Re: Dual certificate

[l...@airstreamcomm.net]

Google multi domain certificates.  Comodo sells a multi domain wild card 
certificate that we use to host multiple SSL domains on dovecot and postfix 
successfully.  You install the single certificate and reissue and reinstall 
after adding a new domain.

> On Mar 2, 2016, at 2:02 AM, Jean-Baptiste Vignaud  wrote:
> 
> Hello all;
> 
> 
> Is anyone knows if it's possible to have a dual certificate setup on
> dovecot like in postfix or apache ?
> 
> i tried to add several crts in local name section  :
> 
> local_name imap.server.tdl {
> ssl_cert =  ssl_key =  ssl_cert =  ssl_key =  }
> 
> but it seems that dovecot takes the last one (ecdsa) and that rsa cert is
> not used.
> 
> 
> to check if booth are working, i check with openssl:
> 
> openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
> imap -servername imap.server.tdl  -cipher ECDHE-RSA-AES128-GCM-SHA256 for
> rsa
> 
> and
> 
> openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
> imap -servername imap.server.tdl  -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for
> ecdsa
> 
> In apache we have to duplicate the cert / key lines one for rsa, one for
> edcda.
> 
> In postfix, we have some specific ecdsa conf keys.
> 
> So is there a way to do the same in dovecot ?
> 

Re: Dovecot cluster using GlusterFS

[l...@airstreamcomm.net]

We ran a load test using glusterfs and were able to deliver mail (I can't 
remember specifically how much per second, maybe 100 messages per second?) 
without any issues.  We did use the glusterfs fuse client and not nfs, and used 
regular maildir.  We developed a mail bot cluster that would deliver mail, and 
simultaneously receive and delete it with pop and IMAP and we ran into zero 
issues.  We even had the replicas stretched between two datacenters.  Not sure 
what the difference here is but it can be done.



> On Dec 5, 2015, at 3:42 AM, Filip Pytloun  wrote:
> 
> Hello,
> 
> I have recently setup mailserver solution using 2-node master-master
> setup (mainly based on MySQL M-M replication and GlusterFS with 2
> replica volume) on Ubuntu 14.04 (Dovecot 2.2.9).
> 
> Unfortunately even with shared-storage-aware setting:
> 
> mail_nfs_index = yes
> mail_nfs_storage = yes
> mail_fsync = always
> mmap_disable = yes
> 
> ..I have hit strange issues pretty soon especially when user was
> manipulating same mailbox from multiple devices at the same time.
> 
> Most issues was about corrupted indexes which was solved easily by just
> putting them on local storage of each node:
> 
> mail_location = maildir:/srv/mail/%d/%u:INDEX=/var/lib/dovecot/index/%d/%u
> 
> But I still hit issues like this one:
> 
> dovecot: lmtp(6276, u...@example.com): Error: Broken file 
> /srv/mail/example.com/u...@example.com/dovecot-uidlist line 8529: UIDs not 
> ordered (8527 >= 8527)
> 
> Which I am not sure how serious it is or if it's possible to solve or
> workaround?
> 
> Anyway because of the above and high possibility of GlusterFS
> split-brains, I have decided to setup Dovecot Director according to the
> docs [1] but I have a couple of questions:
> 
> - is custom monitoring still required? Poolmon [2] is 4 year old so I
>  would suppose there's some progress since that?
> 
> - it's not possible to have same backends and directors in Dovecot
>  <2.2.17. I can backport newer Dovecot for Ubuntu Trusty, so this is
>  not an issue, but..
> 
> - documentation states that it still doesn't work for LMTP [3]?
>  Which is probably important for my setup, because both Postfix servers
>  are using dovecot-lmtp for mail delivery so there can be still some
>  issues (but probably less frequent?) when both servers will deliver
>  new mails for one user at once.
>  So do I really have to split directors from backends?
> 
> 
> Anyone has experience with clustered Dovecot setup?
> Why is Dovecot behaving so bad when it pretends to be shared storage
> friendly? Are these issues only specific for older Dovecot?
> Or is there something wrong in my architecture design?
> 
> Thanks for any help,
> Filip
> 
> 
> ---
> [1] http://wiki2.dovecot.org/Director
> [2] https://github.com/brandond/poolmon/
> [3] "LMTP however doesn't currently support mixing recipients to both
> being proxied and store locally."
> 
> ---
> BTW if someone is interested in SaltStack, here are Salt formulas for
> Dovecot + Postfix + GlusterFS + Roundcube + Mailman setup which we are
> using:
> 
> https://github.com/tcpcloud/salt-formula-dovecot
> https://github.com/tcpcloud/salt-formula-postfix
> https://github.com/tcpcloud/salt-formula-roundcube
> https://github.com/tcpcloud/salt-formula-glusterfs

Re: Calendar and address book with Dovecot

[l...@airstreamcomm.net]

We tried radicale, it didn't work at all as we found out the db support was 
completely broken.



 On Apr 9, 2015, at 12:34 PM, Dominik Breu domi...@dominikbreu.de wrote:
 
 Hello,
 
 if you don't depend on a fancy webinterface give http://radicale.org/ a
 shot you can auth users aganst your imap server.
 
 greets
 
 Am Donnerstag, den 09.04.2015, 17:46 +0100 schrieb mimic...@gmail.com:
 Hi all
 
 I recently install Postfix and Dovecot, and so far so good. My assumption
 was that calendar and address book (similar to Gmail calendar or address
 book) are part of Dovecot. However I do not see anything concerning them in
 any of the docs I have read so far.
 
 What other software (ideally open source, free) do I need in other to have
 Calendar and address book so my users can manage their contact on their
 phones or computer? I have looked at Roundcube already, but my requirement
 is not necessarily to provide web mail.
 
 Thanks
 
 Mimi
 

Re: Calendar and address book with Dovecot

[l...@airstreamcomm.net]

On Apr 9, 2015, at 12:24 PM, Robert Schetterer r...@sys4.de wrote:
 
 Am 09.04.2015 um 18:46 schrieb mimic...@gmail.com:
 Hi all
 
 I recently install Postfix and Dovecot, and so far so good. My assumption
 was that calendar and address book (similar to Gmail calendar or address
 book) are part of Dovecot. However I do not see anything concerning them in
 any of the docs I have read so far.
 
 What other software (ideally open source, free) do I need in other to have
 Calendar and address book so my users can manage their contact on their
 phones or computer? I have looked at Roundcube already, but my requirement
 is not necessarily to provide web mail.
 
 Thanks
 
 Mimi
 
 cal/card dav may come in dovecot
 
 
 http://www.dovecot.org/talks/berlin-20140513.pptx.pdf
 
 ...
 Future:
  Random
  New
  Stuff
 
 CalDAV
 CardDAV
 
 Can’t
  fall
  behind
  Cyrus
 
 meanwhile you need another solution
 i.e horde webmail acts as cal/card dav ,active sync , syncml server
 
 http://en.wikipedia.org/wiki/CalDAV
 http://en.wikipedia.org/wiki/CardDAV
 http://en.wikipedia.org/wiki/ActiveSync
 http://en.wikipedia.org/wiki/SyncML
 
 
 
 Best Regards
 MfG Robert Schetterer
 
 -- 
 [*] sys4 AG
 
 http://sys4.de, +49 (89) 30 90 46 64
 Franziskanerstraße 15, 81669 München
 
 Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
 Vorstand: Patrick Ben Koetter, Marc Schiffbauer
 Aufsichtsratsvorsitzender: Florian Kirstein
 


The notion that dovecot needs to stay just an IMAP server is ridiculous.  I 
thoroughly encourage it to grow into a fully featured and open source messaging 
and groupware system.  This is great news!

Re: replication - more than 2 servers?

[l...@airstreamcomm.net]

Dovecot replication will never scale until it implements some form of token 
ring topology where data is sharded.  You should look at obox plugin for 
dovecot and some form of S3 compatible storage that can be available in 
multiple data centers.  We are using (pithos.io) and the Cassandra database to 
backend a test cluster with good results between two data centers.  This could 
potentially scale infinitely if that's what you need.  



 On Dec 16, 2014, at 2:39 PM, Reindl Harald h.rei...@thelounge.net wrote:
 
 
 Am 16.12.2014 um 21:13 schrieb Ron Cleven:
 We tested dovecot for a fair amount of time and decided finally to put
 it into production under CentOS 7 (we are running 2.2.10).  I just
 joined the list, so I apologize for what is probably a question that has
 been answered many times, but I was wondering if there are any plans to
 implement replication among 3 or more servers (all masters, as with
 2)?  As best as I can tell, replication seems to be limited to 2
 servers, and it is not obvious to me even how more than 2 would be
 supported syntactically in the configs.  That is, what might be an
 example of the mail_replica clauses if such a thing was supported?
 
 if you *really* have that large number of users and load you should split 
 them to different servers (replicated server pairs) because you end in 
 replication overhead eating away all the benefits otherwise
 
 master-master replication independent of the software is somehow limited by 
 phyiscs (delays, replication traffic, replication I/O) and can't scale endless
 

Re: [Dovecot] Dovecot Failover

[l...@airstreamcomm.net]

On 4/19/13 2:49 AM, Timo Sirainen wrote:

On 19.4.2013, at 10.43, Timo Sirainen t...@iki.fi wrote:


On 19.4.2013, at 9.59, Nikolaos Milas nmi...@noa.gr wrote:


Assuming we have two (low traffic) servers (on different data centers) 
replicated using dsync, what is the best way to automatically direct users to 
the main server when it is up and to the redundant one when the main server is 
down?

Using DNS? I've seen that DNS-based failover has generally issues (for example: 
http://serverfault.com/questions/60553/why-is-dns-failover-not-recommended, 
which is informative although it refers to web servers).

BTW. I'm kind of hoping that if dsync replication becomes more commonly used 
with people commonly setting up two A records for the IMAP server, the IMAP 
clients would evolve to support this by trying out all the listed IPs. Web 
browsers already do this nowadays (and that's why I think your URL is a bit out 
of date).




If DNS were the preferred method for load balancing IMAP/POP3 (or 
others) I would recommend the clients begin supporting SRV records as 
they were specifically designed to handle this kind of scenario.

Re: [Dovecot] v2.2.0 released

[l...@airstreamcomm.net]

On 4/15/13 11:16 AM, Timo Sirainen wrote:

On 15.4.2013, at 18.55, l...@airstreamcomm.net wrote:


Does the new obox plugin support any of the open source object storage systems 
such as openstack, glusterfs, or ceph?  From your store site it does not appear 
so.

Glusterfs isn't really object storage (unless they've changed since I last 
looked at them), and it already more or less works with Dovecot using the 
existing mailbox formats. Except last I heard it still caused index file 
corruption.

Openstack Swift support is coming. There's a half-working version of it 
already, would need just a day or two to finish it up.

I haven't looked at Ceph closely yet, but it would be nice to support it as 
well.

obox can also be used with a regular POSIX filesystem, although it loses the prefetching 
capabilities then. So it could be used with e.g. Glusterfs or NFS to provide an efficient 
local cache. I've also thought about trying out if prefetching could be done by creating 
new diskio processes with a ton of threads doing the actual disk I/O.




Timo, Riak CS is S3 compatible.  Just curious if you have tested with 
Riak CS (especially the multi-data center implementation).

Re: [Dovecot] v2.2.0 released

[l...@airstreamcomm.net]

On 4/12/13 12:33 PM, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz.sig

Everything now seems to be stable and working in v2.2, so I can finally
move onto developing great new interesting features for v2.3. :)

My company has also launched a web shop where you can buy various
products. One of them is cheap access to Dovecot enterprise edition
repositories, which are basically same as regular Dovecot releases,
except they are kept patched with the latest important bugfixes. We
currently have releases for RHEL/CentOS 5 and 6, Debian Squeeze and
Ubuntu 12.04 LTS. By buying Dovecot-EE you'll also get a 30 day demo
license for object storages, if you want to try it out.
http://shop.dovecot.fi/

* When creating home directories, the permissions are copied from the
  parent directory if it has setgid-bit set. For full details, see
  http://wiki2.dovecot.org/SharedMailboxes/Permissions
* doveadm auth command was renamed to doveadm auth test
* IMAP: ID command now advertises server name as Dovecot by default.
  It was already trivial to guess this from command replies.
* dovecot.index.cache files can be safely accessed only by v2.1.11+.
  Older versions may think they're corrupted and delete them.
* LDA/LMTP: If saving a mail brings user from under quota to over
  quota, allow it based on quota_grace setting (default: 10%
  above quota limit).
* pop3_lock_session=yes now uses a POP3-only dovecot-pop3-session.lock
  file instead of actually locking the mailbox (and causing
  IMAP/LDA/LMTP to wait for the POP3 session to close).
* mail_shared_explicit_inbox setting's default switched to no.
* ssl_client_ca_dir setting replaced imapc_ssl_ca_dir and
  pop3c_ssl_ca_dir settings.

+ Implemented IMAP MOVE and BINARY extensions
+ Implemented IMAP CATENATE, URLAUTH and URLAUTH=BINARY extensions
  (by Stephan Bosch).
+ Implemented IMAP NOTIFY extension. Requires mailbox_list_index=yes
  to be enabled.
+ Redesigned and rewritten dsync. The new design makes the syncing
  faster, more reliable and more featureful. The new dsync protocol
  isn't backwards compatible with old dsync versions (but is designed
  to be forwards compatible with future versions).
+ All mailbox formats now support per-user message flags for shared
  mailboxes by using a private index. It can be enabled by adding
  :INDEXPVT=path to mail location. This should be used instead of
  :INDEX also for Maildir/mbox to improve performance.
+ Improved mailbox list indexes. They should be usable now, although
  still disabled by default.
+ Added LAYOUT=index. The mailbox directories are created using their
  GUIDs in the filesystem, while the actual GUID - name mapping
  exists only in the index.
+ LMTP proxy: Implemented XCLIENT extension for passing remote IP
  address through proxy.




Does the new obox plugin support any of the open source object storage 
systems such as openstack, glusterfs, or ceph?  From your store site it 
does not appear so.

Re: [Dovecot] Please help to make decision

[l...@airstreamcomm.net]

On 3/24/13 11:12 AM, Tigran Petrosyan wrote:

Hi
We are going to implement the Dovecot for 1 million users. We are going
to use more than 100T storage space. Now we examine 2 solutions NFS or GFS2
via (Fibre Channel storage).
Can someone help to make decision? What kind of storage solution we can use
to achieve good performance and scalability.

NFS has worked well for us on a 65,000 user Dovecot cluster.  We use a 
dual controller NetApp in cluster mode which give great performance.  
You might also consider looking at the commercial version of Dovecot 
which has the Object Storage plugin, which might suit your scalability 
needs much better (size and especially budget wise).  I would also 
recommend testing with actual work loads similar to what you plan on 
implementing.  Our team developed a mail generating botnet in which we 
ran SMTP/IMAP/POP tests where we could control levels of each.

Re: [Dovecot] Integrating with Drupal SQL db

[l...@airstreamcomm.net]

On 3/11/13 10:54 PM, i...@stos.se wrote:

Hi again,

this is what I've found regarding how Drupal 7 hashes.

$hash = md5($salt . $password, TRUE);
do {
 $hash = md5($hash . $password, TRUE);
} while (--$count);


The whole final hash value is encoded into 16 base64 characters and
prepended by an identifying string, the standard phpass MD5 mode uses $P$
(Drupal’s modified version uses $S$ to indicate SHA-512) and a single
base64 character to indicate the number of MD5 iterations used. Examples of
a hashed password are:

# Drupal 7 hash
$S$CgwilRJS4VIF1.2y0R7B4qkXJ8F8SJPcuvXRKGlMWESVXMST.5n4

WordPress 3.0.4 uses the phpass default of 8193 iterations ($count being
8192) and Drupal 7 uses 16385 — notice that the Drupal password has C
after the identifier whereas WordPress has B, converted from crypt style
base64 (character set [./0-9A-Za-z]) these are 14 and 13 respectively, then
take 214 + 1 = 16385. A John the Ripper benchmark, after patching and
enabling the usage of phpass portable passwords (WordPress style, 8193
iterations), quotes approximately 700 passwords checked per second.

Can I use this inforamtion to make Dovecot understand how to interpret the
hash?

Thanks!

Regards
Tobias

On Mon, 11 Mar 2013 14:00:22 -0500, l...@airstreamcomm.net
l...@airstreamcomm.net wrote:

On 3/11/13 11:57 AM, i...@stos.se wrote:

Hi

I'm trying to get Dovecot to use Drupal users password for

authenticating

IMAP users. But I just cant figure out how to make Dovecot understand

the

password hash type that Drupal 7 is using.

My example user with password Teacher1 looks like this in Drupal
database:
$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU

Dovecot retrieves this hash but complains that its not a recognized hash
type, or that the hash is wrong, depending on if I change the default
hash
type in Dovecot config.

Any help appreciated.


root@SSiS:/etc/postfix# dovecot --version
1.2.15
root@SSiS:/etc/postfix# dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:/home/vmail/
mbox_write_locks: fcntl dotlock
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
  driver: pam
passdb:
  driver: sql
  args: /etc/dovecot/dovecot-sql.conf
userdb:
  driver: passwd
root@SSiS:/etc/postfix#
root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$'
/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu
default_pass_scheme = CRYPT
password_query = SELECT name AS user, pass AS password FROM users WHERE
name='%n'
user_query = SELECT
CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/')
AS
mail FROM users WHERE name='%n'
root@SSiS:/etc/postfix# tail /var/log/mail.log
Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection:
pid=8593
Mar 11 16:17:51 SSiS dovecot: auth(default): client in:


AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx

Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): lookup service=dovecot
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password:
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication
failure
(password mismatch?) (given password: Teacher1)
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password
FROM
users WHERE name='Teacher1'
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): Password mismatch
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):

md5_verify(Teacher1):

Not a valid MD5-CRYPT or PLAIN-MD5 password
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): CRYPT(Teacher1) !=
'$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU'
Mar 11 16:17:56 SSiS dovecot: auth(default): client out:
FAIL#0111#011user=Teacher1
Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, secured
Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection:
pid=9075
Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
root@SSiS:/etc/postfix#



As far as I understand Drupal uses salted passwords, so you would need
to return the password + salt in the sql query.  I am not sure what
position the salt is offset for a password with Drupal, but that should
be simple

Re: [Dovecot] Integrating with Drupal SQL db

[l...@airstreamcomm.net]

On 3/11/13 11:57 AM, i...@stos.se wrote:

Hi

I'm trying to get Dovecot to use Drupal users password for authenticating
IMAP users. But I just cant figure out how to make Dovecot understand the
password hash type that Drupal 7 is using.

My example user with password Teacher1 looks like this in Drupal database:
$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU

Dovecot retrieves this hash but complains that its not a recognized hash
type, or that the hash is wrong, depending on if I change the default hash
type in Dovecot config.

Any help appreciated.


root@SSiS:/etc/postfix# dovecot --version
1.2.15
root@SSiS:/etc/postfix# dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:/home/vmail/
mbox_write_locks: fcntl dotlock
auth default:
   verbose: yes
   debug: yes
   debug_passwords: yes
   passdb:
 driver: pam
   passdb:
 driver: sql
 args: /etc/dovecot/dovecot-sql.conf
   userdb:
 driver: passwd
root@SSiS:/etc/postfix#
root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$'
/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu
default_pass_scheme = CRYPT
password_query = SELECT name AS user, pass AS password FROM users WHERE
name='%n'
user_query = SELECT
CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS
mail FROM users WHERE name='%n'
root@SSiS:/etc/postfix# tail /var/log/mail.log
Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593
Mar 11 16:17:51 SSiS dovecot: auth(default): client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): lookup service=dovecot
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password:
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure
(password mismatch?) (given password: Teacher1)
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM
users WHERE name='Teacher1'
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): Password mismatch
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1):
Not a valid MD5-CRYPT or PLAIN-MD5 password
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): CRYPT(Teacher1) !=
'$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU'
Mar 11 16:17:56 SSiS dovecot: auth(default): client out:
FAIL#0111#011user=Teacher1
Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, secured
Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075
Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
root@SSiS:/etc/postfix#


As far as I understand Drupal uses salted passwords, so you would need 
to return the password + salt in the sql query.  I am not sure what 
position the salt is offset for a password with Drupal, but that should 
be simple to determine looking at the source.

Re: [Dovecot] Real-time sync using dsync

[l...@airstreamcomm.net]

On 2/27/13 3:10 PM, Timo Sirainen wrote:

On 27.2.2013, at 21.19, Nikolaos Milas nmi...@noa.gr wrote:


Any suggestions?

I am looking for a solution that would work in creating a failover cluster with 
two nodes, utilizing (two) CentOS 6 VMs, each on a different data center; this 
requirement makes technologies like drbd unusable (due to the inherent lack of 
complete link reliability between the two nodes).

I was thinking that dsync might be a good foundation for such scenarios.

dsync was meant exactly for that kind of replication. For a relatively few 
number of users this should work well (minus the initial bugs until they get 
all fixed). It's a little bit heavy operation to run dsync for each small 
change though, so I wouldn't necessarily use it for large systems. Then again 
it's mainly CPU usage, and Dovecot uses normally about 0% CPU, so maybe it's 
not so bad.

The other possibility that is more efficient and easier to scale to large 
systems is to use one of the scalable object storage backends and Dovecot's 
object storage plugin (commercial-only, available soon).

The idea behind both of these ways is to make it easy, cheap and reliable to do 
multi-datacenter replication for IMAP servers. None of the cluster filesystems 
can do that.


Timo, has this been tested on large systems yet?  I plan on hammering a 
two node dsync cluster running 2.2rc2 (each node is 100 miles apart in a 
different data center connected via 10gb ring) with a SMTP/IMAP/POP 
generating bot cluster we have in our test network to see how well it 
scales.  I will update with my findings next week when I get a chance to 
work on it.  I have to +1 Nikolaos' sentiment for a geographically 
distributed mail cluster, we have been hoping for a Dovecot solution to 
this problem for the last few years.

Re: [Dovecot] v2.2.rc2 released

[l...@airstreamcomm.net]

On 2/26/13 12:56 AM, Michael Grimm wrote:

On 2013-02-25 22:57, l...@airstreamcomm.net wrote:


Trying the dsync replication for the first time, and I am confused as
to the intended purpose of the replication service.  Is the dsync
replication meant to replicate mails immediately upon submission to
lmtp/lda and on change via IMAP/POP3,


Yes.


or is the replication_full_sync_interval the only configurable for
determining when the replication will occur?


No.

Timo, correct me if I am mistaken, but that keyword will tell the 
replication system when to apply a dsync -f aka running in full 
sync mode at latest.



Maybe a better question is there any documentation on dsync replication
(could not find any)?


http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html
http://www.dovecot.org/img/dsync-director-replication-ssh.png
http://www.dovecot.org/img/dsync-director-replication.png

http://www.google.com/url?sa=trct=jq=source=webcd=1cad=rjaved=0CDMQFjAAurl=http%3A%2F%2Fwww.linuxtag.org%2F2012%2Ffileadmin%2Fwww.linuxtag.org%2Fslides%2FTimo%2520Sirainen%2520-%2520What_s%2520new%2520in%2520Dovecot_.p269.pdfei=N1csUcqsLoTJsgbKuYD4CQusg=AFQjCNGoN4PBs-8lVYy1Gi_Dor03-n5tfQbvm=bv.42965579,d.Yms 


(Sorry for the long link)

HTH,
Michael


Thanks for the information Michael.  I must be configuring this 
incorrectly as the replication is not occurring when messages are being 
delivered via LMTP in my setup.  When I restart dovecot the messages are 
synced immediately, but not on delivery.


Here is my config:

# 2.2.rc2: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_debug = yes
auth_verbose = yes
mail_debug = yes
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
plugin {
  mail_replica = remote:vm...@mail2.clustertest.air
  replication_full_sync_interval = 1 hours
}
postmaster_address = r...@clustertest.air
service aggregator {
  fifo_listener replication-notify-fifo {
mode = 0600
user = vmail
  }
  unix_listener replication-notify {
mode = 0600
user = vmail
  }
}
service auth {
  unix_listener auth-userdb {
mode = 0777
  }
}
service config {
  unix_listener config {
user = vmail
  }
}
service doveadm {
  user = vmail
}
service lmtp {
  process_min_avail = 20
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
service replicator {
  process_min_avail = 1
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/certs/dovecot.pem
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

Re: [Dovecot] v2.2.rc2 released

[l...@airstreamcomm.net]

On 2/26/13 10:10 AM, Timo Sirainen wrote:

On 26.2.2013, at 17.58, l...@airstreamcomm.net wrote:


Thanks for the information Michael.  I must be configuring this incorrectly as 
the replication is not occurring when messages are being delivered via LMTP in 
my setup.  When I restart dovecot the messages are synced immediately, but not 
on delivery.

Here is my config:

You're missing:

mail_plugins = notify replication


Thanks Timo that did the trick.  Now say I have two clusters of dovecot 
servers in disparate data centers, each cluster has four nodes with 
shared NFS storage.  Would I be able to configure dsync replication so 
that messages hitting any server in either cluster would be replicated 
accordingly to the remote data center?

Re: [Dovecot] v2.2.rc2 released

[l...@airstreamcomm.net]

On 2/25/13 12:43 PM, Timo Sirainen wrote:

http://dovecot.org/releases/2.2/rc/dovecot-2.2.rc2.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.rc2.tar.gz.sig

Looks like the last changes I did today just before rc1 release made it
just about unusable. This one is actually running on my servers. :)



Trying the dsync replication for the first time, and I am confused as to 
the intended purpose of the replication service.  Is the dsync 
replication meant to replicate mails immediately upon submission to 
lmtp/lda and on change via IMAP/POP3, or is the 
replication_full_sync_interval the only configurable for determining 
when the replication will occur?  Maybe a better question is there any 
documentation on dsync replication (could not find any)?


I am using Michael Grimm's configuration from this discussion 
http://www.mail-archive.com/dovecot@dovecot.org/msg50158.html for testing.

[Dovecot] METADATA / ANNOTATE extensions

[l...@airstreamcomm.net]

According to the roadmap http://wiki2.dovecot.org/Roadmap implementation 
of the METADATA / ANNOTATE extensions is fairly high on the list.  I was 
just curious if there is a target release in mind for this functionality?

[Dovecot] Anyone using dovecot obox?

[l...@airstreamcomm.net]

Just looking for some input from other users of the obox (object 
storage) backend from dovecot.fi.


- What challenges/problem were you trying to overcome/solve by using obox?
- What kind of architecture did you deploy using obox? (e.g. distributed 
object storage for performance, or distributed for availability, 
geographic distribution of email services, etc.)
- What complexities, single points of failure, documentation omissions 
can you highlight having deployed the obox storage architecture?
- Did the obox backend support your email services as well as you 
expected or more?

- How was your interaction with Doveoct.fi?

Thanks in advance.

[Dovecot] IMAP session state inconsistent

[l...@airstreamcomm.net]

Running Dovecot 1.2.12 (we are in the process of upgrading to 2.1.x)

Didn't find much in old threads, but we are seeing the following in the 
logs this morning:


dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, 
lip=y.y.y.y
dovecot: IMAP(wajabrun): Disconnected: IMAP session state is 
inconsistent, please relogin. bytes=443/1146
dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, 
lip=y.y.y.y
dovecot: IMAP(wajabrun): Disconnected: IMAP session state is 
inconsistent, please relogin. bytes=561/1637
dovecot: imap-login: Login: user=wajabrun, method=PLAIN, rip=x.x.x.x, 
lip=y.y.y.y
dovecot: IMAP(wajabrun): file_dotlock_open() failed with file 
/mail/w/a/wajabrun/Maildir/.INBOX.02 ORDERS.Gaiam/dovecot.index.log: No 
such file or directory
dovecot: IMAP(wajabrun): file_dotlock_open() failed with file 
/mail/w/a/wajabrun/Maildir/.INBOX.02 ORDERS.Gaiam/dovecot.index.log: No 
such file or directory


Not sure what to make of this sequence?

Re: [Dovecot] No failover from director to backend?

[l...@airstreamcomm.net]

On 10/21/12 2:43 PM, Daniel Parthey wrote:

Patrick Westenberg wrote:

Is there no built in failover mechanism for the director service to
handle a backend failure?

No, the director's job is to keep a hash table and direct
the connection for each user to its associated backend.
Currently, there is no built-in backend monitoring.

In order to handle maintenance of backends, you will need the
poolmon daemon, which enables/disables backends in the director
depending on their availability:

https://github.com/brandond/poolmon

Regards
Daniel
Considering the intention of the director was to alleviate locking 
issues in a shared storage environment are there any current solutions 
to improving the scalability/availability of Dovecot by implementing an 
alternative message storage systems such as nosql or maybe object 
storage that could abstract away the complexity of replicating data?  We 
would love to finally have the ability to set our mail cluster on top of 
a storage subsystem that can span multiple geographic regions and do 
away with the NFS backend.

[Dovecot] Dsync clustering

[l...@airstreamcomm.net]

I have not seen mention of using dsync for clustering Dovecot in some 
time on the mailing list, but I believe Timo was going to write a wiki 
page when v2.2 became more mature.  Does this documentation exist yet, 
or are there any resources on what dsync replication is capable of at 
this point (looking on the wiki and google didn't reveal much)?  Thank 
in advance.

Re: [Dovecot] LMTP userdb lookup

[l...@airstreamcomm.net]

On 10/4/12 9:58 AM, Timo Sirainen wrote:

On 4.10.2012, at 17.41, l...@airstreamcomm.net wrote:


protocol lmtp {
   userdb {
 ..
   }
}
protocol !lmtp {
   userdb {
 ..
   }
}



Forgot to mention I am running 2.0.17.

The above works in v2.1.


And I am getting the following error:

   auth: Fatal: No passdbs specified in configuration file. PLAIN
   mechanism needs one


 From a previous post it appears that Dovecot cannot run without a global 
lookups specified:

   http://www.dovecot.org/list/dovecot/2012-March/064407.html

Per the suggestion in the old post I created an empty passwdfile and included 
it in the auth-passwdfile which seems to have alleviated the issue, however 
this seems like a sub-optimal solution.  Is this still the case, or is there a 
way to tell Dovecot that there is no global lookups?

The !lmtp version avoids that fatal problem. So the solution is: upgrade.

Timo,

I upgraded to 2.1 and configured as recommended, however I am still 
getting an error:


auth: Fatal: No passdbs specified in configuration file. PLAIN mechanism 
needs one


Doveconf -n:

# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.5.2.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_location = maildir:~/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
service imap-login {
  inet_listener imap {
port = 143
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
port = 110
  }
}
ssl_cert = /etc/pki/dovecot/certs/mail.crt
ssl_key = /etc/pki/dovecot/private/mail.key
protocol !lmtp {
  passdb {
args = /etc/dovecot/imappop.conf.ext
driver = sql
  }
  userdb {
args = /etc/dovecot/imappop.conf.ext
driver = sql
  }
}
protocol lmtp {
  passdb {
args = /etc/dovecot/lmtp.conf.ext
driver = sql
  }
  userdb {
args = /etc/dovecot/lmtp.conf.ext
driver = sql
  }
}

Re: [Dovecot] lmtp proxy logging

[l...@airstreamcomm.net]

On 10/12/12 2:40 AM, Timo Sirainen wrote:

On 10.10.2012, at 17.37, Jack Bates wrote:


The logging on lmtp and lmtp proxy is pretty limited from what I can see. It seems to 
handle errors, Connect, Disconnect, and in the case of lmtp delivery, it logs where an 
email is saved to. The lmtp may be enough, connect, saved user, saved user..., 
disconnect, but I was curious if it is worth while to add more info logging for the 
proxy, primarily which recipients are sent to which proxy. I was thinking of local 
patching it, but I'll generate up something more inline with official code if it is 
desired.

My thought is to show 1 entry for each recipient, and the destination server 
chosen. If I recall correctly, the proxy code doesn't actually listen in on the 
conversation, so logging results would probably complicate the code.

I don't think this would be difficult to implement. Probably just a few lines 
of code. Yeah, could be useful.



+1 for adding this detail to logging for LMTP.

Re: [Dovecot] LMTP userdb lookup

[l...@airstreamcomm.net]

On 10/3/12 3:58 PM, Timo Sirainen wrote:

On 3.10.2012, at 22.26, l...@airstreamcomm.net wrote:


Is it possible to have separate userdb lookups for LMTP and POP/IMAP?

protocol lmtp {
   userdb {
 ..
   }
}
protocol !lmtp {
   userdb {
 ..
   }
}



Forgot to mention I am running 2.0.17.

I separated all the userdb passdb lookups into their own protocol 
configuration like so:


   protocol imap {
userdb { .. }
passdb { .. }
   }
   protocol pop3 {
userdb { .. }
passdb { .. }
   }
   protocol lmtp {
userdb { .. }
   }


And I am getting the following error:

   auth: Fatal: No passdbs specified in configuration file. PLAIN
   mechanism needs one


From a previous post it appears that Dovecot cannot run without a 
global lookups specified:


   http://www.dovecot.org/list/dovecot/2012-March/064407.html


Per the suggestion in the old post I created an empty passwdfile and 
included it in the auth-passwdfile which seems to have alleviated the 
issue, however this seems like a sub-optimal solution.  Is this still 
the case, or is there a way to tell Dovecot that there is no global 
lookups?

[Dovecot] LDA vs LMTP index files

[l...@airstreamcomm.net]

In the docs it states that LDA  ...takes mail from anMTAand delivers it 
to a user's mailbox, while keeping Dovecot index files up to date.  I 
am wondering if LMTP also interacts with the Dovecot index files and 
keeps them up to date?

[Dovecot] LMTP userdb lookup

[l...@airstreamcomm.net]

Is it possible to have separate userdb lookups for LMTP and POP/IMAP?

Re: [Dovecot] MySQL dict issues

[l...@airstreamcomm.net]

On 7/17/12 7:59 AM, Timo Sirainen wrote:

On 11.7.2012, at 21.10, l...@airstreamcomm.net wrote:


Testing using the mysql dict for quota storage (dovecot-2.0.12-2_127.el5), and 
ran into a couple issues.  First is a permissions issue:

dovecot: lmtp(26786, d...@test.tld):  Error: net_connect_unix(/var/run/dovecot/dict) 
failed: Permission denied (euid=5000(unknown) egid=5000(unknown) missing +r 
perm: /var/run/dovecot/dict, euid is not dir owner)

The file /var/run/dovecot/dict is listed with srw--- perms.  I changes the 
perms to srwrwx and it works, but I would like to figure out how to 
configure properly to run with the uid and gid 5000 as this is the user for 
virtual mail.

http://wiki2.dovecot.org/Dict explains this.

It does indeed, thanks.



The second issue is that two identical rows are created in the mysql database 
for each user quota.  The next message delivered updates both rows.

Identical? Or perhaps one is the number of bytes and the other is the number of 
messages?
There were two rows being created for each username.  My problem was 
that I forgot to create a PK on the username field, so there must be two 
operations on the database that create/update user information by 
dovecot that require that PK to keep it to one row.



The last issue might be a documentation omission.  Dovecot warned me that the 
mysql user did not have DELETE privileges on the quota table:

dovecot: dict: Error: sql dict: commit failed: DELETE command denied to user 
'user'@'a.b.c.d' for table 'domain_user_quotas'

This is done when recalculating quota.


The quota dict documentation (at http://wiki2.dovecot.org/Quota/Dict) does not 
mention DELETE being needed:

Updated.

Thanks!

[Dovecot] MySQL dict issues

[l...@airstreamcomm.net]

Testing using the mysql dict for quota storage 
(dovecot-2.0.12-2_127.el5), and ran into a couple issues.  First is a 
permissions issue:


dovecot: lmtp(26786, d...@test.tld):  Error: 
net_connect_unix(/var/run/dovecot/dict) failed: Permission denied 
(euid=5000(unknown) egid=5000(unknown) missing +r perm: 
/var/run/dovecot/dict, euid is not dir owner)


The file /var/run/dovecot/dict is listed with srw--- perms.  I 
changes the perms to srwrwx and it works, but I would like to figure 
out how to configure properly to run with the uid and gid 5000 as this 
is the user for virtual mail.


The second issue is that two identical rows are created in the mysql 
database for each user quota.  The next message delivered updates both 
rows.  Here is my quota config:


90-quota.conf:

plugin {
  quota_rule = *:storage=10G
  quota_rule2 = Trash:storage=+10%
}
plugin {
  quota = dict:user::proxy::userquota
}
dict {
  userquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}

dovecot-dict-sql.conf.ext:

connect = host=a.b.c.d dbname=mail user=user password=derp
map {
  pattern = priv/quota/storage
  table = domain_user_quotas
  username_field = username
  value_field = bytes
}
map {
  pattern = priv/quota/messages
  table = domain_user_quotas
  username_field = username
  value_field = message_count
}

The last issue might be a documentation omission.  Dovecot warned me 
that the mysql user did not have DELETE privileges on the quota table:


dovecot: dict: Error: sql dict: commit failed: DELETE command denied to 
user 'user'@'a.b.c.d' for table 'domain_user_quotas'


The quota dict documentation (at http://wiki2.dovecot.org/Quota/Dict) 
does not mention DELETE being needed:


MySQL uses the following queries to update the quota. You need suitable 
privileges.


INSERT INTO table (bytes,username) VALUES ('112497180','f...@spam.dom') ON 
DUPLICATE KEY UPDATE bytes='112497180';
INSERT INTO table (messages,username) VALUES ('1743','f...@spam.dom') ON 
DUPLICATE KEY UPDATE messages='1743';
UPDATE table SET bytes=bytes-14433,messages=messages-2 WHERE username = 
'f...@spam.dom';

Re: [Dovecot] Dsync replication

[l...@airstreamcomm.net]

On 7/5/12 10:08 PM, Костырев Александр Алексеевич wrote:

use the search, Luke)

http://www.dovecot.org/list/dovecot/2012-March/064512.html
this thread was all that I needed to setup replication for testing.



-Original Message-
From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On 
Behalf Of l...@airstreamcomm.net
Sent: Friday, July 06, 2012 3:28 AM
To: dovecot@dovecot.org
Subject: [Dovecot] Dsync replication

I have been loosely following discussions dsync replication, but I am
wondering if this tool still in a testing phase or has it been committed
as a production part of Dovecot?  I would like to do some testing with
the protocol to see if it's capable of handling the change rate our mail
service generates, which has about 23,000 active users.  We are trying
to find solutions for a two site setup where mail processing is either
being done at the primary data center A and fails over to a hot standby
cluster at the secondary data center B, or where both data centers are
doing active processing.  I have been unable to find documentation on
dsync replication on the wiki, so if there is any documentation
available on how to setup dsync replication I would appreciate a nudge
in the right direction.



Thanks, that certainly helps identify the configuration options. However 
I am more concerned about the experiences of others who have actually 
used the replication.  What is the rate of change on your mail cluster, 
how many concurrent users do you support with replication enabled, do 
you use synchronous or asynchronous replication, are you using it in an 
active/active or active/passive state, is it possible to have a cluster 
with multiple servers at each site hosting the same mail data, does 
dysnc replication scale well (10,000 - 100,000 - 1,000,000 users)?  
Just trying to get a good feel for whether dsync replication is capable 
of handling the use case I am proposing before investing too much time 
in testing it.

Re: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing maildirs)

[l...@airstreamcomm.net]

Great information, thank you.  Could you remark on GPFS services hosting mail 
storage over a WAN between two geographically separated data centers?

- Reply message -
From: Jan-Frode Myklebust janfr...@tanso.net
To: Stan Hoeppner s...@hardwarefreak.com
Cc: Timo Sirainen t...@iki.fi, dovecot@dovecot.org
Subject: [Dovecot] GPFS for mail-storage (Was: Re: Compressing existing 
maildirs)
Date: Tue, Jan 3, 2012 2:14 am


On Sat, Dec 31, 2011 at 01:54:32AM -0600, Stan Hoeppner wrote:
 Nice setup.  I've mentioned GPFS for cluster use on this list before,
 but I think you're the only operator to confirm using it.  I'm sure
 others would be interested in hearing of your first hand experience:
 pros, cons, performance, etc.  And a ball park figure on the licensing
 costs, whether one can only use GPFS on IBM storage or if storage from
 others vendors is allowed in the GPFS pool.

I used to work for IBM, so I've been a bit uneasy about pushing GPFS too
hard publicly, for risk of being accused of being biased. But I changed job in
November, so now I'm only a satisfied customer :-)

Pros:
Extremely simple to configure and manage. Assuming root on all
nodes can ssh freely, and port 1191/tcp is open between the
nodes, these are the commands to create the cluster, create a
NSD (network shared disks), and create a filesystem:

# echo hostname1:manager-quorum  NodeFile  # manager 
means this node can be selected as filesystem manager
# echo hostname2:manager-quorum  NodeFile # quorum 
means this node has a vote in the quorum selection
# echo hostname3:manager-quorum  NodeFile # all my nodes 
are usually the same, so they all have same roles.
# mmcrcluster  -n  NodeFile  -p $(hostname) -A

### sdb1 is either a local disk on hostname1 (in which case the 
other nodes will access it over tcp to
### hostname1), or a SAN-disk that they can access directly 
over FC/iSCSI.
# echo sdb1:hostname1::dataAndMetadata::  DescFile # This disk 
can be used for both data and metadata
# mmcrnsd -F DescFile

# mmstartup -A  # starts GPFS services on all nodes
# mmcrfs /gpfs1 gpfs1 -F DescFile
# mount /gpfs1

You can add and remove disks from the filesystem, and change most
settings without downtime. You can scale out your workload by adding
more nodes (SAN attached or not), and scale out your disk performance
by adding more disks on the fly. (IBM uses GPFS to create
scale-out NAS solutions 
http://www-03.ibm.com/systems/storage/network/sonas/ ,
which highlights a few of the features available with GPFS)

There's no problem running GPFS on other vendors disk systems. I've 
used Nexsan
SATAboy earlier, for a HPC cluster. One can easily move from one 
disksystem to
another without downtime.

Cons:
It has it's own page cache, staticly configured. So you don't get the 
all
available memory used for page caching behaviour as you normally do on 
linux.

There is a kernel module that needs to be rebuilt on every
upgrade. It's a simple process, but it needs to be done and means we
can't just run yum update ; reboot to upgrade.

% export SHARKCLONEROOT=/usr/lpp/mmfs/src
% cp /usr/lpp/mmfs/src/config/site.mcr.proto 
/usr/lpp/mmfs/src/config/site.mcr
% vi /usr/lpp/mmfs/src/config/site.mcr # correct GPFS_ARCH, 
LINUX_DISTRIBUTION and LINUX_KERNEL_VERSION
% cd /usr/lpp/mmfs/src/ ; make clean ; make World
% su - root
# export SHARKCLONEROOT=/usr/lpp/mmfs/src
# cd /usr/lpp/mmfs/src/ ; make InstallImages


 
 To this point IIRC everyone here doing clusters is using NFS, GFS, or
 OCFS.  Each has its downsides, mostly because everyone is using maildir.
  NFS has locking issues with shared dovecot index files.  GFS and OCFS
 have filesystem metadata performance issues.  How does GPFS perform with
 your maildir workload?

Maildir is likely a worst case type workload for filesystems. Millions
of tiny-tiny files, making all IO random, and getting minimal controller
read cache utilized (unless you can cache all active files). So I've
concluded that our performance issues are mostly design errors (and the
fact that there were no better mail storage formats than maildir at the
time these servers were implemented). I expect moving to mdbox will 
fix all our performance issues.

I *think* GPFS is as good as it gets for maildir storage on clusterfs,
but have no number to back that up ... Would be very interesting if we
could somehow compare numbers for a few clusterfs'. 

I believe our main limitation in this setup is the iops we can get from
the backend storage system. It's hard to balance the IO over enough
RAID arrays