Re: What are all the /var/spool/smtpd/offline/1689525601.XXXXlJ85yQ [SOLVED]
On 2024-09-02 05:59, Steve Litt via dovecot wrote: I stopped Dovecot, backed up the tens of thousands of files in /var/spool/smtpd/offline/, then deleted them, then started Dovecot again. Everything runs fine, so I guess those files weren't important, at least not to Dovecot. I also found the major problem consuming so much /var space was Void Linux' package cache files, so I deleted all of those more than 3 months old. Soon I'll make a daemon or a cron job that deletes old files in these two directories, and probably a lot more. I'm not an expert on Dovecot, but I've run it for quite a number of years, and cannot remember having seen that directory on any of my installations. So I guessed the easiest way to find out about it, is to Google for "/var/spool/smtpd" (including quotes). The results seem to indicate that the directory is related to OpenSMTPD. E.g.: https://manpages.debian.org/stretch/opensmtpd/smtpd.conf.5.en.html FILES [...] /var/spool/smtpd/ Spool directories for mail during processing. So if you have OpenSMTPD installed, you probably deleted spool files from undeliverable email (or so; I'm unfamiliar with OpenSMTPD). Maybe you should check what is in those files (Postfix queue files are readable when using `postcat`, maybe OpenSMTPD spool files are also readable). -- Rob ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: changing cipher for imap clients
The funny thing is AES128 may be harder to break than AES256. https://www.schneier.com/blog/archives/2009/07/another_new_aes.html It had been a decade, so it would be interesting if Bruce Schneier has the same opinion. I just use the defaults. Original Message From: dovecot@dovecot.org Sent: October 28, 2019 7:13 AM To: dovecot@dovecot.org Reply-to: 400the...@gmx.ch Subject: changing cipher for imap clients When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current values (defaults) # doveconf ssl_cipher_list ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # dovecot --version 2.3.4.1 thanks,
Re: AD ldap, filter to exclude various kinds of expired, disabled etc etc users
Hi, For the archives, the below user_filter works nicely: user_filter = (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512)) But another option, taken from the samba mailinglist is: user_filter = (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512))(!(userAccountControl:1.2.840.113556.1.4.803:=2) This one excludes various kinds of disabled accounts, including 514. The second one might actually be better. MJ On 8-3-2019 13:39, mj via dovecot wrote: Hi, I was revising our AD ldap user_filter and pass_filter to exclude more types of expired / disabled accounts. I started adding things like: (&(objectclass=person)(sAMAccountName=%n)(!useraccountcontrol=514)(!(useraccountcontrol=546))(!(useraccountcontrol=66050))(!(useraccountcontrol=8388608))) but then I thought, why not simply do: (&(objectclass=person)(sAMAccountName=%n)(userAccountControl=512)) as 512 would your regular active user accounts only, excluding all other account types. Looking here (https://support.microsoft.com/en-gb/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) there are some many different userAccountControl to check, that it might be smarter to only allow userAccountControl=512, or? Any ideas on this..? (or examples of how you do it?) MJ