Re: Dual certificate
Google multi domain certificates. Comodo sells a multi domain wild card certificate that we use to host multiple SSL domains on dovecot and postfix successfully. You install the single certificate and reissue and reinstall after adding a new domain. > On Mar 2, 2016, at 2:02 AM, Jean-Baptiste Vignaudwrote: > > Hello all; > > > Is anyone knows if it's possible to have a dual certificate setup on > dovecot like in postfix or apache ? > > i tried to add several crts in local name section : > > local_name imap.server.tdl { > ssl_cert = ssl_key = ssl_cert = ssl_key = } > > but it seems that dovecot takes the last one (ecdsa) and that rsa cert is > not used. > > > to check if booth are working, i check with openssl: > > openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls > imap -servername imap.server.tdl -cipher ECDHE-RSA-AES128-GCM-SHA256 for > rsa > > and > > openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls > imap -servername imap.server.tdl -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for > ecdsa > > In apache we have to duplicate the cert / key lines one for rsa, one for > edcda. > > In postfix, we have some specific ecdsa conf keys. > > So is there a way to do the same in dovecot ? >
Re: Dovecot cluster using GlusterFS
We ran a load test using glusterfs and were able to deliver mail (I can't remember specifically how much per second, maybe 100 messages per second?) without any issues. We did use the glusterfs fuse client and not nfs, and used regular maildir. We developed a mail bot cluster that would deliver mail, and simultaneously receive and delete it with pop and IMAP and we ran into zero issues. We even had the replicas stretched between two datacenters. Not sure what the difference here is but it can be done. > On Dec 5, 2015, at 3:42 AM, Filip Pytlounwrote: > > Hello, > > I have recently setup mailserver solution using 2-node master-master > setup (mainly based on MySQL M-M replication and GlusterFS with 2 > replica volume) on Ubuntu 14.04 (Dovecot 2.2.9). > > Unfortunately even with shared-storage-aware setting: > > mail_nfs_index = yes > mail_nfs_storage = yes > mail_fsync = always > mmap_disable = yes > > ..I have hit strange issues pretty soon especially when user was > manipulating same mailbox from multiple devices at the same time. > > Most issues was about corrupted indexes which was solved easily by just > putting them on local storage of each node: > > mail_location = maildir:/srv/mail/%d/%u:INDEX=/var/lib/dovecot/index/%d/%u > > But I still hit issues like this one: > > dovecot: lmtp(6276, u...@example.com): Error: Broken file > /srv/mail/example.com/u...@example.com/dovecot-uidlist line 8529: UIDs not > ordered (8527 >= 8527) > > Which I am not sure how serious it is or if it's possible to solve or > workaround? > > Anyway because of the above and high possibility of GlusterFS > split-brains, I have decided to setup Dovecot Director according to the > docs [1] but I have a couple of questions: > > - is custom monitoring still required? Poolmon [2] is 4 year old so I > would suppose there's some progress since that? > > - it's not possible to have same backends and directors in Dovecot > <2.2.17. I can backport newer Dovecot for Ubuntu Trusty, so this is > not an issue, but.. > > - documentation states that it still doesn't work for LMTP [3]? > Which is probably important for my setup, because both Postfix servers > are using dovecot-lmtp for mail delivery so there can be still some > issues (but probably less frequent?) when both servers will deliver > new mails for one user at once. > So do I really have to split directors from backends? > > > Anyone has experience with clustered Dovecot setup? > Why is Dovecot behaving so bad when it pretends to be shared storage > friendly? Are these issues only specific for older Dovecot? > Or is there something wrong in my architecture design? > > Thanks for any help, > Filip > > > --- > [1] http://wiki2.dovecot.org/Director > [2] https://github.com/brandond/poolmon/ > [3] "LMTP however doesn't currently support mixing recipients to both > being proxied and store locally." > > --- > BTW if someone is interested in SaltStack, here are Salt formulas for > Dovecot + Postfix + GlusterFS + Roundcube + Mailman setup which we are > using: > > https://github.com/tcpcloud/salt-formula-dovecot > https://github.com/tcpcloud/salt-formula-postfix > https://github.com/tcpcloud/salt-formula-roundcube > https://github.com/tcpcloud/salt-formula-glusterfs
Re: Calendar and address book with Dovecot
We tried radicale, it didn't work at all as we found out the db support was completely broken. On Apr 9, 2015, at 12:34 PM, Dominik Breu domi...@dominikbreu.de wrote: Hello, if you don't depend on a fancy webinterface give http://radicale.org/ a shot you can auth users aganst your imap server. greets Am Donnerstag, den 09.04.2015, 17:46 +0100 schrieb mimic...@gmail.com: Hi all I recently install Postfix and Dovecot, and so far so good. My assumption was that calendar and address book (similar to Gmail calendar or address book) are part of Dovecot. However I do not see anything concerning them in any of the docs I have read so far. What other software (ideally open source, free) do I need in other to have Calendar and address book so my users can manage their contact on their phones or computer? I have looked at Roundcube already, but my requirement is not necessarily to provide web mail. Thanks Mimi
Re: Calendar and address book with Dovecot
On Apr 9, 2015, at 12:24 PM, Robert Schetterer r...@sys4.de wrote: Am 09.04.2015 um 18:46 schrieb mimic...@gmail.com: Hi all I recently install Postfix and Dovecot, and so far so good. My assumption was that calendar and address book (similar to Gmail calendar or address book) are part of Dovecot. However I do not see anything concerning them in any of the docs I have read so far. What other software (ideally open source, free) do I need in other to have Calendar and address book so my users can manage their contact on their phones or computer? I have looked at Roundcube already, but my requirement is not necessarily to provide web mail. Thanks Mimi cal/card dav may come in dovecot http://www.dovecot.org/talks/berlin-20140513.pptx.pdf ... Future: Random New Stuff CalDAV CardDAV Can’t fall behind Cyrus meanwhile you need another solution i.e horde webmail acts as cal/card dav ,active sync , syncml server http://en.wikipedia.org/wiki/CalDAV http://en.wikipedia.org/wiki/CardDAV http://en.wikipedia.org/wiki/ActiveSync http://en.wikipedia.org/wiki/SyncML Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein The notion that dovecot needs to stay just an IMAP server is ridiculous. I thoroughly encourage it to grow into a fully featured and open source messaging and groupware system. This is great news!
Re: replication - more than 2 servers?
Dovecot replication will never scale until it implements some form of token ring topology where data is sharded. You should look at obox plugin for dovecot and some form of S3 compatible storage that can be available in multiple data centers. We are using (pithos.io) and the Cassandra database to backend a test cluster with good results between two data centers. This could potentially scale infinitely if that's what you need. On Dec 16, 2014, at 2:39 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 16.12.2014 um 21:13 schrieb Ron Cleven: We tested dovecot for a fair amount of time and decided finally to put it into production under CentOS 7 (we are running 2.2.10). I just joined the list, so I apologize for what is probably a question that has been answered many times, but I was wondering if there are any plans to implement replication among 3 or more servers (all masters, as with 2)? As best as I can tell, replication seems to be limited to 2 servers, and it is not obvious to me even how more than 2 would be supported syntactically in the configs. That is, what might be an example of the mail_replica clauses if such a thing was supported? if you *really* have that large number of users and load you should split them to different servers (replicated server pairs) because you end in replication overhead eating away all the benefits otherwise master-master replication independent of the software is somehow limited by phyiscs (delays, replication traffic, replication I/O) and can't scale endless
Re: [Dovecot] Dovecot Failover
On 4/19/13 2:49 AM, Timo Sirainen wrote: On 19.4.2013, at 10.43, Timo Sirainen t...@iki.fi wrote: On 19.4.2013, at 9.59, Nikolaos Milas nmi...@noa.gr wrote: Assuming we have two (low traffic) servers (on different data centers) replicated using dsync, what is the best way to automatically direct users to the main server when it is up and to the redundant one when the main server is down? Using DNS? I've seen that DNS-based failover has generally issues (for example: http://serverfault.com/questions/60553/why-is-dns-failover-not-recommended, which is informative although it refers to web servers). BTW. I'm kind of hoping that if dsync replication becomes more commonly used with people commonly setting up two A records for the IMAP server, the IMAP clients would evolve to support this by trying out all the listed IPs. Web browsers already do this nowadays (and that's why I think your URL is a bit out of date). If DNS were the preferred method for load balancing IMAP/POP3 (or others) I would recommend the clients begin supporting SRV records as they were specifically designed to handle this kind of scenario.
Re: [Dovecot] v2.2.0 released
On 4/15/13 11:16 AM, Timo Sirainen wrote: On 15.4.2013, at 18.55, l...@airstreamcomm.net wrote: Does the new obox plugin support any of the open source object storage systems such as openstack, glusterfs, or ceph? From your store site it does not appear so. Glusterfs isn't really object storage (unless they've changed since I last looked at them), and it already more or less works with Dovecot using the existing mailbox formats. Except last I heard it still caused index file corruption. Openstack Swift support is coming. There's a half-working version of it already, would need just a day or two to finish it up. I haven't looked at Ceph closely yet, but it would be nice to support it as well. obox can also be used with a regular POSIX filesystem, although it loses the prefetching capabilities then. So it could be used with e.g. Glusterfs or NFS to provide an efficient local cache. I've also thought about trying out if prefetching could be done by creating new diskio processes with a ton of threads doing the actual disk I/O. Timo, Riak CS is S3 compatible. Just curious if you have tested with Riak CS (especially the multi-data center implementation).
Re: [Dovecot] v2.2.0 released
On 4/12/13 12:33 PM, Timo Sirainen wrote: http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz.sig Everything now seems to be stable and working in v2.2, so I can finally move onto developing great new interesting features for v2.3. :) My company has also launched a web shop where you can buy various products. One of them is cheap access to Dovecot enterprise edition repositories, which are basically same as regular Dovecot releases, except they are kept patched with the latest important bugfixes. We currently have releases for RHEL/CentOS 5 and 6, Debian Squeeze and Ubuntu 12.04 LTS. By buying Dovecot-EE you'll also get a 30 day demo license for object storages, if you want to try it out. http://shop.dovecot.fi/ * When creating home directories, the permissions are copied from the parent directory if it has setgid-bit set. For full details, see http://wiki2.dovecot.org/SharedMailboxes/Permissions * doveadm auth command was renamed to doveadm auth test * IMAP: ID command now advertises server name as Dovecot by default. It was already trivial to guess this from command replies. * dovecot.index.cache files can be safely accessed only by v2.1.11+. Older versions may think they're corrupted and delete them. * LDA/LMTP: If saving a mail brings user from under quota to over quota, allow it based on quota_grace setting (default: 10% above quota limit). * pop3_lock_session=yes now uses a POP3-only dovecot-pop3-session.lock file instead of actually locking the mailbox (and causing IMAP/LDA/LMTP to wait for the POP3 session to close). * mail_shared_explicit_inbox setting's default switched to no. * ssl_client_ca_dir setting replaced imapc_ssl_ca_dir and pop3c_ssl_ca_dir settings. + Implemented IMAP MOVE and BINARY extensions + Implemented IMAP CATENATE, URLAUTH and URLAUTH=BINARY extensions (by Stephan Bosch). + Implemented IMAP NOTIFY extension. Requires mailbox_list_index=yes to be enabled. + Redesigned and rewritten dsync. The new design makes the syncing faster, more reliable and more featureful. The new dsync protocol isn't backwards compatible with old dsync versions (but is designed to be forwards compatible with future versions). + All mailbox formats now support per-user message flags for shared mailboxes by using a private index. It can be enabled by adding :INDEXPVT=path to mail location. This should be used instead of :INDEX also for Maildir/mbox to improve performance. + Improved mailbox list indexes. They should be usable now, although still disabled by default. + Added LAYOUT=index. The mailbox directories are created using their GUIDs in the filesystem, while the actual GUID - name mapping exists only in the index. + LMTP proxy: Implemented XCLIENT extension for passing remote IP address through proxy. Does the new obox plugin support any of the open source object storage systems such as openstack, glusterfs, or ceph? From your store site it does not appear so.
Re: [Dovecot] Please help to make decision
On 3/24/13 11:12 AM, Tigran Petrosyan wrote: Hi We are going to implement the Dovecot for 1 million users. We are going to use more than 100T storage space. Now we examine 2 solutions NFS or GFS2 via (Fibre Channel storage). Can someone help to make decision? What kind of storage solution we can use to achieve good performance and scalability. NFS has worked well for us on a 65,000 user Dovecot cluster. We use a dual controller NetApp in cluster mode which give great performance. You might also consider looking at the commercial version of Dovecot which has the Object Storage plugin, which might suit your scalability needs much better (size and especially budget wise). I would also recommend testing with actual work loads similar to what you plan on implementing. Our team developed a mail generating botnet in which we ran SMTP/IMAP/POP tests where we could control levels of each.
Re: [Dovecot] Integrating with Drupal SQL db
On 3/11/13 10:54 PM, i...@stos.se wrote: Hi again, this is what I've found regarding how Drupal 7 hashes. $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); The whole final hash value is encoded into 16 base64 characters and prepended by an identifying string, the standard phpass MD5 mode uses $P$ (Drupal’s modified version uses $S$ to indicate SHA-512) and a single base64 character to indicate the number of MD5 iterations used. Examples of a hashed password are: # Drupal 7 hash $S$CgwilRJS4VIF1.2y0R7B4qkXJ8F8SJPcuvXRKGlMWESVXMST.5n4 WordPress 3.0.4 uses the phpass default of 8193 iterations ($count being 8192) and Drupal 7 uses 16385 — notice that the Drupal password has C after the identifier whereas WordPress has B, converted from crypt style base64 (character set [./0-9A-Za-z]) these are 14 and 13 respectively, then take 214 + 1 = 16385. A John the Ripper benchmark, after patching and enabling the usage of phpass portable passwords (WordPress style, 8193 iterations), quotes approximately 700 passwords checked per second. Can I use this inforamtion to make Dovecot understand how to interpret the hash? Thanks! Regards Tobias On Mon, 11 Mar 2013 14:00:22 -0500, l...@airstreamcomm.net l...@airstreamcomm.net wrote: On 3/11/13 11:57 AM, i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix# As far as I understand Drupal uses salted passwords, so you would need to return the password + salt in the sql query. I am not sure what position the salt is offset for a password with Drupal, but that should be simple
Re: [Dovecot] Integrating with Drupal SQL db
On 3/11/13 11:57 AM, i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix# As far as I understand Drupal uses salted passwords, so you would need to return the password + salt in the sql query. I am not sure what position the salt is offset for a password with Drupal, but that should be simple to determine looking at the source.
Re: [Dovecot] Real-time sync using dsync
On 2/27/13 3:10 PM, Timo Sirainen wrote: On 27.2.2013, at 21.19, Nikolaos Milas nmi...@noa.gr wrote: Any suggestions? I am looking for a solution that would work in creating a failover cluster with two nodes, utilizing (two) CentOS 6 VMs, each on a different data center; this requirement makes technologies like drbd unusable (due to the inherent lack of complete link reliability between the two nodes). I was thinking that dsync might be a good foundation for such scenarios. dsync was meant exactly for that kind of replication. For a relatively few number of users this should work well (minus the initial bugs until they get all fixed). It's a little bit heavy operation to run dsync for each small change though, so I wouldn't necessarily use it for large systems. Then again it's mainly CPU usage, and Dovecot uses normally about 0% CPU, so maybe it's not so bad. The other possibility that is more efficient and easier to scale to large systems is to use one of the scalable object storage backends and Dovecot's object storage plugin (commercial-only, available soon). The idea behind both of these ways is to make it easy, cheap and reliable to do multi-datacenter replication for IMAP servers. None of the cluster filesystems can do that. Timo, has this been tested on large systems yet? I plan on hammering a two node dsync cluster running 2.2rc2 (each node is 100 miles apart in a different data center connected via 10gb ring) with a SMTP/IMAP/POP generating bot cluster we have in our test network to see how well it scales. I will update with my findings next week when I get a chance to work on it. I have to +1 Nikolaos' sentiment for a geographically distributed mail cluster, we have been hoping for a Dovecot solution to this problem for the last few years.
Re: [Dovecot] v2.2.rc2 released
On 2/26/13 12:56 AM, Michael Grimm wrote: On 2013-02-25 22:57, l...@airstreamcomm.net wrote: Trying the dsync replication for the first time, and I am confused as to the intended purpose of the replication service. Is the dsync replication meant to replicate mails immediately upon submission to lmtp/lda and on change via IMAP/POP3, Yes. or is the replication_full_sync_interval the only configurable for determining when the replication will occur? No. Timo, correct me if I am mistaken, but that keyword will tell the replication system when to apply a dsync -f aka running in full sync mode at latest. Maybe a better question is there any documentation on dsync replication (could not find any)? http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html http://www.dovecot.org/img/dsync-director-replication-ssh.png http://www.dovecot.org/img/dsync-director-replication.png http://www.google.com/url?sa=trct=jq=source=webcd=1cad=rjaved=0CDMQFjAAurl=http%3A%2F%2Fwww.linuxtag.org%2F2012%2Ffileadmin%2Fwww.linuxtag.org%2Fslides%2FTimo%2520Sirainen%2520-%2520What_s%2520new%2520in%2520Dovecot_.p269.pdfei=N1csUcqsLoTJsgbKuYD4CQusg=AFQjCNGoN4PBs-8lVYy1Gi_Dor03-n5tfQbvm=bv.42965579,d.Yms (Sorry for the long link) HTH, Michael Thanks for the information Michael. I must be configuring this incorrectly as the replication is not occurring when messages are being delivered via LMTP in my setup. When I restart dovecot the messages are synced immediately, but not on delivery. Here is my config: # 2.2.rc2: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_verbose = yes mail_debug = yes mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_replica = remote:vm...@mail2.clustertest.air replication_full_sync_interval = 1 hours } postmaster_address = r...@clustertest.air service aggregator { fifo_listener replication-notify-fifo { mode = 0600 user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener auth-userdb { mode = 0777 } } service config { unix_listener config { user = vmail } } service doveadm { user = vmail } service lmtp { process_min_avail = 20 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service replicator { process_min_avail = 1 } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/certs/dovecot.pem userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file }
Re: [Dovecot] v2.2.rc2 released
On 2/26/13 10:10 AM, Timo Sirainen wrote: On 26.2.2013, at 17.58, l...@airstreamcomm.net wrote: Thanks for the information Michael. I must be configuring this incorrectly as the replication is not occurring when messages are being delivered via LMTP in my setup. When I restart dovecot the messages are synced immediately, but not on delivery. Here is my config: You're missing: mail_plugins = notify replication Thanks Timo that did the trick. Now say I have two clusters of dovecot servers in disparate data centers, each cluster has four nodes with shared NFS storage. Would I be able to configure dsync replication so that messages hitting any server in either cluster would be replicated accordingly to the remote data center?
Re: [Dovecot] v2.2.rc2 released
On 2/25/13 12:43 PM, Timo Sirainen wrote: http://dovecot.org/releases/2.2/rc/dovecot-2.2.rc2.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.rc2.tar.gz.sig Looks like the last changes I did today just before rc1 release made it just about unusable. This one is actually running on my servers. :) Trying the dsync replication for the first time, and I am confused as to the intended purpose of the replication service. Is the dsync replication meant to replicate mails immediately upon submission to lmtp/lda and on change via IMAP/POP3, or is the replication_full_sync_interval the only configurable for determining when the replication will occur? Maybe a better question is there any documentation on dsync replication (could not find any)? I am using Michael Grimm's configuration from this discussion http://www.mail-archive.com/dovecot@dovecot.org/msg50158.html for testing.
[Dovecot] METADATA / ANNOTATE extensions
According to the roadmap http://wiki2.dovecot.org/Roadmap implementation of the METADATA / ANNOTATE extensions is fairly high on the list. I was just curious if there is a target release in mind for this functionality?
[Dovecot] Anyone using dovecot obox?
Just looking for some input from other users of the obox (object storage) backend from dovecot.fi. - What challenges/problem were you trying to overcome/solve by using obox? - What kind of architecture did you deploy using obox? (e.g. distributed object storage for performance, or distributed for availability, geographic distribution of email services, etc.) - What complexities, single points of failure, documentation omissions can you highlight having deployed the obox storage architecture? - Did the obox backend support your email services as well as you expected or more? - How was your interaction with Doveoct.fi? Thanks in advance.
[Dovecot] IMAP session state inconsistent
Running Dovecot 1.2.12 (we are in the process of upgrading to 2.1.x) Didn't find much in old threads, but we are seeing the following in the logs this morning: dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, lip=y.y.y.y dovecot: IMAP(wajabrun): Disconnected: IMAP session state is inconsistent, please relogin. bytes=443/1146 dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, lip=y.y.y.y dovecot: IMAP(wajabrun): Disconnected: IMAP session state is inconsistent, please relogin. bytes=561/1637 dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, lip=y.y.y.y dovecot: IMAP(wajabrun): file_dotlock_open() failed with file /mail/w/a/wajabrun/Maildir/.INBOX.02 ORDERS.Gaiam/dovecot.index.log: No such file or directory dovecot: IMAP(wajabrun): file_dotlock_open() failed with file /mail/w/a/wajabrun/Maildir/.INBOX.02 ORDERS.Gaiam/dovecot.index.log: No such file or directory Not sure what to make of this sequence?
Re: [Dovecot] No failover from director to backend?
On 10/21/12 2:43 PM, Daniel Parthey wrote: Patrick Westenberg wrote: Is there no built in failover mechanism for the director service to handle a backend failure? No, the director's job is to keep a hash table and direct the connection for each user to its associated backend. Currently, there is no built-in backend monitoring. In order to handle maintenance of backends, you will need the poolmon daemon, which enables/disables backends in the director depending on their availability: https://github.com/brandond/poolmon Regards Daniel Considering the intention of the director was to alleviate locking issues in a shared storage environment are there any current solutions to improving the scalability/availability of Dovecot by implementing an alternative message storage systems such as nosql or maybe object storage that could abstract away the complexity of replicating data? We would love to finally have the ability to set our mail cluster on top of a storage subsystem that can span multiple geographic regions and do away with the NFS backend.
[Dovecot] Dsync clustering
I have not seen mention of using dsync for clustering Dovecot in some time on the mailing list, but I believe Timo was going to write a wiki page when v2.2 became more mature. Does this documentation exist yet, or are there any resources on what dsync replication is capable of at this point (looking on the wiki and google didn't reveal much)? Thank in advance.
Re: [Dovecot] LMTP userdb lookup
On 10/4/12 9:58 AM, Timo Sirainen wrote: On 4.10.2012, at 17.41, l...@airstreamcomm.net wrote: protocol lmtp { userdb { .. } } protocol !lmtp { userdb { .. } } Forgot to mention I am running 2.0.17. The above works in v2.1. And I am getting the following error: auth: Fatal: No passdbs specified in configuration file. PLAIN mechanism needs one From a previous post it appears that Dovecot cannot run without a global lookups specified: http://www.dovecot.org/list/dovecot/2012-March/064407.html Per the suggestion in the old post I created an empty passwdfile and included it in the auth-passwdfile which seems to have alleviated the issue, however this seems like a sub-optimal solution. Is this still the case, or is there a way to tell Dovecot that there is no global lookups? The !lmtp version avoids that fatal problem. So the solution is: upgrade. Timo, I upgraded to 2.1 and configured as recommended, however I am still getting an error: auth: Fatal: No passdbs specified in configuration file. PLAIN mechanism needs one Doveconf -n: # 2.1.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.5.2.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_debug = yes auth_verbose = yes disable_plaintext_auth = no mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } } ssl_cert = /etc/pki/dovecot/certs/mail.crt ssl_key = /etc/pki/dovecot/private/mail.key protocol !lmtp { passdb { args = /etc/dovecot/imappop.conf.ext driver = sql } userdb { args = /etc/dovecot/imappop.conf.ext driver = sql } } protocol lmtp { passdb { args = /etc/dovecot/lmtp.conf.ext driver = sql } userdb { args = /etc/dovecot/lmtp.conf.ext driver = sql } }
Re: [Dovecot] lmtp proxy logging
On 10/12/12 2:40 AM, Timo Sirainen wrote: On 10.10.2012, at 17.37, Jack Bates wrote: The logging on lmtp and lmtp proxy is pretty limited from what I can see. It seems to handle errors, Connect, Disconnect, and in the case of lmtp delivery, it logs where an email is saved to. The lmtp may be enough, connect, saved user, saved user..., disconnect, but I was curious if it is worth while to add more info logging for the proxy, primarily which recipients are sent to which proxy. I was thinking of local patching it, but I'll generate up something more inline with official code if it is desired. My thought is to show 1 entry for each recipient, and the destination server chosen. If I recall correctly, the proxy code doesn't actually listen in on the conversation, so logging results would probably complicate the code. I don't think this would be difficult to implement. Probably just a few lines of code. Yeah, could be useful. +1 for adding this detail to logging for LMTP.
Re: [Dovecot] LMTP userdb lookup
On 10/3/12 3:58 PM, Timo Sirainen wrote: On 3.10.2012, at 22.26, l...@airstreamcomm.net wrote: Is it possible to have separate userdb lookups for LMTP and POP/IMAP? protocol lmtp { userdb { .. } } protocol !lmtp { userdb { .. } } Forgot to mention I am running 2.0.17. I separated all the userdb passdb lookups into their own protocol configuration like so: protocol imap { userdb { .. } passdb { .. } } protocol pop3 { userdb { .. } passdb { .. } } protocol lmtp { userdb { .. } } And I am getting the following error: auth: Fatal: No passdbs specified in configuration file. PLAIN mechanism needs one From a previous post it appears that Dovecot cannot run without a global lookups specified: http://www.dovecot.org/list/dovecot/2012-March/064407.html Per the suggestion in the old post I created an empty passwdfile and included it in the auth-passwdfile which seems to have alleviated the issue, however this seems like a sub-optimal solution. Is this still the case, or is there a way to tell Dovecot that there is no global lookups?
[Dovecot] LDA vs LMTP index files
In the docs it states that LDA ...takes mail from anMTAand delivers it to a user's mailbox, while keeping Dovecot index files up to date. I am wondering if LMTP also interacts with the Dovecot index files and keeps them up to date?
[Dovecot] LMTP userdb lookup
Is it possible to have separate userdb lookups for LMTP and POP/IMAP?
Re: [Dovecot] MySQL dict issues
On 7/17/12 7:59 AM, Timo Sirainen wrote: On 11.7.2012, at 21.10, l...@airstreamcomm.net wrote: Testing using the mysql dict for quota storage (dovecot-2.0.12-2_127.el5), and ran into a couple issues. First is a permissions issue: dovecot: lmtp(26786, d...@test.tld): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000(unknown) egid=5000(unknown) missing +r perm: /var/run/dovecot/dict, euid is not dir owner) The file /var/run/dovecot/dict is listed with srw--- perms. I changes the perms to srwrwx and it works, but I would like to figure out how to configure properly to run with the uid and gid 5000 as this is the user for virtual mail. http://wiki2.dovecot.org/Dict explains this. It does indeed, thanks. The second issue is that two identical rows are created in the mysql database for each user quota. The next message delivered updates both rows. Identical? Or perhaps one is the number of bytes and the other is the number of messages? There were two rows being created for each username. My problem was that I forgot to create a PK on the username field, so there must be two operations on the database that create/update user information by dovecot that require that PK to keep it to one row. The last issue might be a documentation omission. Dovecot warned me that the mysql user did not have DELETE privileges on the quota table: dovecot: dict: Error: sql dict: commit failed: DELETE command denied to user 'user'@'a.b.c.d' for table 'domain_user_quotas' This is done when recalculating quota. The quota dict documentation (at http://wiki2.dovecot.org/Quota/Dict) does not mention DELETE being needed: Updated. Thanks!
[Dovecot] MySQL dict issues
Testing using the mysql dict for quota storage (dovecot-2.0.12-2_127.el5), and ran into a couple issues. First is a permissions issue: dovecot: lmtp(26786, d...@test.tld): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000(unknown) egid=5000(unknown) missing +r perm: /var/run/dovecot/dict, euid is not dir owner) The file /var/run/dovecot/dict is listed with srw--- perms. I changes the perms to srwrwx and it works, but I would like to figure out how to configure properly to run with the uid and gid 5000 as this is the user for virtual mail. The second issue is that two identical rows are created in the mysql database for each user quota. The next message delivered updates both rows. Here is my quota config: 90-quota.conf: plugin { quota_rule = *:storage=10G quota_rule2 = Trash:storage=+10% } plugin { quota = dict:user::proxy::userquota } dict { userquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } dovecot-dict-sql.conf.ext: connect = host=a.b.c.d dbname=mail user=user password=derp map { pattern = priv/quota/storage table = domain_user_quotas username_field = username value_field = bytes } map { pattern = priv/quota/messages table = domain_user_quotas username_field = username value_field = message_count } The last issue might be a documentation omission. Dovecot warned me that the mysql user did not have DELETE privileges on the quota table: dovecot: dict: Error: sql dict: commit failed: DELETE command denied to user 'user'@'a.b.c.d' for table 'domain_user_quotas' The quota dict documentation (at http://wiki2.dovecot.org/Quota/Dict) does not mention DELETE being needed: MySQL uses the following queries to update the quota. You need suitable privileges. INSERT INTO table (bytes,username) VALUES ('112497180','f...@spam.dom') ON DUPLICATE KEY UPDATE bytes='112497180'; INSERT INTO table (messages,username) VALUES ('1743','f...@spam.dom') ON DUPLICATE KEY UPDATE messages='1743'; UPDATE table SET bytes=bytes-14433,messages=messages-2 WHERE username = 'f...@spam.dom';
Re: [Dovecot] Dsync replication
On 7/5/12 10:08 PM, Костырев Александр Алексеевич wrote: use the search, Luke) http://www.dovecot.org/list/dovecot/2012-March/064512.html this thread was all that I needed to setup replication for testing. -Original Message- From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On Behalf Of l...@airstreamcomm.net Sent: Friday, July 06, 2012 3:28 AM To: dovecot@dovecot.org Subject: [Dovecot] Dsync replication I have been loosely following discussions dsync replication, but I am wondering if this tool still in a testing phase or has it been committed as a production part of Dovecot? I would like to do some testing with the protocol to see if it's capable of handling the change rate our mail service generates, which has about 23,000 active users. We are trying to find solutions for a two site setup where mail processing is either being done at the primary data center A and fails over to a hot standby cluster at the secondary data center B, or where both data centers are doing active processing. I have been unable to find documentation on dsync replication on the wiki, so if there is any documentation available on how to setup dsync replication I would appreciate a nudge in the right direction. Thanks, that certainly helps identify the configuration options. However I am more concerned about the experiences of others who have actually used the replication. What is the rate of change on your mail cluster, how many concurrent users do you support with replication enabled, do you use synchronous or asynchronous replication, are you using it in an active/active or active/passive state, is it possible to have a cluster with multiple servers at each site hosting the same mail data, does dysnc replication scale well (10,000 - 100,000 - 1,000,000 users)? Just trying to get a good feel for whether dsync replication is capable of handling the use case I am proposing before investing too much time in testing it.
Re: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing maildirs)
Great information, thank you. Could you remark on GPFS services hosting mail storage over a WAN between two geographically separated data centers? - Reply message - From: Jan-Frode Myklebust janfr...@tanso.net To: Stan Hoeppner s...@hardwarefreak.com Cc: Timo Sirainen t...@iki.fi, dovecot@dovecot.org Subject: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing maildirs) Date: Tue, Jan 3, 2012 2:14 am On Sat, Dec 31, 2011 at 01:54:32AM -0600, Stan Hoeppner wrote: Nice setup. I've mentioned GPFS for cluster use on this list before, but I think you're the only operator to confirm using it. I'm sure others would be interested in hearing of your first hand experience: pros, cons, performance, etc. And a ball park figure on the licensing costs, whether one can only use GPFS on IBM storage or if storage from others vendors is allowed in the GPFS pool. I used to work for IBM, so I've been a bit uneasy about pushing GPFS too hard publicly, for risk of being accused of being biased. But I changed job in November, so now I'm only a satisfied customer :-) Pros: Extremely simple to configure and manage. Assuming root on all nodes can ssh freely, and port 1191/tcp is open between the nodes, these are the commands to create the cluster, create a NSD (network shared disks), and create a filesystem: # echo hostname1:manager-quorum NodeFile # manager means this node can be selected as filesystem manager # echo hostname2:manager-quorum NodeFile # quorum means this node has a vote in the quorum selection # echo hostname3:manager-quorum NodeFile # all my nodes are usually the same, so they all have same roles. # mmcrcluster -n NodeFile -p $(hostname) -A ### sdb1 is either a local disk on hostname1 (in which case the other nodes will access it over tcp to ### hostname1), or a SAN-disk that they can access directly over FC/iSCSI. # echo sdb1:hostname1::dataAndMetadata:: DescFile # This disk can be used for both data and metadata # mmcrnsd -F DescFile # mmstartup -A # starts GPFS services on all nodes # mmcrfs /gpfs1 gpfs1 -F DescFile # mount /gpfs1 You can add and remove disks from the filesystem, and change most settings without downtime. You can scale out your workload by adding more nodes (SAN attached or not), and scale out your disk performance by adding more disks on the fly. (IBM uses GPFS to create scale-out NAS solutions http://www-03.ibm.com/systems/storage/network/sonas/ , which highlights a few of the features available with GPFS) There's no problem running GPFS on other vendors disk systems. I've used Nexsan SATAboy earlier, for a HPC cluster. One can easily move from one disksystem to another without downtime. Cons: It has it's own page cache, staticly configured. So you don't get the all available memory used for page caching behaviour as you normally do on linux. There is a kernel module that needs to be rebuilt on every upgrade. It's a simple process, but it needs to be done and means we can't just run yum update ; reboot to upgrade. % export SHARKCLONEROOT=/usr/lpp/mmfs/src % cp /usr/lpp/mmfs/src/config/site.mcr.proto /usr/lpp/mmfs/src/config/site.mcr % vi /usr/lpp/mmfs/src/config/site.mcr # correct GPFS_ARCH, LINUX_DISTRIBUTION and LINUX_KERNEL_VERSION % cd /usr/lpp/mmfs/src/ ; make clean ; make World % su - root # export SHARKCLONEROOT=/usr/lpp/mmfs/src # cd /usr/lpp/mmfs/src/ ; make InstallImages To this point IIRC everyone here doing clusters is using NFS, GFS, or OCFS. Each has its downsides, mostly because everyone is using maildir. NFS has locking issues with shared dovecot index files. GFS and OCFS have filesystem metadata performance issues. How does GPFS perform with your maildir workload? Maildir is likely a worst case type workload for filesystems. Millions of tiny-tiny files, making all IO random, and getting minimal controller read cache utilized (unless you can cache all active files). So I've concluded that our performance issues are mostly design errors (and the fact that there were no better mail storage formats than maildir at the time these servers were implemented). I expect moving to mdbox will fix all our performance issues. I *think* GPFS is as good as it gets for maildir storage on clusterfs, but have no number to back that up ... Would be very interesting if we could somehow compare numbers for a few clusterfs'. I believe our main limitation in this setup is the iops we can get from the backend storage system. It's hard to balance the IO over enough RAID arrays