Re: long mail_location value formatting
In the multi-line example, the backslash (\) was missing due to message formatting ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
long mail_location value formatting
Hello! The mail_location value with all the necessary keys can be quite long, for example: mail_location = mdbox:~/mdbox:VOLATILEDIR=/dev/shm/dovecot/volatile/%d/%n:LISTINDEX=/dev/shm/dovecot/listindex/%d/%n/dovecot.list.index:ALT=/var/dovecot-alt/%d/%n/mdbox When trying to split a value into multiple lines like: mail_location = \ mdbox:~/mdbox: \ VOLATILEDIR=/dev/shm/dovecot/volatile/%d/%n: \ LISTINDEX=/dev/shm/dovecot/listindex/%d/%n/dovecot.list.index: \ ALT=/var/dovecot-alt/%d/%n/mdbox according to the documentation https://doc.dovecot.org/configuration_manual/config_file/index.html#long-lines, each new line adds a whitespace, which breaks the value: doveadm config mail_location mail_location = mdbox:~/mdbox: VOLATILEDIR=/dev/shm/dovecot/volatile/%d/%n: LISTINDEX=/dev/shm/dovecot/listindex/%d/%n/dovecot.list.index: ALT=/var/dovecot-alt/%d/%n/mdbox doveadm mailbox list -u m...@example.com doveadm(m...@example.com): Error: Namespace '': Unknown setting: VOLATILEDIR Is it possible to split the value into multiple lines for better readability? Maybe add functionality to trim extra spaces when reading the mail_location value? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot lmtp and smtputf8
Using the changes described in this pull request https://github.com/dovecot/core/pull/190, you can add SMTPUTF8 capability to the Dovecot LMTP server. Work on the patch is still in progress, and UTF8 support is not complete. However, you can use the following trick: Enable SMTPUTF8 support in Postfix, but make emails with UTF8 characters as aliases so that the final recipient doesn't have UTF8 characters. Even in this case, on the LMTP side, you need to announce the UTF8 capability, which will be possible if you apply the changes from the pull request. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Replicator service in Dovecot 2.4 CE
On the documentation page for the upgrade to version 2.4 at https://doc.dovecot.org/3.0/installation_guide/upgrading/from-2.3-to-3.0/, it is mentioned that instead of the 'replicator' service (https://doc.dovecot.org/configuration_manual/replication/#replication-with-dsync), it is necessary to use an NFS cluster file system. Are you completely removing support for 'replication-with-dsync' starting from version 2.4? Are there any plans for built-in tools to implement an active/active or active/passive cluster in the community edition? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
RE: submission_host auth
> There is no way for a forwarded email to SASL authenticate because no one is > logged in or involved in the process of LMTP receiving mail for delivery from > "the world". How is the MTA supposed to know the SASL password for > st...@work.com? dovecot auth with "master user" when sending emails via sumbission_host; postfix: 1. using smtpd_sender_login_maps allow master user send messages with any mail from, like that: smtpd_sender_login_maps = regexp:/etc/postfix/login_map.regexp --- login_map.regexp: /^mas...@example.com$/ .* OR 2. in postfix master.cf declare dedicatet submission port allowed only for dovecot, without reject_sender_login_mismatch, like that: 2525 inet n - n - - smtpd -o smtpd_helo_restrictions=permit_sasl_authenticated -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=permit_sasl_authenticated I think it's better than mynetworks = 10.0.1.0/24 #whole subnet, container ip assigned dynamically :( with smtpd_sender_restrictions = permit_mynetworks smtpd_relay_restrictions = permit_mynetworks What about SPF in the described scenario, you are right, SPF will be broken. Well.. its implementation feature От: dovecot от имени dove...@ptld.com Отправлено: 17 января 2023 г. 23:18 Кому: dovecot@dovecot.org Тема: Re: submission_host auth > Let's say we have dovecot + sieve plugin container. > Dovecot configured to use remote SMTP submission host to send messages: > submission_host = postfix.example.com:587 I reviewed my config to see how i did it. I think you are right and SASL isn't used here. I have dovecot and postfix on the same machine and in dovecot i set submission_host = localhost:25 Then in my sieve filters i set sieve_redirect_envelope_from = sender I use SPF, DKIM, and DMARC To test this i have (fictitious) st...@work.com with a forward filter to perso...@home.com I sent an email from custo...@random.com to st...@work.com @work.com server then sends a forwarded email to perso...@home.com with To:st...@work.com and From:custo...@random.com Checking the @home.com logs i can see that SPF failed because @work.com server sent an email from @random.com, however it had valid DKIM signatures from both @work.com and @random.com so DMARC passed and the email was accepted. I guess if the @random.com mail server only implemented SPF and not included a DKIM signature and DMARC policy then the @home.com server would have rejected the forwarded email. I know this might not be the best solution you are looking for, but it is the best i could figure out to allow sieve forwarding. There is no way for a forwarded email to SASL authenticate because no one is logged in or involved in the process of LMTP receiving mail for delivery from "the world". How is the MTA supposed to know the SASL password for st...@work.com?
RE: submission_host auth
Thanks for the reply, postfix + dovecot sasl configured and working properly. My question is about "adding dovecot authentication when sending emails via submission_host". Let's say we have dovecot + sieve plugin container. Dovecot configured to use remote SMTP submission host to send messages: submission_host = postfix.example.com:587 User f...@example.com has the following sieve script: require ["fileinto", "copy", "vacation", "date", "relational"] ; redirect :copy "b...@example.com"; keep; b...@example.com sending email to f...@example.com dovecot lmtp log: lmtp(f...@example.com)<7670>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034...@mail.example.com>: redirect action: failed to redirect message to : smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 : Recipient address rejected: Access denied (permanent failure) lmtp(f...@example.com)<7670>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034...@mail.example.com>: stored mail into mailbox 'INBOX' lmtp(f...@example.com)<7670>: Info: sieve: Execution of script /var/dovecot/example.com/foo/foo.sieve failed, but implicit keep was successful (user logfile /var/dovecot/example.com/foo/foo.sieve.log may reveal additional details) sieve.log error: msgid=<63fce409f26b1a67785a475a00034...@mail.example.com>: redirect action: failed to redirect message to : smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 : Recipient address rejected: Access denied (permanent failure). postfix log: NOQUEUE: reject: RCPT from unknown[10.0.1.4]: 554 5.7.1 : Recipient address rejected: Access denied; from= to= redirect :copy action failed, its expected behavior, dovecot do not auth when sending email via submisson_host. If there is setting like submission_host_master_user = mas...@example.com submission_host_master_password = masterpass to do authentication as master user in postfix who can send email as any user... От: dovecot от имени dove...@ptld.com Отправлено: 17 января 2023 г. 18:25 Кому: dovecot@dovecot.org Тема: Re: submission_host auth > When using dovecot container with sieve plugin there is no sendmail to use > for sending email for sieve redirect action for example. We can use > submission_host instead > https://doc.dovecot.org/settings/core/#core_setting-submission_host but there > is no way to specify credentials for auth in remote MTA. Submission_relay_* > settings e.g. submission_relay_master_user relate to dovecot submission > service. Using something like permit_mynetworks in remote MTA is not > acceptable for security reasons. > > Is it possible to add authorization in the remote MTA using submission_host? You start the auth service in dovecot, then tell the MTA to use it. For example, if you use postfix this explains how: https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/
submission_host auth
When using dovecot container with sieve plugin there is no sendmail to use for sending email for sieve redirect action for example. We can use submission_host instead https://doc.dovecot.org/settings/core/#core_setting-submission_host but there is no way to specify credentials for auth in remote MTA. Submission_relay_* settings e.g. submission_relay_master_user relate to dovecot submission service. Using something like permit_mynetworks in remote MTA is not acceptable for security reasons. Is it possible to add authorization in the remote MTA using submission_host?
hostname in director_mail_servers setting
director_mail_servers setting uses IP Adresses as values https://doc.dovecot.org/settings/core/#core_setting-director_mail_servers As described in the documentation, hostnames are converted to addresses when the configuration is read https://doc.dovecot.org/settings/types/#ip-addresses This is acceptable in host or virtual machine environment, but becomes a problem in a containerized environment. When any backend container is restarted, its address will change and users related to this backend can no longer connect, but backend (available with new IP address) can process request for example, director_mail_servers = dovecot-1 dovecot-2 dovecot-3 becomes in runtime (with one successfully connectetd user f...@example.com) doveadm director status mail server ip tag vhosts state state changed users 10.0.71.3 100 up - 0 10.0.71.4 100 up - 1 10.0.71.5 100 up - 0 where dovecot-1 10.0.71.3, dovecot-2 10.0.71.4, dovecot-3 10.0.71.5 When dovevecot-2 backend container restarts, and becomes new IP address, user can't connect to related backend: imap-login: Info: proxy(f...@example.com,10.0.71.4:143): Started proxying to <10.0.71.4> () (0.009 secs) imap-login: Error: proxy(f...@example.com,10.0.71.4:143): connect(10.0.71.4, 143) failed: No route to host (after 28 secs, 3 reconnects, local=10.0.71.13:41066) My suggestion to developers: resolve backend hostnames to IP address on every request to director_mail_servers It's not about dovemon service with active health checks from dovecot pro, just dynamic hostname resolve