Hi > I have been >> wondering about if Dovecot has a feature that would allow users to > setup a >> rule for a given folder, that mails older than X days should be > deleted? > >> Or >> is > this something that would need to be done by an external script? Yes. It >> goes beyond of what I expect from an IMAP server. > I have looked a bit at >> autoexpunge, and while the basic feature looks to be > what I need, it >> doesn't >> seem to be configurable down to a specific folder on a > single user. Things >> like this should be done locally on the Mailclient (MUA), IMHO. Steven - >> - https://steven.varco.ch/ https://www.tech-island.com/ >> ___ dovecot mailing list - >> - dovecot@dovecot.org To unsubscribe send an email to >> dovecot-le...@dovecot.org >> >> ___ >> dovecot mailing list -- dovecot@dovecot.org >> To unsubscribe send an email to dovecot-le...@dovecot.org > > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Add tag support to 'Lua Director'
Hi, There's a thread on this mailing list from 2022 called "The end of Dovecot Director?". I lost that email, hence the new conversation. Sorry about that. TL;DR: Is anyone else needing to migrate from Director interested in adding support for 2.x-style tags to the Lua script on https://doc.dovecot.org/3.0/configuration_manual/howto/director_with_lua/? Others on this list know Lua better than I. Background: Director is being removed from 2.4 (CE) / 3.x (Pro). After some notes from the community, the following manual entry popped up: https://doc.dovecot.org/3.0/configuration_manual/howto/director_with_lua/. It provides a Lua script that serves as a kind-of replacement for Director. It expects a list of backends, and maps users to a backend at connection time. The gotcha is in the last sentence: "There are no built-in tools in Dovecot to manage the database (such as adding backends, kicking users, monitoring backends, etc.). You need to build your own tooling." So, I built a CLI tool that provides the following functionality: - CRUD backends. - CRUD user-to-backend mappings. - Health-checking backends (replacing `poolmon`). - Swapping backends (move all users on backend X to backend Y). There's one to-do, though. Director had the concept of 'tags'. This is useful when one has multiple mail clusters, and users should be routed to a specific mail cluster. The Lua script does not know this concept. If a user does not have a mapping, it simply maps the user to any backend. Which could cause users to end up on the wrong backend. Therefore, it would be useful to add tag support to the Lua script: add `user_to_tags` and `tags` tables. Add a `tag_id` column to the `backends` table. Let the Lua script create a mapping to a backend with the same `tag_id` as the user entry in `user_to_tags`. Same logic as the `director_tag` passdb field (Director on 2.x). Alternatively, drop the 'tags' term: create a `user_to_backends` table with a JSON column taking multiple backend IDs (no foreign key relations = bad consistency). Alternatively, one could ensure that the Lua script never creates a mapping itself by manually creating it before the user connects. Pretty fragile in the real world, obviously. After this final to-do, I'd be happy to open-source my CLI. With kind regards, William Edwards ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: DOvecot requires both IPv4 and IPV6 to start
TWHG Technical via dovecot schreef op 2023-09-04 15:30: I have tried replying twice. We have IPV6 disabled for security reasons on all server builds. IPv6 is secure, so that is not needed. An installer script failed which is how we caught this issue. We can see it is due to the config line. A graceful fallback to IPV4 if the IPV6 stack is not available would seem to be an elegant solution that would make dovecot resilient in all circunstances. Cheers Spart ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org Met vriendelijke groeten, William Edwards ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: DOvecot requires both IPv4 and IPV6 to start
TWHG Technical via dovecot schreef op 2023-09-04 13:24: Hello, I hope this is the right place to start. Ubuntu server the default listener configuration in dovecot.conf uses both IP4 and IP6 on systems that have IP6 disabled dovecot will not start. Is it possible to set the default to: listen = * to only bind to IP4 for installation and initial start. Rather than listen = *, :: which tries to bind to a non existent IP6 stack. How about adding the currently 'non existent IP6 stack'? Or simply fallback to ip4 if ip6 is not available. Thank you ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org Met vriendelijke groeten, William Edwards ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: IMAP account can't save any email with attachment
> Op 20 jul. 2023 om 14:26 heeft Chris Thomas het > volgende geschreven: > > > Hi, > > I'm getting a curious problem where if I write a draft without an attachment > and click save. It'll work without any issue at all. > > But if I do the same, then attach a file to the email, it'll sit there for a > couple of minutes before timing out (I'm using thunderbird), it'll eventually > give you a message saying > > "Your draft message was not copied to your drafts folder (Drafts) due to > network or file access errors." > > I've got all of dovecots verbose logging turned on. Cool! So … where is it? > I'm using dovecot as a submission server through to the postfix server to do > the actual sending. All the logging is turned on there too. But I can't > figure out what the problem is. > > Is there anything I can look for in the logs that will help me out? > > chris > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Replication going away?
> Op 16 jul. 2023 om 17:57 heeft Aki Tuomi het > volgende geschreven: > > Hi! > > Yes, director and replicator are removed, and won't be available for pro > users either. > > For NFS setups (or similar shared setups), we have documented a way to use > Lua to run a director-like setup, see > > https://doc.dovecot.org/3.0/configuration_manual/howto/director_with_lua/ It would probably be good to share this link in the aforementioned Director removal thread. > > Regards to replication, doveadm sync is not being removed. So you can still > run doveadm sync on your system to have a primary / backup setup. > > Aki > >> On 16/07/2023 18:34 EEST William Edwards via dovecot >> wrote: >> >> >> Top posting because nothing specific to reply to, sorry. Not exactly sure, >> but there’s another thread about the removal of Director in favour of >> Dovecot Pro on 3.x. Perhaps this change is related. >> >> William Edwards >> >>>> Op 16 jul. 2023 om 16:33 heeft Daniele het >>>> volgende geschreven: >>> >>> Hello, >>> >>> Just like Vladimir, I'm a bit concerned about this change, and I'd really >>> appreciate if someone could let us know if the replication feature (that >>> works so well!) will be replaced or removed; and, in case of removal, what >>> would be recommended replacement? >>> Thanks in advance and best regards, >>> Daniele >>> >>>> On 09-Jul-23 9:36 PM, Vladimir Mishonov via dovecot wrote: >>>> Hello everyone. >>>> >>>> Just saw this commit in the official Github repo: >>>> >>>> https://github.com/dovecot/core/commit/4c04e4c30fd4817a8b0e11d04d9681173f696f41#diff-5f643d8b0d1eea65d0f3c749d14d42b25a9d60f0f149bface862f5ff348412c8 >>>> >>>> >>>> Looking at the commit details, it appears that it completely removes the >>>> replication feature. I'm a bit perplexed by this change and am not sure >>>> what might be the justification for it. Personally, I find replication to >>>> be very useful, as it allows me to maintain a synchronized mirror of all >>>> of my mailboxes on my home server, for use as backup in case the primary >>>> server goes down for some reason. >>>> >>>> Perhaps there's some sort of replacement being planned for this feature? >>>> Or maybe the relevant code is simply going to be refactored to a plugin or >>>> external program, and there's nothing to worry about at all? >>>> >>>> In any case, I'd greatly appreciate if one of the developers could comment >>>> on this change. >>>> >>> >>> ___ >>> dovecot mailing list -- dovecot@dovecot.org >>> To unsubscribe send an email to dovecot-le...@dovecot.org >>> >> >> ___ >> dovecot mailing list -- dovecot@dovecot.org >> To unsubscribe send an email to dovecot-le...@dovecot.org > ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Replication going away?
Top posting because nothing specific to reply to, sorry. Not exactly sure, but there’s another thread about the removal of Director in favour of Dovecot Pro on 3.x. Perhaps this change is related. William Edwards > Op 16 jul. 2023 om 16:33 heeft Daniele het volgende > geschreven: > > Hello, > > Just like Vladimir, I'm a bit concerned about this change, and I'd really > appreciate if someone could let us know if the replication feature (that > works so well!) will be replaced or removed; and, in case of removal, what > would be recommended replacement? > Thanks in advance and best regards, > Daniele > >> On 09-Jul-23 9:36 PM, Vladimir Mishonov via dovecot wrote: >> Hello everyone. >> >> Just saw this commit in the official Github repo: >> >> https://github.com/dovecot/core/commit/4c04e4c30fd4817a8b0e11d04d9681173f696f41#diff-5f643d8b0d1eea65d0f3c749d14d42b25a9d60f0f149bface862f5ff348412c8 >> >> >> Looking at the commit details, it appears that it completely removes the >> replication feature. I'm a bit perplexed by this change and am not sure what >> might be the justification for it. Personally, I find replication to be very >> useful, as it allows me to maintain a synchronized mirror of all of my >> mailboxes on my home server, for use as backup in case the primary server >> goes down for some reason. >> >> Perhaps there's some sort of replacement being planned for this feature? Or >> maybe the relevant code is simply going to be refactored to a plugin or >> external program, and there's nothing to worry about at all? >> >> In any case, I'd greatly appreciate if one of the developers could comment >> on this change. >> > > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org > ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html
> Op 10 apr. 2023 om 18:40 heeft Martin Stenzel het
> volgende geschreven:
>
>
> Hi team,
>
> regarding:
>
> https://www.mail-archive.com/dovecot@dovecot.org/msg77000.html
>
>
>
> I have the very same problem.
>
>
>
> terve:/tmp # decrypt.rb -k /etc/dovecot/mailcrypt/ecpubkey.pem -f
> ./1681118363terve.xy-space.de\,S\=3452\,W\=3515\:2\,S
>
> Key(s) (total: 1)
> - Key type : EC
> - Key digest: a27b201cf7f59f...
> - Peer key : 04aaca0143208904deced2732aaa...
> - Encrypted : 4cde641bff16098b91bfaf66...
> - Kd hash : 9e229ec6c0...
> terve:/tmp # decrypt.rb -k /etc/dovecot/mailcrypt/ecprivkey.pem -f
> ./16811terve.xy-space.de\,S\=3452\,W\=3515\:2\,S
>
>
> Key(s) (total: 1)
> - Key type : EC
> - Key digest: a27b201cf7f59f978bb9b27947f60a9...
> - Peer key : 04aaca0143208904deced2732aaaf127...
> - Encrypted : 4cde641bff16098b91bfaf66c9...
> - Kd hash : 9e229ec6c09...
>
>
> terve:/tmp # decrypt.rb -i -k /etc/dovecot/mailcrypt/ecprivkey.pem -f
> ./1681118...terve.xy-space.de\,S\=3452\,W\=3515\:2
> \,S
> Version : 2
> Flags : AEAD integrity
> Header length : 255
> Cipher algo : aes-256-gcm (2.16.840.1.101.3.4.1.46)
> Digest algo : sha256 (2.16.840.1.101.3.4.2.1)
>
> Key derivation
> - Rounds: 2048
>
> ...
>
>
> N. B. Before posting I arbitrarily removed numbers from the output, maybe
> paranoid...
>
Why?
>
> Environment:
>
> openSuSE Linux server.
>
> dovecot version 2.3.20
>
> openssl version 1.1.1
>
> ruby version 3.1.2p20
>
> decrypt.rb version
> https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de
>
>
>
> This is the way I generated the keys:
>
> openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
> openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem
>
>
> This is the 10-mailcrypt.conf:
>
> mail_plugins = $mail_plugins mail_crypt
>
> plugin {
>#fts_index_fs = crypt:set_prefix=fscrypt_index:posix:set_prefix=/tmp/fts
>mail_crypt_global_private_key = mail_crypt_global_public_key = mail_crypt_save_version = 2
> }
>
>
> Encryption of incoming (thanks to dovecot-lda), as well as outgoing mails
> works perfectly.
>
>
>
> But for me it is more a feature than a bug, since now, even as root I am not
> able to decrypt users mails.
>
> This serves plausible deniability.
>
>
>
> But how can I make sure, that NOBODY ELSE can decrypt with this specific
> private key?
>
> Is there ANY OTHER way to decrypt the mails besides the script?
>
>
>
> Have a nice Monday, and THANKS for taking your time!
>
> Martin, Cologne
>
>
>
> P. S. Did you notice, that as an argument (-k) the results are the same, both
> with private and public key?
>
> P.P.S. If i give the "-w" argument and a file name, the file remains empty,
> tried even that without success.
>
> P.P.P.S. If I call the script with ruby version 2 it bails out...
>
>
>
Re: hostname in director_mail_servers setting
> Op 16 jan. 2023 om 13:59 heeft k v het volgende > geschreven: > > > director_mail_servers setting uses IP Adresses as values > https://doc.dovecot.org/settings/core/#core_setting-director_mail_servers > As described in the documentation, hostnames are converted to addresses when > the configuration is read https://doc.dovecot.org/settings/types/#ip-addresses > > This is acceptable in host or virtual machine environment, but becomes a > problem in a containerized environment. When any backend container is > restarted, its address will change and users related to this backend can no > longer connect, but backend (available with new IP address) can process > request > for example, > director_mail_servers = dovecot-1 dovecot-2 dovecot-3 > becomes in runtime (with one successfully connectetd user f...@example.com) > > doveadm director status > mail server ip tag vhosts state state changed users > 10.0.71.3 100 up - 0 > 10.0.71.4 100 up - 1 > 10.0.71.5 100 up - 0 > > where > dovecot-1 10.0.71.3, dovecot-2 10.0.71.4, dovecot-3 10.0.71.5 > > When dovevecot-2 backend container restarts, and becomes new IP address, user > can't connect to related backend: > imap-login: Info: proxy(f...@example.com,10.0.71.4:143): Started proxying to > <10.0.71.4> () (0.009 secs) > imap-login: Error: proxy(f...@example.com,10.0.71.4:143): connect(10.0.71.4, > 143) failed: No route to host (after 28 secs, 3 reconnects, > local=10.0.71.13:41066) > > My suggestion to developers: Director has been phased out. > resolve backend hostnames to IP address on every request to > director_mail_servers > > It's not about dovemon service with active health checks from dovecot pro, > just dynamic hostname resolve
Re: The end of Dovecot Director?
> Op 27 okt. 2022 om 04:25 heeft Timo Sirainen het volgende > geschreven: > > Director never worked especially well, and for most use cases it's just > unnecessarily complex. I think usually it could be replaced with: > > * Database (sql/ldap/whatever) containing user -> backend table. > * Configure Dovecot proxy to use this database as passdb. > * For HA change dovemon to update the database if backend is down to move > users elsewhere > * When backend comes up, move users into it. Set delay_until extra field for > user in passdb to 5 seconds into future and kick the user in its old backend > (e.g. via doveadm HTTP API). > > All this can be done with existing Dovecot. Should be much easier to build a > project doing this than forking director. This is my train of thought as well. I believe the following would suffice for most setups. A database with: - Current vhost count per backend server. Alternatively, count the temporary user mappings. - Backend servers. - Temporary user mappings between user - backend server. This database is accessible by all Dovecot proxies in case there’s multiple. Steps when receiving a login: - Check if a temporary user mapping exists. - If so, proxy to the backend server in the temporary mapping. (To do: clean up mappings.) - If not, pick the backend server with the lowest vhost count, create a temporary mapping, then increase the vhost count of the chosen backend server. A monitoring service up/downs backend servers. E.g. by checking the port that we proxy to for each backend server. When a backend server is set to down, kick the user to force a reconnection. (Is that how Director ‘moves’ users?)
Re: The end of Dovecot Director?
Maciej Milaszewski schreef op 2022-10-26 11:52: Hi What is the planned replacement like doveadm director status move / kick / flush add /up / del In 3.0 ? This question has been answered in the thread. Will there be a fork dovecot ? If we, the community, start one, yes. -- With kind regards, William Edwards
Re: The end of Dovecot Director?
> Op 21 okt. 2022 om 19:42 heeft Brendan Braybrook het
> volgende geschreven:
>
> On 2022-10-21 04:29, spi wrote:
>>> Am 21.10.22 um 13:14 schrieb Amol Kulkarni:
>>> Nginx has an mail proxy for pop, imap, smtp.
>>> Can it be used instead of director ?
>> Nginx can authenticate imap/smtp (and probably pop3) users. If you that, you
>> can define a backend server the session is routed to. Currently I use that
>> approach to authenticate users by client certificates and route them to the
>> appriopriate backend (well, I only have one ;-).
>
> we've recently switched to director, but we used to use nginx for this as
> well (we started using nginx before director existed). if you load balance
> the nginx proxies themselves, you can easily handle hundreds of thousands of
> concurrent imap connections with them.
>
> in debian/ubuntu, i don't think the nginx packages include the mail proxy
> bits. iirc, we had to compile nginx ourselves with the mail proxy bits
> included.
>
> the nginx config is pretty simple, you have to pre-specifiy the capabilities
> for each protocol and set up some sort of way for nginx to auth and get which
> backend node to send to as spi notes (in this example, it's an http call):
>
> mail {
> auth_http localhost:8080/cgi-bin/auth;
> proxy_pass_error_message on;
>
> pop3_capabilities "TOP" "UIDL" "RESP-CODES" "PIPELINING" "AUTH-RESP-CODE"
> "USER" "SASL PLAIN" "SASL PLAIN LOGIN";
> server {
>listen 110;
>protocol pop3;
>proxyon;
> }
>
> imap_capabilities "IMAP4rev1" "LITERAL+" "SASL-IR" "LOGIN-REFERRALS" "IDLE";
> server {
>listen 143;
>protocol imap;
>proxyon;
> }
> }
>
> localhost:8080/cgi-bin/auth then just auths the user/pass that nginx gets
> from the incoming request and returns success and the next hop for nginx to
> proxy to.
>
> the only real difficulty is that you then need to write your own state system
> into your cgi auth script to ensure that users get sent to the same backend
> imap server if they already have an existing connection and have some way to
> safely fail over to other backend imap servers should one go down. (it's nice
> to have director handle this state stuff for you)
Although Director does not do health checks and down servers automatically. I
was working on an open source program for that (as an alternative to Dovemon),
but that plan is canceled with this announcement :)
Re: Outlook vs. Dovecot experience
Vladislav Kurz schreef op 2022-01-13 11:07: Dear colleagues, what is your experience regarding using outlook (2016/365) as IMAP client and dovecot on server side? It works. We have sync issues with outlook vs. cyrus IMAP server, and we consider moving to dovecot. But before that I'd like to hear from others if this combination works well. Especially if users have large and bushy mailboxes (>10 GB, >100 mailboxes), two mailboxes (accounts) on the same server. I don't want to do the migration just to find out that it is general issue of outlook vs. any IMAP server. It depends on the issue... Dovecot can work with Outlook as its client, so can Cyrus IMAP. Yes, Dovecot works with Outlook (of course it does, that's why a standardised *protocol* is for). But if it'll solve your issue, who knows. -- With kind regards, William Edwards
Re: Can't log in from Evolution or Roundcube
Dave McGuire schreef op 2022-01-08 18:20: On 1/8/22 11:27 AM, Ken Wright wrote: MariaDB. Now it's time for me to clarify. The "source stream returned no data" error is in Evolution; the "connection to storage server failed" is in Roundcube. So I'm seeing similar errors in two different email clients trying to get to the same server. I know there are any number of reasons for a failed connection to Dovecot, but I just don't have the experience to figure this one out. Understood. There's enough expertise here to get you going. First, ignore the superficial similarity of the errors and diagnose/address them individually. Get one mail client working via IMAP. For Evolution's "source stream returned no data", ignore my previous suggestion about web browser SSL vs. non-SSL, as that's not relevant to Evolution. The error looked very familiar to me at first; it probably came from the same library as whatever I was working with when I hit that. (probably libssl) Go into the mail account configuration in Evolution and check the settings there. I don't use Evolution so I can't direct you more specifically, but what to pay attention to here is the connection settings and port numbers. I'm guessing (hazardously) that the port number or SSL method is incorrect. Make sure to distinguish between SSL and TLS (STARTTLS). Concentrate on getting that working first; don't get distracted from it. After that's working, then move on to Roundcube. Look in Roundcube's config.inc.php file. Where that file is located is system-dependend; mine is in /opt/local/etc/roundcube, which is specific to SmartOS. Parameter "$config['db_dsnw']" is the DSN for your database connection. This is the format of that configuration variable: $config['db_dsnw'] = 'mysql://USERNAME:PASSWORD@SERVER/DATABASE'; You're running MariaDB, which is a fork of MySQL, so I'm guessing that Roundcube doesn't differentiate between the two, so the "mysql" above is probably correct. Check the docs if that fails. Obviously, the words in uppercase must be correct for your installation. "SERVER" might be "localhost" for you. (it isn't for me) AFAIK, the error "Connection to storage server failed" only occurs when Roundcube can't connect to IMAP (in this case, Dovecot). If there's a database issue, Roudcube should show the message "Unable to connect to the database!". One quick thing to check: Did you issue a "flush privileges" command to MariaDB after creating the account for Roundcube to use? FWIW, that hasn't been needed for quite some time when not directly manipulating mysql.users (i.e. using `CREATE USER`). See how far that gets you and report back. -Dave -- With kind regards, William Edwards
Re: Can't log in from Evolution or Roundcube
> Op 8 jan. 2022 om 06:30 heeft Ken Wright het > volgende geschreven: > > On Fri, 2022-01-07 at 23:59 -0500, Dave McGuire wrote: >> On 1/7/22 11:58 PM, Ken Wright wrote: > When I try to log in to my mail server (ubuntu 20.04, Postfix > 3.4.13, Dovecot 2.3.7.2) I get a response saying "Source stream > returned no data”. At least to me, that's not particularly > informative. Is it any more informative to anyone else? The last time I hit that, I'm pretty sure it was because I was going to port 80 instead of port 443 to reach Roundcube. >>> >>> I'm using port 143 for receiving and 587 for sending; I didn't >>> think 443 was for email. Am I mistaken? (Not at all unlikely!) >> >>Nono, for your web browser's connection to Roundcube. I could be >> barking up the wrong tree here, but I'm pretty sure that's the error >> I hit. > > Thanks for the clarification. I just tried Roundcube again, and got > the error "Connection to storage server failed." If I’m not mistaken, that means Roundcube couldn’t connect to the mail server. There can be a million reasons for that, of course. Roundcube doesn’t show the actual error to the user, but does log it somewhere. > I also checked the > nginx script for Roundcube and commented out the references to port 80, > then restarted nginx. Same error. So I tend to think it's a server > issue, not a client issue. Does that make any sense? > > Ken > >
Re: Retrieive vsz_limit programatically
> Op 20 nov. 2021 om 18:23 heeft Joan Moreau het volgende > geschreven: > > > Hello > > > > How to get, programatically (C/C++), the value of teh dovecot.conf file of > vsz_limit and default_vsz_limit ? > Parse doveconf? > Thank you > >
Re: Solr FTS - message deletes not working as expected
> Op 18 nov. 2021 om 17:15 heeft Shawn Heisey het > volgende geschreven: > > On 11/3/21 11:45 PM, Shawn Heisey wrote: >> Manual expunges of existing messages also are not sending a delete request >> to Solr. I waited several minutes for that too. > > Update on this, since you're all on the edge of your seat waiting. :) Thanks for reporting back to the list. > > I did a Send test with TypeApp, a mail client for Android. It behaved > completely as expected: Dovecot immediately sent a delete request to Solr > for the temporary message in Drafts. > > So I went to Mozilla forums and started a discussion about what I am seeing > with Thunderbird. > > I did another test run with sending a message with unique text, and doing a > manual Solr query for that unique text, I saw one result before sending and > two results after sending. Watching the Solr log, no delete request was sent. > > Then something completely unexpected: I needed to reboot the laptop, so I > quit Thunderbird, and I hadn't yet closed my ssh session to the mail server, > which was still tailing the solr log with a grep for delete messages. As > soon as I did the quit, Solr got a delete request for the Drafts message. I > did another test -- shift-delete a message, see that Solr did not see the > delete request. And then after I waited a while, I quit Thunderbird again. > Instantly got a delete request in Solr's log. > > Definitely a Thunderbird problem, not dovecot. Thanks for your patience, > everyone. I will pursue it with Mozilla now. > > Thanks, > Shawn > > >
Re: Postfix -> bogogilter -> Dovecot -> Sieve
> Op 17 nov. 2021 om 06:10 heeft Mike het volgende > geschreven: > > > I've been trying to work out how to get postfix to accept mail, send it to > bogofilter, then deliver using dovecot while allowing a global sieve filter > and users able to filter mail based on the bogofilter header. > > I've been successful at getting it to add the bogofilter header as needed, > but don't understand what I need to do in order to have it get routed to > sieve. Dovecot takes care of that. > > Anyone do anything like this already and have a working config? > > I THINK I need to make dovecot deliver mail locally using lmtp or lda, but > I'm not exactly sure. This is documented: https://doc.dovecot.org/configuration_manual/sieve/troubleshooting/ > Thanks for any thoughts or ideas that you might have to accomplish this. > > > Mike. >
Re: ZFS storage and backup
> Op 14 nov. 2021 om 15:15 heeft infoomatic het volgende > geschreven: > > Hi listmembers, > > I am about to migrate our mailservices to FreeBSD + ZFS. Thus, before > entering the sheer endless stage of performance testing, I thought I > would ask here kindly for all kinds of information. > > My setups are nothing special with few users, however, I would like to > have a nice setup, maybe some of you could contribute to this thread. We > are using slow spinning disks, but we may consider using ssds in a > not-so-distant future If performance is a concern, why not now? > > *) storages: any infos on ZFS options or whether to use mdbox or sdbox, > and what configs/options regarding compression etc. > > *) backup: what is a best practice regarding backups? - using only the > dovecot tools or leveraging the great features of ZFS (or both) with > snapshots etc.? > > Thanks for all sorts of infos, probably saving me quite some time > evaluating different options! > > Robert > >
Re: Strategies for protecting IMAP (e.g. MFA)
> Op 13 nov. 2021 om 22:17 heeft Tyler Montney het > volgende geschreven: > > > With the world of ransomware as it is today (aka attacks seem more vicious > and commonplace), anything I expose to WAN must have additional protection. > I've seen a few posts to this list on it. The only thing that helped was that > Dovecot supports OAuth. Through OAuth I figure I could implement MFA. > However, I'd have to host my own identity server. From there, Thunderbird > supports OAuth so that should work. > > Since this is getting increasingly complicated, I wanted to ask before going > further. What do you all do? Any recommendations? If I remember correctly, Dovecot is able to do IP whitelisting in the userdb or passdb. That way, you don’t have to close your mail ports, but you can add an additional layer of protection with an IP whitelist per mailbox.
Re: auth-cache on disk?
Przemysław Kwiatkowski schreef op 2021-11-07 11:31: Hello, As far as I understand - auth cache it stored in memory, isn't it? Is there a way for it to survive Dovecot restart? A second-level cache next to SHM would require the data to be dumped on and read from disk at start time. I'm not sure what the security implications of that would be. Anyway, what are you trying achieve? Are you seeing performance issues with user authentication when restarting? The fact that is option is (AFAIK) not available indicates that this isn't a problem for other users. -- With kind regards, William Edwards
Re: 2.3.17 broken on CentOS8 / bug
> Op 3 nov. 2021 om 19:14 heeft Elise het volgende > geschreven: > > Aki Tuomi: >> This issue is now fixed for Dovecot on master with >> https://github.com/dovecot/core/compare/ca2237e%5E..6fff8d5.patch > > Can someone hint us how we should process this fix (sorry, blond)? Patch + compile? > > /elise >
Re: 2.3.17 broken on CentOS8 / bug
> Op 30 okt. 2021 om 12:10 heeft TG Servers het volgende > geschreven: > > Thanks for your reply William. > > But the only thing I found in the meanwhile about this issue is that when the > ca-bundles files is too "big" it does not work anymore. And if this file is > shortened to one entry it will work, someone seems to have tested this. > This is no fix, it is a bug that has to be fixed by dovecot from my pov. A fix and a bug are not mutually exclusive :) > The ca-bundles file is used by countless applications without any issues, it > is used by 2.3.16 without any issues. There should be no special treatment > for a single application necessary. > > > > On 30/10/2021 11:35, William Edwards wrote: >> >>>> Op 30 okt. 2021 om 10:35 heeft TG Servers het >>>> volgende geschreven: >>>> >>> Hello, >>> >>> tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS >>> 8 installation. >>> >>> I found the service in status >>> >>> [root@riot ~]# systemctl status dovecot >>> ● dovecot.service - Dovecot IMAP/POP3 email server >>>Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor >>> preset: disabled) >>>Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; >>> 58s ago >>> Docs: man:dovecot(1) >>>https://doc.dovecot.org/ >>> Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89) >>> Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript >>> (code=exited, status=0/SUCCESS) >>> Main PID: 1515 (code=exited, status=89) >>> >>> Oct 30 09:59:10 riot..com systemd[1]: Starting Dovecot IMAP/POP3 >>> email server... >>> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Fatal: >>> execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long >>> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Error: >>> managesieve-login: dump-capability process returned 89 >>> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Fatal: >>> execvp(/usr/sbin/dovecot) failed: Argument list too long >>> Oct 30 09:59:11 riot..com systemd[1]: dovecot.service: Main process >>> exited, code=exited, status=89/n/a >>> Oct 30 09:59:11 riot..com systemd[1]: dovecot.service: Failed with >>> result 'exit-code'. >>> Oct 30 09:59:11 riot..com systemd[1]: Failed to start Dovecot >>> IMAP/POP3 email server. >> >> Please check the archive. If I’m not mistaken, the same issue + possible >> solution was posted on the mailing list yesterday. >> >>> >>> This seems to be like a bug as no configuration was changed by me in the >>> middle of the night. >>> I recall there were similar errors/bug reports in the past were it seemed >>> it was managesieve but wasn't, people had some misconfigurations in the >>> dovecot.conf. I did not change my dovecot.conf since April. >>> But maybe here it is a pigeonhole issue. >>> >>> As I did not find any reason for it I changed the repo and downgraded to >>> 2.3.16-2 now and it runs without any flaws, like all the time before. I had >>> no time to investigate this any longer thand 2 hours with 2.3.17 installed >>> as this is a production server and I need the email access. I also did not >>> find anything adressable in the logs. >>> >>> [root@riot dovecot]# systemctl status dovecot >>> ● dovecot.service - Dovecot IMAP/POP3 email server >>>Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor >>> preset: disabled) >>>Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago >>> Docs: man:dovecot(1) >>>https://doc.dovecot.org/ >>> Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript >>> (code=exited, status=0/SUCCESS) >>> Main PID: 32452 (dovecot) >>>Status: "v2.3.16 (7e2e900c1a) running" >>> Tasks: 4 (limit: 99912) >>>Memory: 4.4M >>>CGroup: /system.slice/dovecot.service >>>├─32452 /usr/sbin/dovecot -F >>>├─32507 dovecot/anvil >>>├─32508 dovecot/log >>>└─32513 dovecot/config >>> >>> Oct 30 10:18:11 riot..com systemd[1]: Starting Dovecot IMAP/POP3 >>> email server... >>> Oct 30 10:18:11 riot..com dovecot[32452]: Warning: Corrected >>> permissions for
Re: 2.3.17 broken on CentOS8 / bug
> Op 30 okt. 2021 om 10:35 heeft TG Servers het volgende
> geschreven:
>
> Hello,
>
> tonight my dovecot upgraded to 2.3.17 and completely broke on recent CentOS 8
> installation.
>
> I found the service in status
>
> [root@riot ~]# systemctl status dovecot
> ● dovecot.service - Dovecot IMAP/POP3 email server
>Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor
> preset: disabled)
>Active: failed (Result: exit-code) since Sat 2021-10-30 09:59:11 CEST; 58s
> ago
> Docs: man:dovecot(1)
>https://doc.dovecot.org/
> Process: 1515 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
> Process: 1429 ExecStartPre=/usr/libexec/dovecot/prestartscript
> (code=exited, status=0/SUCCESS)
> Main PID: 1515 (code=exited, status=89)
>
> Oct 30 09:59:10 riot..com systemd[1]: Starting Dovecot IMAP/POP3
> email server...
> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Fatal:
> execvp(/usr/libexec/dovecot/managesieve) failed: Argument list too long
> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Error:
> managesieve-login: dump-capability process returned 89
> Oct 30 09:59:11 riot..com dovecot[1515]: doveconf: Fatal:
> execvp(/usr/sbin/dovecot) failed: Argument list too long
> Oct 30 09:59:11 riot..com systemd[1]: dovecot.service: Main process
> exited, code=exited, status=89/n/a
> Oct 30 09:59:11 riot..com systemd[1]: dovecot.service: Failed with
> result 'exit-code'.
> Oct 30 09:59:11 riot..com systemd[1]: Failed to start Dovecot
> IMAP/POP3 email server.
Please check the archive. If I’m not mistaken, the same issue + possible
solution was posted on the mailing list yesterday.
>
> This seems to be like a bug as no configuration was changed by me in the
> middle of the night.
> I recall there were similar errors/bug reports in the past were it seemed it
> was managesieve but wasn't, people had some misconfigurations in the
> dovecot.conf. I did not change my dovecot.conf since April.
> But maybe here it is a pigeonhole issue.
>
> As I did not find any reason for it I changed the repo and downgraded to
> 2.3.16-2 now and it runs without any flaws, like all the time before. I had
> no time to investigate this any longer thand 2 hours with 2.3.17 installed as
> this is a production server and I need the email access. I also did not find
> anything adressable in the logs.
>
> [root@riot dovecot]# systemctl status dovecot
> ● dovecot.service - Dovecot IMAP/POP3 email server
>Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor
> preset: disabled)
>Active: active (running) since Sat 2021-10-30 10:18:11 CEST; 2s ago
> Docs: man:dovecot(1)
>https://doc.dovecot.org/
> Process: 32398 ExecStartPre=/usr/libexec/dovecot/prestartscript
> (code=exited, status=0/SUCCESS)
> Main PID: 32452 (dovecot)
>Status: "v2.3.16 (7e2e900c1a) running"
> Tasks: 4 (limit: 99912)
>Memory: 4.4M
>CGroup: /system.slice/dovecot.service
>├─32452 /usr/sbin/dovecot -F
>├─32507 dovecot/anvil
>├─32508 dovecot/log
>└─32513 dovecot/config
>
> Oct 30 10:18:11 riot..com systemd[1]: Starting Dovecot IMAP/POP3
> email server...
> Oct 30 10:18:11 riot..com dovecot[32452]: Warning: Corrected
> permissions for login directory /var/run/dovecot/token-login
> Oct 30 10:18:11 riot..com dovecot[32452]: master: Warning: Corrected
> permissions for login directory /var/run/dovecot/token-login
> Oct 30 10:18:11 riot..com dovecot[32452]: master: Dovecot v2.3.16
> (7e2e900c1a) starting up for imap, lmtp, sieve
> Oct 30 10:18:11 riot..com systemd[1]: Started Dovecot IMAP/POP3 email
> server.
>
>
> This is the configuration
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.16 (09c29328)
> # OS: Linux 4.18.0-305.19.1.el8_4.x86_64 x86_64 AlmaLinux release 8.4
> (Electric Cheetah)
> # Hostname: riot..com
> auth_mechanisms = plain login
> auth_verbose = yes
> listen = *
> mail_gid = vmail
> mail_home = /var/vmail/mailboxes/%d/%n
> mail_location = maildir:~/mail:LAYOUT=fs
> mail_plugins = " quota fts fts_solr"
> mail_privileged_group = vmail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = .
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.con
Re: doveconf non-syntax check
> Op 23 okt. 2021 om 16:01 heeft dove...@ptld.com het volgende geschreven: > > >> >> root@unix:/etc/dovecot# dovecot -F >> doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf >> ...maybe it's useful to add a 'quiet' option (i.e. no stdout) to doveconf. > > > dovecot -F > /dev/null 2>&1 > > :) Not a fan of spawning processes outside of the service manager.. > >
doveconf non-syntax check
I use doveconf to check if my config is valid: root@unix:/etc/dovecot# doveconf root@unix:/etc/dovecot# echo $? 0 doveconf doesn't report any errors, as my config is syntactically valid. However, due to a non-syntax error, Dovecot doesn't start: root@unix:/etc/dovecot# ls /usr/local/snicerts/thisdoesntexist.key ls: cannot access '/usr/local/snicerts/thisdoesntexist.key': No such file or directory root@unix:/etc/dovecot# dovecot -F doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 4: ssl_key: Can't open file /usr/local/snicerts/thisdoesntexist.key: No such file or directory root@unix:/etc/dovecot# echo $? 89 Does Dovecot provide a config checker that checks more than just the syntax, but also issues like the one above? If not, maybe it's useful to add a 'quiet' option (i.e. no stdout) to doveconf. -- With kind regards, William Edwards
Re: suse.de dovecot issues
Bernhard M. Wiedemann schreef op 2021-09-12 10:34: On 10/09/2021 11.33, William Edwards wrote: 2. We have 2 backends so that we can do maintenance on one of them while users can still access their emails through the other backend. However, we found that stopping dovecot on one backend left users unable to access their mails. Director doesn't do health checks. Is there are recommendation on how to have a director with multiple backends with automatic fail-over? Are there scripts that do health-checks and call doveadm director commands? https://doc.dovecot.org/configuration_manual/dovemon/ -- With kind regards, William Edwards
Re: suse.de dovecot issues
Bernhard M. Wiedemann schreef op 2021-09-10 11:19: Hi, I am one of the people taking over our new suse.de email setup (consisting of dovecot+rspamd+postfix) and wanted to report some issues we experience: 1. we use dovecot-director to distribute users between 2 backend servers that share an NFS mount. We found that it proxies lmtp to a different backend than imap of the same user and that caused NFS stale-filehandle errors on the dovecot-uidlist. It then proceeds to re-generate the dovecot-uidlist with new UIDs that creates trouble for users. a) shouldn't dovecot use locks (fcntl or flock) to protect such files from concurrent updates? b) could it generate uidlist in a way that re-generating it, assigns the same UIDs again? E.g. via hash over file content c) how to get dovecot-director to send all traffic for a user to one backend? 2. We have 2 backends so that we can do maintenance on one of them while users can still access their emails through the other backend. However, we found that stopping dovecot on one backend left users unable to access their mails. Director doesn't do health checks. Maybe this is related to how user auth works? How to get this HA setup right, so that we don't have a single point of failure? grep PRETTY /etc/os-release PRETTY_NAME="SUSE Linux Enterprise Server 15 SP3" rpm -q dovecot23 dovecot23-2.3.15 https://www.zq1.de/~bernhard/temp/dovecot/ has some sysreports. Ciao Bernhard M. -- With kind regards, William Edwards
Re: Dovecot Director: Preferred backend server
> Op 30 aug. 2021 om 18:11 heeft Steven Varco het > volgende geschreven: > > Hi All > > I have a dovecot cluster with directror and two IMAP Servers behind. > > Since they are in geographical different locations I would like to have users > to go to a specific IMAP backend server (if both are up) and only switch to > the other if one goes down (failover). > > As to my current knowledge the PassDB extra field „host=„ is not suitable in > this case as it would never route the client to a different backend, even if > the „user specific backend“ would be down. > > Is their a way in dovecot to achive this? As far as I searched the > documentation I could not find any information on this so far. > > If not, it may also help if I could get certain users to „initially" go to a > specific backend (since director usually routes a client/user to the same > backend server it initially connects) and therefore it would be interesting > to know how dovecot director chooses wether a user goes to server1 or server2? > And if a client already gets to server2, how to bring it „back“ to server1? This is documented. > > thanks in advance, > Steven > > -- > https://steven.varco.ch/ > https://www.tech-island.com/ > >
Re: Dovecot Director: Preferred backend server
Haven’t looked at this use case, so I’m unsure if there’s existing functionality to achieve this. If not: you could set the default vhost count of the failover server to 0, and up it once some health check sets the primary server to down. Sent from mobile > Op 30 aug. 2021 om 18:11 heeft Steven Varco het > volgende geschreven: > > Hi All > > I have a dovecot cluster with directror and two IMAP Servers behind. > > Since they are in geographical different locations I would like to have users > to go to a specific IMAP backend server (if both are up) and only switch to > the other if one goes down (failover). > > As to my current knowledge the PassDB extra field „host=„ is not suitable in > this case as it would never route the client to a different backend, even if > the „user specific backend“ would be down. > > Is their a way in dovecot to achive this? As far as I searched the > documentation I could not find any information on this so far. > > If not, it may also help if I could get certain users to „initially" go to a > specific backend (since director usually routes a client/user to the same > backend server it initially connects) and therefore it would be interesting > to know how dovecot director chooses wether a user goes to server1 or server2? > And if a client already gets to server2, how to bring it „back“ to server1? > > thanks in advance, > Steven > > -- > https://steven.varco.ch/ > https://www.tech-island.com/ > >
Re: Containerize dovecot?
I think the general concensus is that containerisation isn't always better than 'normal' VMs. 'Easy deployment & scaling' is also perfectly possible without containers. MRob schreef op 2021-08-25 00:01: Thank to other responses with links that i'll learning from! Thanks you very much On 2021-08-24 00:35, Marc wrote: What are you trying to achieve with containerizing? hmm, easy deployment & scaling? also reslient against hardware crashes, etc. You have to take into account that your storage is persistant, Have you see what challenge this poses? Love to hear your opinion about it. Maybe this is where using object-storage backend becomes more powerful solution? you have to take into account getting something like proxy to redirect traffic etc etc. Yes I thought also proxy/director also become containerized. You said this for teaching a certain point? If you want to deploy the container on a orchestrator so it is going to be (re)started on a random hosts. you mention so because all hosts must be connected to same storage? I managed to get this to work via alpine linux (nice small), but I think I am going back to vm. what reasons? what kind of vm do you use? Hello, anyone here has containerized dovecot? Can I ask general advice and experience please? are there any recommended articles/tutorial for containerize deploymnt and auto-scaling? Thank you. -- With kind regards, William Edwards
Re: Get Director vhostCount
Hi,
William Edwards schreef op 2021-07-24 18:11:
Hi,
I would like to monitor each mail server's amount of available vhosts,
so I can take action when a certain threshold is reached (e.g. adding
mail servers). I'm using Dovecot 2.3.4.1 with Director.
My first idea was to use the Doveadm HTTP API, but the
'directorStatus' command doesn't return the 'vhostCount' attribute
(although the 'directorAdd' and 'directorUpdate' commands take it as
input).
My second idea was to directly connect to the 'director-admin' socket
and look at the output of 'HOST-LIST'. I can find all the information
I need in doveadm-connection.c, but I'm not getting the impression
that we're meant to interact with the socket directly. I can't find
protocol documentation, and the error message "doveadm not compatible
with this server (mixed old and new binaries?)" when passing faulty
input gives me the impression that the socket is only meant to be used
by Dovecot directly.
My third idea is to parse 'doveadm director status', but in that case
I'd like to know if that output is likely to change in the future. New
major versions aside, of course.
I cooked up the attached Nagios-compatible Python script that parses
'doveadm director status'. If anyone wants to use it, just replace
CyberfusionCommand with a subprocess call.
Or, if anyone else has a better idea, which could very well be the
case, I'd love to hear how people monitor this in the real world.
TIA.
--
With kind regards,
William Edwards#!/usr/bin/python3
"""Program to monitor Dovecot Director user threshold."""
import os
import sys
from typing import Dict, Optional, Tuple, Union
from cyberfusion.Common.Command import CyberfusionCommand
PERCENTAGE_CRITICAL_THRESHOLD = 80
LINE_INDEX_MAIL_SERVER_IP = 0
LINE_INDEX_VHOSTS = 2
LINE_INDEX_USERS = 5
DOVEADM_BIN = os.path.join(os.path.sep, *["usr", "bin", "doveadm"])
def get_percentage(part: Union[int, float], whole: Union[int, float]) -> float:
"""Get percentage."""
return 100 * part / whole
def get_status_lines() -> str:
"""Get mail servers status lines."""
return CyberfusionCommand(f"{DOVEADM_BIN} director status").stdout
def get_value_by_status_line(status_line: str) -> Tuple[str, int, int]:
"""Parse status line (mail server IP, vhosts, users)."""
split = status_line.split()
return (
split[LINE_INDEX_MAIL_SERVER_IP],
int(split[LINE_INDEX_VHOSTS]),
int(split[LINE_INDEX_USERS]),
)
def convert_status_lines_to_dict(
status_lines: str,
) -> Dict[str, Dict[str, Union[int, float]]]:
"""Convert status lines string to dict.
Each mail server IP is added to dict as key. Amount of vhosts, amount of
users and corresponding percentage is added.
"""
result: Dict[str, Dict[str, Union[int, float]]] = {}
# Loop through status lines
for status_line in status_lines.splitlines():
# Skip first non-status line
if status_line.split() == [
"mail",
"server",
"ip",
"tag",
"vhosts",
"state",
"state",
"changed",
"users",
]:
continue
# Set values by parsing status line
mail_server_ip, vhosts, users = get_value_by_status_line(status_line)
# Add new mail server IP to dict
if mail_server_ip not in result:
result[mail_server_ip] = {}
# Add values to dict
result[mail_server_ip]["vhosts"] = vhosts
result[mail_server_ip]["users"] = users
result[mail_server_ip]["percentage"] = get_percentage(
result[mail_server_ip]["users"],
result[mail_server_ip]["vhosts"],
)
return result
def check_user_threshold(
status_lines_dict: Dict[str, Dict[str, Union[int, float]]]
) -> Tuple[bool, Optional[str]]:
"""Determine if any mail server exceeds user threshold.
Stop loop when any mail server exceeds user threshold.
"""
for mail_server_ip, values in status_lines_dict.items():
if values["percentage"] < PERCENTAGE_CRITICAL_THRESHOLD:
continue
return (
True,
f"CRITICAL: {mail_server_ip} exceeds threshold of {values['percentage']}% ({values['users']} users of {values['vhosts']} vhosts)", # noqa: E501
)
return (
False,
f"OK: All mail servers user threshold ({PERCENTAGE_CRITICAL_THRESHOLD}%)", # noqa: E501
)
if __name__ == "__main__":
result = check_user_threshold(
convert_status_lines_to_dict(get_status_lines())
)
exceeds_threshold, message = check_user_threshold(
convert_status_lines_to_dict(get_status_lines())
)
print(message) # noqa: T001
if exceeds_threshold:
sys.exit(2)
sys.exit(0)
Re: Monitoring of director back end nodes
> Op 30 jul. 2021 om 00:56 heeft Dan Conway het > volgende geschreven: > > Hello, > > When working with director, the state of the backend nodes are not checked by > Dovecot. The state always remains as "up". I understand that there are > external applications documented that monitor backend nodes, and changes the > state of them to "down" if they become unresponsive. The question I have is > are there plans to implement something built into Dovecot that would monitor > and change states based on backend "health"? Or will it always be dependent > on an external service? This is documented. There’s Dovemon for Dovecot Pro. > > > Thanks. > >
Get Director vhostCount
Hi, I would like to monitor each mail server's amount of available vhosts, so I can take action when a certain threshold is reached (e.g. adding mail servers). I'm using Dovecot 2.3.4.1 with Director. My first idea was to use the Doveadm HTTP API, but the 'directorStatus' command doesn't return the 'vhostCount' attribute (although the 'directorAdd' and 'directorUpdate' commands take it as input). My second idea was to directly connect to the 'director-admin' socket and look at the output of 'HOST-LIST'. I can find all the information I need in doveadm-connection.c, but I'm not getting the impression that we're meant to interact with the socket directly. I can't find protocol documentation, and the error message "doveadm not compatible with this server (mixed old and new binaries?)" when passing faulty input gives me the impression that the socket is only meant to be used by Dovecot directly. My third idea is to parse 'doveadm director status', but in that case I'd like to know if that output is likely to change in the future. New major versions aside, of course. Or, if anyone else has a better idea, which could very well be the case, I'd love to hear how people monitor this in the real world. TIA. -- With kind regards, William Edwards
Set vhost count in config
Hi, Can we do `doveadm director update ... 100` in the on-disk config, so the vhost count is retained after the ring goes down? I could not find such an option in doveconf. -- With kind regards, William Edwards
Re[2]: Standalone Directors
Ah, I completely missed this! Thank you! Met vriendelijke groeten, William Edwards - Original Message - From: Aki Tuomi (aki.tu...@open-xchange.com) Date: 12/11/20 09:14 To: William Edwards (wedwa...@cyberfusion.nl), dovecot (dovecot@dovecot.org) Subject: Re: Standalone Directors > On 11/12/2020 10:08 William Edwards wrote: > > > Situation: > > We will be switching to Dovecot proxy + Director with three email clusters - > each cluster will host different email domains and users - with CephFS > storage. > > Problem: > > A Director instance has one 'director_mail_servers' setting, meaning I could > only use one set of email servers, while the set of email servers in the > cluster depends on the client's domain. (The reason I use Dovecot proxy is so > people can use the same IMAP/POP/SMTP hostnames; regardless of which email > server / email cluster they're hosted on.) > > Question: > > Is it possible to set 'director_mail_servers' based on the client's email > domain? > > Met vriendelijke groeten, > > William Edwards Director supports tags. You could use these I guess. https://wiki2.dovecot.org/Director#Tags Aki
Standalone Directors
Situation: We will be switching to Dovecot proxy + Director with three email clusters - each cluster will host different email domains and users - with CephFS storage. Problem: A Director instance has one 'director_mail_servers' setting, meaning I could only use one set of email servers, while the set of email servers in the cluster depends on the client's domain. (The reason I use Dovecot proxy is so people can use the same IMAP/POP/SMTP hostnames; regardless of which email server / email cluster they're hosted on.) Question: Is it possible to set 'director_mail_servers' based on the client's email domain? Met vriendelijke groeten, William Edwards
Re[2]: Dovecot proxy: authentication best practices
Hi Aki,
> 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file,
> authentication is completely up to the destination host. Setting 'nopassword'
> in no way means the proxy becomes an open relay. Is this correct?
> You still control where it proxies to.
> 1.2 Are there any security implications when using 'nopassword' on the proxy?
> As long as its really a proxy, probably no.
Ok, so assuming proper authentication is configured on the destination host,
the answer to 1.1 is 'yes' and the answer to 1.2 is 'no'.
> userdb is ignored on proxies. For your usecase try following
> and into domains.passwd
Ah, yes, of course. I forgot Dovecot supports multiple passdb backends. I have
added the domains.passwd backend as a fallback.
Thanks!
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
- Original Message -----
From: Aki Tuomi (aki.tu...@open-xchange.com)
Date: 12/27/19 17:42
To: William Edwards (wedwa...@cyberfusion.nl), dovecot (dovecot@dovecot.org)
Subject: Re: Dovecot proxy: authentication best practices
On 27/12/2019 16:02 William Edwards wrote:
Hi!
I have a few questions regarding Dovecot proxy:
1.
1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file,
authentication is completely up to the destination host. Setting 'nopassword'
in no way means the proxy becomes an open relay. Is this correct?
You still control where it proxies to.
1.2 Are there any security implications when using 'nopassword' on the proxy?
As long as its really a proxy, probably no.
2.
2.1 I would like to avoid having to store all users in a passdb file on the
proxy. I would much rather specify a domain for which Dovecot proxy will route
all users to a specific host. Is there a way to let Dovecot proxy route to a
destination host based on domain, so individual users don't have to be
specified in the proxy passdb?
2.2 Is it correct that userdb does not have any effect on proxying and it can
be left out of the config? Source:
https://dovecot.org/pipermail/dovecot/2013-October/093138.html (point 2)
userdb is ignored on proxies. For your usecase try following
passdb {
driver = passwd-file
args = username_format=%Ld /etc/dovecot/domains.passwd
}
and into domains.passwd
domain.com::: nopassword proxy host=host1
colon count might be wrong
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
---
Aki Tuomi
Dovecot proxy: authentication best practices
Hi! I have a few questions regarding Dovecot proxy: 1. 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct? 1.2 Are there any security implications when using 'nopassword' on the proxy? 2. 2.1 I would like to avoid having to store all users in a passdb file on the proxy. I would much rather specify a domain for which Dovecot proxy will route all users to a specific host. Is there a way to let Dovecot proxy route to a destination host based on domain, so individual users don't have to be specified in the proxy passdb? 2.2 Is it correct that userdb does not have any effect on proxying and it can be left out of the config? Source: https://dovecot.org/pipermail/dovecot/2013-October/093138.html (point 2) Met vriendelijke groeten, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl
Re[4]: Lightweight LMTP daemon to avoid overkill MTA
I ended up 'hacking' LMTP support into the external spam filter. Someone else
already contributed 'real' patches to implement LMTP support, so once I go live
with this mail platform it should be stable.
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
- Original Message -
From: Marc Roos (m.r...@f1-outsourcing.eu)
Date: 12/11/19 19:14
To: dovecot (dovecot@dovecot.org), wedwards (wedwa...@cyberfusion.nl)
Subject: RE: Re[2]: Lightweight LMTP daemon to avoid overkill MTA
Yes I am running sendmail next to dovecot on backend servers. That works
ok. I have some problems with re-routing mail in a proxy setup.
-Original Message-
To: Marc Roos; dovecot
Subject: Re[2]: Lightweight LMTP daemon to avoid overkill MTA
Hi,
I was unclear in my question. The spam filter is only able to deliver
mail over SMTP, not over LMTP.. So I would still need some kind of
daemon that listens for SMTP and then offers incoming email to Dovecot's
LMTP socket.
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
- Original Message -
From: Marc Roos (m.r...@f1-outsourcing.eu)
Date: 12/11/19 18:59
To: dovecot (dovecot@dovecot.org), wedwards (wedwa...@cyberfusion.nl)
Subject: RE: Lightweight LMTP daemon to avoid overkill MTA
Yes dovecot, /etc/dovecot/conf.d/20-lmtp.conf ;)
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups = $default_internal_group
group =
idle_kill = 0
inet_listener lmtp {
address =
haproxy = no
port = 24
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener lmtp {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
-Original Message-
To: dovecot@dovecot.org
Subject: Lightweight LMTP daemon to avoid overkill MTA
Hi,
My situation is as follows.
-An internet-facing spam filter relays email to destination mail server
(Dovecot) with SMTP.
- Dovecot should take email and deliver it to user's mailboxes. I guess
I'd need LMTP for this.
- An external SMTP relay is already in place. I am thinking of using
Dovecot submission to relay to the external relaying cluster.
So, both relaying and routing are done externally - the Dovecot machine
should only store mail. Of course, there should also be a mechanism that
takes care of local delivery to Dovecot, like LMTP. Usually, I would use
an MTA like Exim to take care of local delivery. I feel like a
fully-featured MTA is overkill, though, as all other roles such an MTA
would fulfill - relaying and spam filtering - are fulfilled on external
servers.
Q: Does anyone know of a lightweight LMTP daemon that can take care of
local delivery to Dovecot without the need for a full MTA?
With kind regards,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
<https://cyberfusion.nl/img/CF-Logo-liggend-RGB.png>
Re: Submission config being ignored
I see. Which config setting should be used to change the port and encryption
Dovecot proxy attempts to talk SMTP to? The default seems to be port 587 with
STARTTLS, but the docs don’t seem to mention how to change that.
Sent from mobile
> Op 12 dec. 2019 om 02:17 heeft Aki Tuomi het
> volgende geschreven:
>
>
>> On 12/12/2019 00:10 William Edwards wrote:
>>
>>
>> I'm having trouble setting up submission with Dovecot proxy. The submission
>> config seems to be getting ignored, but I'm probably doing something wrong.
>>
>> Expected behaviour: have messages sent to submission ports (25, 465) relayed
>> to `submission_relay_host`.
>>
>> --
>> root@imapproxy1:~# cat /etc/dovecot/conf.d/20-submission.conf
>> submission_logout_format = in=%i out=%o
>> submission_relay_host = smtp.prorelay.nl
>> submission_relay_port = 587
>> submission_relay_ssl = starttls
>> submission_relay_ssl_verify = no
>>
>> service submission {
>> }
>>
>> service submission-login {
>> inet_listener submission_25 {
>> port = 25
>>
>> }
>> inet_listener submission_465 {
>> port = 465
>> ssl = yes
>>
>> }
>> }
>> --
>>
>> What happens instead: Dovecot is attempting to send mail to the host
>> specified in the passdb file:
>>
>> root@imapproxy1:~# cat /etc/virtual/xalys.nl/passwd
>> test:$password.:8:8::/home/test.nl/test:/bin/false:userdb_quota_rule=*:bytes=0
>> proxy_maybe=y host=$ipaddr
>>
>> How do I get Dovecot to relay mail sent to submission ports to
>> 'submission_relay_host'?
>>
>> Met vriendelijke groeten,
>>
>> William Edwards
>> T. 040 - 711 44 96
>> E. wedwa...@cyberfusion.nl
>
> Due to design reasons, submission relaying to MTA occurs at backend, so move
> the relay configuration there.
> ---
> Aki Tuomi
Submission config being ignored
I'm having trouble setting up submission with Dovecot proxy. The submission
config seems to be getting ignored, but I'm probably doing something wrong.
Expected behaviour: have messages sent to submission ports (25, 465) relayed to
`submission_relay_host`.
--
root@imapproxy1:~# cat /etc/dovecot/conf.d/20-submission.conf
submission_logout_format = in=%i out=%o
submission_relay_host = smtp.prorelay.nl
submission_relay_port = 587
submission_relay_ssl = starttls
submission_relay_ssl_verify = no
service submission {
}
service submission-login {
inet_listener submission_25 {
port = 25
}
inet_listener submission_465 {
port = 465
ssl = yes
}
}
--
What happens instead: Dovecot is attempting to send mail to the host specified
in the passdb file:
root@imapproxy1:~# cat /etc/virtual/xalys.nl/passwd
test:$password.:8:8::/home/test.nl/test:/bin/false:userdb_quota_rule=*:bytes=0
proxy_maybe=y host=$ipaddr
How do I get Dovecot to relay mail sent to submission ports to
'submission_relay_host'?
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
submission_relay_host
Re[2]: Lightweight LMTP daemon to avoid overkill MTA
Hi,
I was unclear in my question. The spam filter is only able to deliver mail over
SMTP, not over LMTP.. So I would still need some kind of daemon that listens
for SMTP and then offers incoming email to Dovecot's LMTP socket.
Met vriendelijke groeten,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
- Original Message -
From: Marc Roos (m.r...@f1-outsourcing.eu)
Date: 12/11/19 18:59
To: dovecot (dovecot@dovecot.org), wedwards (wedwa...@cyberfusion.nl)
Subject: RE: Lightweight LMTP daemon to avoid overkill MTA
Yes dovecot, /etc/dovecot/conf.d/20-lmtp.conf ;)
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups = $default_internal_group
group =
idle_kill = 0
inet_listener lmtp {
address =
haproxy = no
port = 24
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener lmtp {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
-Original Message-
To: dovecot@dovecot.org
Subject: Lightweight LMTP daemon to avoid overkill MTA
Hi,
My situation is as follows.
-An internet-facing spam filter relays email to destination mail server
(Dovecot) with SMTP.
- Dovecot should take email and deliver it to user's mailboxes. I guess
I'd need LMTP for this.
- An external SMTP relay is already in place. I am thinking of using
Dovecot submission to relay to the external relaying cluster.
So, both relaying and routing are done externally - the Dovecot machine
should only store mail. Of course, there should also be a mechanism that
takes care of local delivery to Dovecot, like LMTP. Usually, I would use
an MTA like Exim to take care of local delivery. I feel like a
fully-featured MTA is overkill, though, as all other roles such an MTA
would fulfill - relaying and spam filtering - are fulfilled on external
servers.
Q: Does anyone know of a lightweight LMTP daemon that can take care of
local delivery to Dovecot without the need for a full MTA?
With kind regards,
William Edwards
T. 040 - 711 44 96
E. wedwa...@cyberfusion.nl
<https://cyberfusion.nl/img/CF-Logo-liggend-RGB.png>
Lightweight LMTP daemon to avoid overkill MTA
Hi, My situation is as follows. -An internet-facing spam filter relays email to destination mail server (Dovecot) with SMTP. - Dovecot should take email and deliver it to user's mailboxes. I guess I'd need LMTP for this. - An external SMTP relay is already in place. I am thinking of using Dovecot submission to relay to the external relaying cluster. So, both relaying and routing are done externally - the Dovecot machine should only store mail. Of course, there should also be a mechanism that takes care of local delivery to Dovecot, like LMTP. Usually, I would use an MTA like Exim to take care of local delivery. I feel like a fully-featured MTA is overkill, though, as all other roles such an MTA would fulfill - relaying and spam filtering - are fulfilled on external servers. Q: Does anyone know of a lightweight LMTP daemon that can take care of local delivery to Dovecot without the need for a full MTA? With kind regards, William Edwards T. 040 - 711 44 96 E. wedwa...@cyberfusion.nl
