Multiple authentication instances (GSSAPI _or_ Client Certificate)
Hi there,
I am trying to make a paranoid IMAPS/Submission server. I'm running
Ubuntu 20.04 with Dovecot 2.3.7.2 (3c910f64b).
I mostly use my mail-server from the LAN/Realm where I have GSSAPI
working well for both IMAPS and Submission and most other services
But... I would like to be able to configure Dovecot to require mobile
("external") devices to authenticate using client certificates (with
different SSL cert superset) instead of 'plain' fallback (if there is
no valid Kerberos token/infrastructure).
I have one SSL-certificate for the LAN-solution, but would like to have
my self-signed PKI-stuff for the other solution where client
certificates are used to authenticate.
So. First of all. Is this a possible scenario?
I'm struggling with the configuration and it seems Dovecot-configs are
not accepting different authentication methods for different local
listeners for different IPs etc. The only way i can think of getting
this up and running is having two separate Dovecot instances (somehow)
listening to different ports or even on different server hosts.
What would be neat is if it would be possible to have like:
auth_mechanisms = gssapi ssl :D
But i know that's not how things work. I hope I'm not too unspecific.
Is there any other clever ideas on how to get this use-case configured
with the current version of Dovecot?
I am thinking i _might_ be able to do something with stunnel to
terminate the PKI authentication and still require normal plain user
authentication with login/pass to get the extra security. But it does
not feel clean enough.
All good ideas are welcome!
Stay safe!
Kind regards,
Joakim Ekblad
Mail rescue from Dovecot Server
Hi all, I have a mail folder from Dovecot server. Screenshot: https://i.stack.imgur.com/11NHs.jpg Is there any way to import to Outlook, or otherwise convert to readable format? I could setup Dovecot on my own server if there is any point.
Re: [Dovecot] Notifications from dovecot
Den 19-05-2014 13:11, Reindl Harald skrev: > > Am 19.05.2014 13:07, schrieb Joakim Seeberg: >> Hi list, im trying to build a web based system for secure communication >> build with standard linux software, instead of using CMS based systems. >> >> One of the requirements is to send notifications to users when receiving >> mail. >> >> Can a script find information about the mail address of received mails >> in dovecot logs or is there a better way. > > which sort of notifications? > > a e-mail "you got new e-mail" hardly makes sense > Yes it does if the notification is sent to an external mail address that is checked regularly by the user. I'm thinking the script uses the mail address to look up the external mail address in ldap. Alternatively a SMS but the process would be the same. -- Mvh. Joakim Seeberg IT 9510 Arden seebergit.dk signature.asc Description: OpenPGP digital signature
[Dovecot] Notifications from dovecot
Hi list, im trying to build a web based system for secure communication build with standard linux software, instead of using CMS based systems. One of the requirements is to send notifications to users when receiving mail. Can a script find information about the mail address of received mails in dovecot logs or is there a better way. -seeberg signature.asc Description: OpenPGP digital signature
[Dovecot] Have an issue with catch-all - Dovecot-lda andPostfix
Hi, I run dovecot version 2.1.7 and postfix 2.9.6. I'm using dovecot-lda as local delivery. I use virtual users and need to use catch-all for some of my domains. My problem when using catch-all is that I got a separate email for each recipient. As an example: If I send mail to: te...@test.org, test2, te...@test.org, te...@test.org and have a catch-all which will send this mail to t...@test.org. In this example I get 4 mails in my t...@test.org inbox and in TO: field in the header I have all this four recipients: TO: te...@test.org, test2, te...@test.org, te...@test.org. In my dovecot log: 2013-07-10 13:49:25 lda(t...@test.org): Debug: Destination address: t...@test.org (source: user@hostname) 2013-07-10 13:49:25 lda(t...@test.org: Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX 2013-07-10 13:49:25 lda(t...@test.org): Info: msgid=<20130710114924.dba3f9f...@mail2.test.org>: saved mail to INBOX My question is if it's possible to receive just one mail instead of four? If I send the mail via Spamassassin I'll just receive one mail to t...@test.org with TO: te...@test.org, test2, te...@test.org, te...@test.org in the header. Thanks in advance Br Joakim # dovecot -n:
[Dovecot] deleting duplicate mail?
Hello, Due to a misstake I got many duplicate emails in my inbox folder. They are stored in maildir format, so my initial thought was do simply md5sum the mail files and remove the duplicates. This doesnt work because the mails has differinf uids. Any other hints? -- Joakim Verona
[Dovecot] problem trying out dovecot hg
I get: May 18 14:56:16 exodia dovecot: master: Dovecot v2.0.beta5 (4ba05c3702be) starting up (core dumps disabled) May 18 14:56:16 exodia dovecot: master: Error: service(pop3-login): safe_mkstemp(/tmp/dovecot-master) failed: Permission denied May 18 14:56:16 exodia dovecot: master: Error: service(imap-login): safe_mkstemp(/tmp/dovecot-master) failed: Permission denied "nc localhost 143" never connects listeners seem to be running at port 143 -- Joakim Verona
[Dovecot] problems running dsync
First I had to do "chmod a+rw /var/run/dovecot/auth-userdb" to avoid permission problems. I assume this isnt how I should do it right? Next I get: dsync -u joakim mirror 'ssh exodia dsync -u joakim' Enter passphrase for key '/home/joakim/.ssh/id_dsa': dsync-local(joakim): Error: Log synchronization error at seq=186,offset=29436 for /home/joakim/Maildir/dovecot.index: uid_validity updated unexpectedly: 1202385824 -> 1262587228 dsync-local(joakim): Warning: fscking index file /home/joakim/Maildir/dovecot.index dsync-remote(joakim): Error: Log synchronization error at seq=2,offset=248 for /home/joakim/Maildir/dovecot.index: uid_validity updated unexpectedly: 1262587228 -> 1202385824 dsync-remote(joakim): Warning: fscking index file /home/joakim/Maildir/dovecot.index dsync-remote(joakim): Error: Mailbox INBOX changed its GUID (f36455205c8d414b1145326eb77d -> fd3cc81453ed4c4bbc0e7441ab87) dsync-remote(joakim): Error: msg iteration failed: Couldn't open mailbox dsync-remote(joakim): Error: command MSG-LIST failed dsync-local(joakim): Error: Mailbox INBOX changed its GUID (fd3cc81453ed4c4bbc0e7441ab87 -> f36455205c8d414b1145326eb77d) dsync-local(joakim): Error: msg iteration failed: Couldn't open mailbox dsync-local(joakim): Error: Mailbox INBOX changed its GUID (fd3cc81453ed4c4bbc0e7441ab87 -> f36455205c8d414b1145326eb77d) dsync-remote(joakim): Error: Mailbox INBOX changed its GUID (f36455205c8d414b1145326eb77d -> fd3cc81453ed4c4bbc0e7441ab87) dsync-local(joakim): Error: Mailbox INBOX changed its GUID (fd3cc81453ed4c4bbc0e7441ab87 -> f36455205c8d414b1145326eb77d) dsync-remote(joakim): Error: Mailbox INBOX changed its GUID (f36455205c8d414b1145326eb77d -> fd3cc81453ed4c4bbc0e7441ab87) [r...@localhost etc]# dsync-remote(joakim): Error: read() from proxy client failed: EOF The local end has lots of mailboxes I want to push to the remote end. The remote has an empty INBOX that was automatically created. Also, neither end are doing anything with the mailboxes when I run dsync. -- Joakim Verona
[Dovecot] how to use dsync?
I would like to try dsync but dont quite understand the usage string. Can anyone offer an example? -- Joakim Verona
Re: [Dovecot] fedora rpm for 2.0 beta?
joa...@verona.se writes: > I'm looking for a spec/rpm file suitable for fedora 11/12, > for dovecot and pidgenhole sieve. > > Has anyone done this yet? Otherwise I will attempt to the dovecot 1.2 > spec files for f11. I've done a rudimentary conversion of the f11 spec file for dovecot to use mercurial sources instead, only for dovecot and the sieve plugin. I can post it if someone wants it. -- Joakim Verona
[Dovecot] fedora rpm for 2.0 beta?
I'm looking for a spec/rpm file suitable for fedora 11/12, for dovecot and pidgenhole sieve. Has anyone done this yet? Otherwise I will attempt to the dovecot 1.2 spec files for f11. -- Joakim Verona
Re: [Dovecot] cant compile dsync
Timo Sirainen writes: > On Wed, 2009-09-30 at 16:30 +0200, joa...@verona.se wrote: >> > Run autogen.sh first. >> >> I've been getting this lately when compiling dovecot 2.0: >> >> main.o: In function `main': >> /home/joakim/current/unison/build/dovecot-2.0/src/master/main.c:705: >> undefined reference to `askpass' > > askpass() is in src/master/askpass.c which is also compiled. Did you > again run autogen.sh + configure?... Embarrassing. Yes that did the trick. > -- Joakim Verona
Re: [Dovecot] cant compile dsync
Timo Sirainen writes: > On Aug 13, 2009, at 10:43 AM, joa...@verona.se wrote: > >> I'm trying to compile dsync, but failing. What am I doing wrong? >> >> hg pull > > And: hg up > >> pulling from http://hg.dovecot.org/dovecot-2.0/> ... >> ./configure && make clean all > > Run autogen.sh first. I've been getting this lately when compiling dovecot 2.0: main.o: In function `main': /home/joakim/current/unison/build/dovecot-2.0/src/master/main.c:705: undefined reference to `askpass' -- Joakim Verona
[Dovecot] cant compile dsync
I'm trying to compile dsync, but failing. What am I doing wrong? hg pull pulling from http://hg.dovecot.org/dovecot-2.0/ ... ./configure && make clean all ... make[5]: Entering directory `/mnt/data/build/dovecot-2.0/src/lib-storage/index/maildir' make[5]: *** No rule to make target `maildir-transaction.c', needed by `maildir-transaction.lo'. Stop. make[5]: Leaving directory `/mnt/data/build/dovecot-2.0/src/lib-storage/index/maildir' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/mnt/data/build/dovecot-2.0/src/lib-storage/index' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/mnt/data/build/dovecot-2.0/src/lib-storage' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/mnt/data/build/dovecot-2.0/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/data/build/dovecot-2.0' make: *** [all] Error 2 -- Joakim Verona
Re: [Dovecot] dsync - one or two ways?
Timo Sirainen writes: > On Sat, 2009-07-18 at 01:43 +0200, joa...@verona.se wrote: >> Timo Sirainen writes: >> >> > On Fri, 2009-07-17 at 22:31 +0200, joa...@verona.se wrote: >> >> This sounds really awesome! How testable is it? >> > >> > By "testable" do you mean "is it working now"? It should work except for >> > mailbox deletions and renames. But I haven't really tested it, just ran >> > unit tests. :) And it pretty much requires using Dovecot v2.0 for IMAP >> > so that it can handle expunges properly. And I wouldn't really recommend >> > doing that yet.. >> >> Would this setup work then? >> - dovecot 1.2 on master and slave machines >> - dsync on the slave machine, 2 way sync >> - propagate expunges by some other means, like removing maildir mail >> files with unison or similar? > > Actually there shouldn't be problems with expunges after all. Conflicts > just are detected less reliably. For example if: > > Server 1 saves message with UID=123 > Server 2 saves a different message with UID=123 > Server 1 expunges messages UID=123 > > dsync is run to move changes from server 2 to server 1. It notices that > "oh, UID=123 has been expunged from server 1 already" and server 2's > UID=123 message isn't copied there. Or if you're syncing changes from 1 > to 2, it would expunge the UID=123 from server 2. > > If server 1 had been running Dovecot v2.0, the expunge record would have > message's GUID stored and dsync would notice that there was a GUID > conflict and copy the server 2's message to server 1 as UID=124. In my case mail would only arrive on the master. If I interpret you correctly this case will be very simple for dsync and will work already. > >> How would I handle mailbox addition, renaming and deletions? > > The reason why dsync can't do that without Dovecot v2.0 is because it > can't be done reliably without storing extra information.. (And I > haven't yet even implemented that to v2.0.) So the answer is: Not > easily. Will addition work automatically? Can renaming and deletion be made by renaming/deleting maildir folders manually? I guess I can do the setup and test it myself :) -- Joakim Verona
Re: [Dovecot] dsync - one or two ways?
Timo Sirainen writes: > On Fri, 2009-07-17 at 22:31 +0200, joa...@verona.se wrote: >> This sounds really awesome! How testable is it? > > By "testable" do you mean "is it working now"? It should work except for > mailbox deletions and renames. But I haven't really tested it, just ran > unit tests. :) And it pretty much requires using Dovecot v2.0 for IMAP > so that it can handle expunges properly. And I wouldn't really recommend > doing that yet.. Would this setup work then? - dovecot 1.2 on master and slave machines - dsync on the slave machine, 2 way sync - propagate expunges by some other means, like removing maildir mail files with unison or similar? How would I handle mailbox addition, renaming and deletions? > >> My setup would be: >> - one server dovecot that is online all the time, filtering email to several >> mailboxes with sieve scripts >> - the server dovecot would receive changes through a webmail instance >> - a dovecot running on my laptop that I would like to be in sync with >> the server dovecot. I read mail there with Gnus. > > Yeah, should work with that setup. > >> Theres only a one user(me) that would have this setup, but there are >> a handful of other users as well. I have a couple of hundred mailboxes >> to sync. Can all mailboxes be synced automatically, or do I need to make >> a list of them for dsync? > > User's all mailboxes are synced automatically. -- Joakim Verona
Re: [Dovecot] dsync - one or two ways?
Timo Sirainen writes: > dsync in Dovecot v2.0 tree is a new utility for syncing a mailbox in two > locations. Some things it can be used for: > > - Initially transfer a mailbox to another server via SSH > - A faster sync done to an existing mailbox, sending only changes > - A superfast sync based on modification sequences. > - Source and destination mailboxes can use different formats > (convert-tool will be history) > > dsync can handle all kinds of conflicts in mailboxes, handle mailbox > deletions, renames, etc. So it's safe to sync even if both source and > destination mailboxes have had all kinds of changes. > > Now, the question is: Does anyone want dsync to only sync changes from > source to destination, instead of doing a full two-way sync? I think in > typical cases where you'd think you would want only one-way sync are > also the cases where there's no changes coming the other way in any > case. > This sounds really awesome! How testable is it? My setup would be: - one server dovecot that is online all the time, filtering email to several mailboxes with sieve scripts - the server dovecot would receive changes through a webmail instance - a dovecot running on my laptop that I would like to be in sync with the server dovecot. I read mail there with Gnus. Theres only a one user(me) that would have this setup, but there are a handful of other users as well. I have a couple of hundred mailboxes to sync. Can all mailboxes be synced automatically, or do I need to make a list of them for dsync? -- Joakim Verona
[Dovecot] keeping 2 dovcots in sync?
I would like to have one master dovecot instance that gets email, and a slave dovecot on my laptop. I use maildir, and I was thinking of doing this with unison, but I suppose dovecots indexes would go out of sync whenever I used unison. There seems to be a number of imap folder synchronizers, but I have heard they are troublesome. Any hints? -- Joakim Verona
Re: [Dovecot] Ideas for Webmail/OTP
On Mon, July 23, 2007 10:54 am, Phillip T. George wrote: [...] > Oh...also his post did include "/OTP", which unless I'm mistaken, than means Off-Topic Post ..so it doesn't really matter if it had to do with Dovecot or not, right? :) :-) I believe he was referring to One Time Passwords. --Jo
Re: [Dovecot] Shared mailbox plans
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 22 Apr 2007 17:49:52 -0400 [EMAIL PROTECTED] wrote: > Steffen Kaiser writes: > > >> Having ACLs in SQL allows companies to have a centralized place > >> for all ACLs. > > > > Well, this statement is true for any backend, incl. LDAP. > > Correct. > But many companies do not have a LDAP infrastructure. > It is much easier to setup a Mysql DB and put a table for ACL than it > is to setup an LDAP infrastructure. Doesn't that largely depend on your skills with LDAP or your skills with MySQL? You don't really need any more "infrastructure" with LDAP than you do with MySQL. As always, use the tool you know and that works best for you. But I digress. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGK9p9R/DW9IB/aBQRAs1hAJ9Ld+0qa+f4DDqODSEb8D0eLKV0yQCeK7l3 RTBv6ywkCOBvN7zu3RXoUS4= =3ciZ -END PGP SIGNATURE-
Re: [Dovecot] v1.1 plans - sieve?
On Wed, 18 Apr 2007 10:04:09 +0200 [EMAIL PROTECTED] wrote: JSS> On Wednesday 18 April 2007 00:13, Timo Sirainen wrote: JSS> > I don't think so. I want to distribute it with Sieve plugin, and JSS> > that pretty much requires changes that come only in v2.0. JSS> JSS> so what's the suggested setup for server-side mail filtering right JSS> now ? Either use the Dovecot patch from here: http://sinas.rename-it.nl/~sirius/ or run the pysieved managesieve server from here: http://woozle.org/~neale/repos/pysieved/ We use the latter with great success. No patch to maintain and it's written in Python so you can make it do whatever you want pretty much with just a little scripting knowledge (not a requirement). --Jo
Re: [Dovecot] Public folders using NAMESPACE
Timo Sirainen wrote: > On Tue, 2007-04-17 at 03:48 -0700, Joakim Ryden wrote: >> With this, "Public Folders" shows up (testing with Thunderbird) but >> not as an >> italic special folder (does that make sense?) as it does on all other >> accounts I >> have on other servers which support public folders. > > I think I heard that Thunderbird uses IMAP ACL extension to check if > some mailbox is shared or not. Dovecot doesn't support IMAP ACL > extension yet. Or it might be something else too I suppose. I think you're absolutely right. >> which also shows up nicely, I can copy email in there and subscribe >> and >> unsubsribe to this subfolder, but clicking on "Public Folders" gives: >> Mailbox >> doesn't exist: Public Folders. which I'm sure is because I've missed >> or >> misunderstood something :) Any ideas? > > Well, unfortunately that doesn't work. Dovecot doesn't currently support > subscribing to namespace prefixes, only to mailboxes inside the > namespace. You might be able to kludge around that by making the > subscription go to the private namespace. Either manually updating the > subscriptions file, or removing this code from > src/imap/cmd-subscriptions.c: > > if (!client_verify_mailbox_name(cmd, verify_name, subscribe, FALSE)) > return TRUE; Hmm, maybe I'm showing my lack of understanding of the inner workings of namespaces here (it is more than slightly possible!) but are you really supposed to be able to subscribe to a namespace? On other servers with this functionality that I have access to I think it's "selectable" but not "subscribable" per say. > Actually another problem you're going to have is those shared namespace > subscriptions, unless you want to force every user to have same ones. If > you don't, you'll need to set CONTROL path to user-specific directory. Ah yes, I figured out the user-specific CONTROL and INDEX settings, pretty cool. One question or minor detail about the user-specific INDEX settings: it looks like Dovecot creates index folders for all namespace folders including a folder called ".INBOX" which seems redundant since the top level namespace (I assume "INBOX refers to the top level name space in this case) shouldn't contain any messages, only folders, right? > For Dovecot v1.1 I'll try to figure out how to make all this work > better. Awesome. Thanks for your patience Timo! Cheers! --Jo
Re: [Dovecot] Public folders using NAMESPACE
On Tue, April 17, 2007 3:48 am, Joakim Ryden wrote:
> On Tue, April 17, 2007 2:29 am, Timo Sirainen wrote:
>> On Tue, 2007-04-17 at 02:14 -0700, Joakim Ryden wrote:
>>> I've been trying to research how to (or if possible at all) implement public
>>> folders using the namespace feature on a server with multiple virtual
>>> domains.
>>> After about an hour of looking around I'm a little confused. :)
>>
>> Did you read this? http://wiki.dovecot.org/SharedMailboxes
>>
>> I now added a link there from ACL page.
>
> Thanks Timo! That's pretty helpful. I think I'm still missing something
> though.
> I have the following configuration:
>
>
> namespace public {
> separator = .
> prefix = Public Folders.
> location = maildir:/var/mailstore/shared-folders/%d/Maildir
> }
>
> namespace private {
> separator = .
> prefix =
> inbox = yes
> }
>
> With this, "Public Folders" shows up (testing with Thunderbird) but not as an
> italic special folder (does that make sense?) as it does on all other
> accounts I
> have on other servers which support public folders. I created a folder here:
>
> /var/mailstore/shared-folders/domain.com/Maildir/.Announcements
>
> which also shows up nicely, I can copy email in there and subscribe and
> unsubsribe to this subfolder, but clicking on "Public Folders" gives: Mailbox
> doesn't exist: Public Folders. which I'm sure is because I've missed or
> misunderstood something :) Any ideas?
>
> Cheers!
>
> --Jo
Ok, I'm a dumb ass. If I would actually use my eyes I would see:
"Another problem is that although the namespace prefix shows up as a normal
looking mailbox, Dovecot doesn't allow subscribing to it because it's not a real
mailbox. This will be fixed in later versions."
on the wiki page. Nevermind me :) I assume this hasn't been fixed yet?
Re: [Dovecot] Public folders using NAMESPACE
On Tue, April 17, 2007 2:29 am, Timo Sirainen wrote:
> On Tue, 2007-04-17 at 02:14 -0700, Joakim Ryden wrote:
>> I've been trying to research how to (or if possible at all) implement public
>> folders using the namespace feature on a server with multiple virtual
>> domains.
>> After about an hour of looking around I'm a little confused. :)
>
> Did you read this? http://wiki.dovecot.org/SharedMailboxes
>
> I now added a link there from ACL page.
Thanks Timo! That's pretty helpful. I think I'm still missing something though.
I have the following configuration:
namespace public {
separator = .
prefix = Public Folders.
location = maildir:/var/mailstore/shared-folders/%d/Maildir
}
namespace private {
separator = .
prefix =
inbox = yes
}
With this, "Public Folders" shows up (testing with Thunderbird) but not as an
italic special folder (does that make sense?) as it does on all other accounts I
have on other servers which support public folders. I created a folder here:
/var/mailstore/shared-folders/domain.com/Maildir/.Announcements
which also shows up nicely, I can copy email in there and subscribe and
unsubsribe to this subfolder, but clicking on "Public Folders" gives: Mailbox
doesn't exist: Public Folders. which I'm sure is because I've missed or
misunderstood something :) Any ideas?
Cheers!
--Jo
[Dovecot] Public folders using NAMESPACE
Howdy folks! I've been trying to research how to (or if possible at all) implement public folders using the namespace feature on a server with multiple virtual domains. After about an hour of looking around I'm a little confused. :) I guess there are two questions: 1) Is it possible / does it work? 2) If yes, does anyone have a sample configuration or write-up of How You Did It[TM] to share? I've been mainly focusing on the thread from here: http://www.dovecot.org/list/dovecot/2006-June/013683.html and the wiki ACL documentation: http://wiki.dovecot.org/ACL but I'm having a hard time piecing it all together... Thanks for any and all tips! --Jo
