Re: error 42 ssl certificate expired
I got forcibly renewed my certs. dovecot -nP: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.9.0-rc5-lja-tv+ x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = mail mode = 0660 user = postfix } } ssl_cert = The certs are working fine and are up to date. (Apache2 with same certs for domains works ok) I not know howto use openssl x509 -text command, if i run it like echo "" | openssl x509 -text I get loads of errors. My distro: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal Aki Tuomi kirjoitti 13.4.2021 klo 7:40: Uh. You are practically proposing that all versions after 2.3.7.2 would be serving expired SSL certs, due to some bug? It that was the case, then I would believe we would've been inundated with bug reports for the past year or so. Installation probably breaks because you are using expired cert, from wrong path. Doublecheck output of `doveconf -nP` and `openssl x509 -text` to make sure you are indeed using correct, non-expired certificate. Aki On 13/04/2021 07:16 gmail wrote: Hi, I got news: dovecot is the one that is broken, i got setup all other stuff updated to latest BUT not dovecot, and i got working system. if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs. The version that is good is 2.3.7.2 (3c910f64b) Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20: Hi, In our case this is an internally used Dovecot Mail server that's used for … certificates worth the expense? Just curious on what everyone's opinion is of Digital Certs signed by certificate authorities that are only used inside the LAN. Thoughts? Aki is right. On the long run it's easier to use "offcial" certs. Since the advent of Let's encrypt it is cheap. Of course, getting a certificate from Let's Encrypt for an internal service isn't as easy as for a public HTTP server, but it is possible. (We use a dedicated machine, requesting certs for all our internal services, employing the DNS challenge with Let's Encrypt. From this dedicated machine then we deploy the certs into our internal infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git) I also tried creating new .crt and key files using this tutorial: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ No need to use tech blogs. Use "man req" and brain. openssl req -x509 -new \ -out ssl.pem \ -keyout ssl.pem -newkey rsa:4096 -nodes \ -subj /CN=example.com -days 365 (or two distinct files for crt and key).
Re: error 42 ssl certificate expired
Hi, I got news: dovecot is the one that is broken, i got setup all other stuff updated to latest BUT not dovecot, and i got working system. if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs. The version that is good is 2.3.7.2 (3c910f64b) Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20: Hi, In our case this is an internally used Dovecot Mail server that's used for … certificates worth the expense? Just curious on what everyone's opinion is of Digital Certs signed by certificate authorities that are only used inside the LAN. Thoughts? Aki is right. On the long run it's easier to use "offcial" certs. Since the advent of Let's encrypt it is cheap. Of course, getting a certificate from Let's Encrypt for an internal service isn't as easy as for a public HTTP server, but it is possible. (We use a dedicated machine, requesting certs for all our internal services, employing the DNS challenge with Let's Encrypt. From this dedicated machine then we deploy the certs into our internal infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git) I also tried creating new .crt and key files using this tutorial: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ No need to use tech blogs. Use "man req" and brain. openssl req -x509 -new \ -out ssl.pem \ -keyout ssl.pem -newkey rsa:4096 -nodes \ -subj /CN=example.com -days 365 (or two distinct files for crt and key).
Re: Latest dovecot does not work with latest MUA (thunderbird)
Running and working installation by following: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.9.0-rc5-lja-tv+ x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = mail mode = 0660 user = postfix } } ssl_cert = mydestination = $myhostname $mydomain paxsudos.fi paxsudos.com localhost.$mydomain localhost.localdomain localhost mydomain = lja.fi myhostname = mail.lja.fi mynetworks = 127.0.0.0/8 192.168.1.0/24 myorigin = lja.fi recipient_delimiter = + relayhost = [smtp.dnainternet.net]:465 smtp_tls_ciphers = high smtp_tls_security_level = encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_wrappermode = yes smtp_use_tls = yes smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/letsencrypt/live/lja.fi/chain.pem smtpd_tls_cert_file = /etc/letsencrypt/live/lja.fi/fullchain.pem smtpd_tls_ciphers = high smtpd_tls_key_file = /etc/letsencrypt/live/lja.fi/privkey.pem smtpd_tls_loglevel = 2 virtual_maps = hash:/etc/postfix/virtual virtual_transport = lmtp:unix:private/dovecot-lmtp WORKS LIKE A CHARM :) ... thank you for pointing me the lmtp :) .. Works with Thunderbird 78.8.1 (latest release) -- Lauri Jakku Marc kirjoitti 15.3.2021 klo 10:43: I assume you are refering to incomming mail. I had sometimes similar issues with mbox and having sendmail deliver straight to the mbox file. When I switched to delivering to lmtp, I never encountered it anymore. Just put this lmtp inbetween. -Original Message- From: dovecot On Behalf Of gmail Sent: 14 March 2021 23:30 To: dovecot@dovecot.org Subject: Re: Latest dovecot does not work with latest MUA (thunderbird) Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
I think i found cultpir: PAM is not compiled in, now i'm compiling new version that has PAM in. Marc kirjoitti 15.3.2021 klo 10.43: I assume you are refering to incomming mail. I had sometimes similar issues with mbox and having sendmail deliver straight to the mbox file. When I switched to delivering to lmtp, I never encountered it anymore. Just put this lmtp inbetween. -Original Message- From: dovecot On Behalf Of gmail Sent: 14 March 2021 23:30 To: dovecot@dovecot.org Subject: Re: Latest dovecot does not work with latest MUA (thunderbird) Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
I think i found cultpir: PAM is not compiled in, now i'm compiling new version that has PAM in. Aki Tuomi kirjoitti 15.3.2021 klo 9.18: On 15/03/2021 00:33 gmail wrote: Stuart Henderson kirjoitti 14.3.2021 klo 23.38: > On 2021-03-14, lja@koti wrote: >> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > That's nowhere near the latest Dovecot. > >Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf Some basic debug things to do: Check your /var/log/dovecot*.log to see what happens with that folder. Also check the filesystem if "postfix" is really delivering mail to the Sent folder. Although normally MUA stores sent mails. Aki
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: >> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > That's nowhere near the latest Dovecot. > > Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } ssl_cert = On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS # Hostname: superman.sillywalk.org auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:~/Maildir/ mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } } ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Ok, i check where to get latest sources from and test.
Re: Massive /tmp files
On Jan 22, 2021, at 8:02 AM, @lbutlr wrote: > On 21 Jan 2021, at 18:08, MRob wrote: >> Hello, >> I just found user who has single folder (standard maildir format) that >> filled with over 8mil files and 800GB in the /tmp subdirectory of that >> folder: > > Are they real files or hard links? How would you distinguish a hard link from a “real file”? rg
Migrate maildir between servers dovecot
Hi to all, i have two servers with dovecot 2.2.15 one is actualy on production (server A) and another that i put on production soon (server B) My goal is migrate maildir from server A and server B. How can i achieve that? I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand well where to put such configuration (in which server). Thanks in advance for any help.
[Dovecot] disable auth-worker logging
Hello all, Can someone please give me a hint about how can I disable such messages to be inserted into log file(maillog this case as syslog_facility = mail)? >> dovecot: auth-worker(13377): mysql(localhost): Connected to database postfix All the '_debug' and '_verbose' statements bear the 'no' value. Thank you. -- Best regards, Gmail-teopro mailto:teo...@gmail.com