Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-16 Thread Timo Sirainen 
On Wed, 2013-02-13 at 23:43 +0100, Piotr Rotter wrote:
 I configure director temporary in some tricky way because I have to 
 serve md5 and ntlm authentication method and I do not want reconfigure 
 pop/imap servers.
 
 Can you confirm I done all ok becouse I have that issue:
 
   # doveadm director map
 doveadm(root): Error: User listing returned failure
 doveadm(root): Error: user listing failed
 user 

All is working. If you want doveadm director map command to work you
need to either:

a) Make doveadm user '*' command work by providing appropriate userdb
configuration or

b) use doveadm director map -f userdb parameter where userdb is a file
that lists all the usernames you have.

There's no need to use doveadm director map command at all though.

Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-16 Thread Piotr Rotter 

Thank you for your assistant.

Broken uidlist errors appears more than 10 time less frequently then in 
the past and still reduce.


I have question about director and no plain text auth methods. Now I 
have tricky query in director configuration.
password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS 
destuser, clear AS pass FROM postfix_users WHERE email = '%u'


Is there some method to make it better. Master password is a bit 
dangerous ( man in the middle ). Is director can relay no plain text 
authorization with out checking.


I have one more question, which is not concerned subject above. Is there 
any chance to set dovecot to be policy demon for postfix to check 
mailbox quota before mail are checking  by (amavis, spamassassin, 
clamav) and before it is sending by lmtp. I think that it could  reduce 
load.

Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-16 Thread Timo Sirainen 
On 16.2.2013, at 23.41, Piotr Rotter piotr.rot...@active24.pl wrote:

 Thank you for your assistant.
 
 Broken uidlist errors appears more than 10 time less frequently then in the 
 past and still reduce.
 
 I have question about director and no plain text auth methods. Now I have 
 tricky query in director configuration.
 password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS destuser, 
 clear AS pass FROM postfix_users WHERE email = '%u'
 
 Is there some method to make it better.

%u as destuser isn't necessary, since it's the default.

 Master password is a bit dangerous ( man in the middle ). Is director can 
 relay no plain text authorization with out checking.

If you set NULL as password, director won't verify the password. You could even 
use passdb static. But this increases director's memory usage since users are 
verified by backends and director needs to remember all the unknown user login 
attempts (from brute force bots).

If you want non-plaintext auth:

Master password is slightly annoying, but you can set up the system so that 
director won't accept it and backends can't be connected directly.

It would also in theory be possible to use a per-user master password by using 
e.g. md5(username | master_password) as the password, so the master password 
would never be actually visible in the network (actually adding some 
non-plaintext SASL auth client support for Dovecot would basically do that).

Or the director - backend auth could simply have its own list of randomly 
generated passwords for users.

 I have one more question, which is not concerned subject above. Is there any 
 chance to set dovecot to be policy demon for postfix to check mailbox quota 
 before mail are checking  by (amavis, spamassassin, clamav) and before it is 
 sending by lmtp. I think that it could  reduce load.

That's something I'm planning on creating.

[Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-13 Thread Piotr Rotter 

Hello,

I have issue with dovecot (v. 2.1.13)configuration after implementation 
dovecot-lda (I used maildrop earlier). Now i have 9 servers with storage 
by NFS v3. My problem is frequently dovecot-uidlist crashing.


2013-02-13T13:34:02.447969+01:00 k1 dovecot: imap(u...@domain.com): 
Error: Broken file /path_to_mailbox/dovecot-uidlist line 3170: Invalid 
data:
2013-02-13T13:34:34.527715+01:00 k1 dovecot: pop3(u...@domain.com): 
Error: Broken file /path_to_mailbox/dovecot-uidlist line 367: Invalid 
data:


It happens few time in minute for diferent users and has effect to re 
retriving messages by pop3 clients.


This my NFS mount options: (rw,tcp,vers=3,actimeo=0)

10-mail.conf options:
mmap_disable = yes
dotlock_use_excl = yes
mail_fsync=always
mail_nfs_storage = yes
mail_nfs_index = yes
lock_method = dotlock

I do not know what I did wrong and how solve this issue. Maybe NFS v4 or 
fcntl locks or migration to pop3_uidl_format = %g will by solution. 
Please some hint.


Please any help for solve this issue and sorry my english.

Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-13 Thread Timo Sirainen 
On 13.2.2013, at 13.57, Piotr Rotter piotr.rot...@active24.pl wrote:

 I have issue with dovecot (v. 2.1.13)configuration after implementation 
 dovecot-lda (I used maildrop earlier). Now i have 9 servers with storage by 
 NFS v3. My problem is frequently dovecot-uidlist crashing.
 
 2013-02-13T13:34:02.447969+01:00 k1 dovecot: imap(u...@domain.com): Error: 
 Broken file /path_to_mailbox/dovecot-uidlist line 3170: Invalid data:
 2013-02-13T13:34:34.527715+01:00 k1 dovecot: pop3(u...@domain.com): Error: 
 Broken file /path_to_mailbox/dovecot-uidlist line 367: Invalid data:
 
 It happens few time in minute for diferent users and has effect to re 
 retriving messages by pop3 clients.

Use director: http://wiki2.dovecot.org/Director

Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-13 Thread Piotr Rotter 
I configure director temporary in some tricky way because I have to 
serve md5 and ntlm authentication method and I do not want reconfigure 
pop/imap servers.


Can you confirm I done all ok becouse I have that issue:

 # doveadm director map
doveadm(root): Error: User listing returned failure
doveadm(root): Error: user listing failed
user 
 mail server ip expire 
time
unknown 
 192.168.111.24 
2013-02-14 00:57:34
unknown 
 192.168.111.21 
2013-02-14 00:57:46


yet everything else works ok

My password_query:
password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS 
destuser, clear AS pass FROM postfix_users WHERE email = '%u'


My director server config (dovecot -n):

# dovecot -n
# 2.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.7.1-hardened-r2 x86_64 Gentoo Base System release 2.1
auth_mechanisms = plain login digest-md5 cram-md5 ntlm apop
auth_verbose = yes
default_client_limit = 1
default_process_limit = 1
default_vsz_limit = 512 M
deliver_log_format = from=%f, msgid=%m, psize=%p: %$
director_mail_servers = 192.168.111.21 192.168.111.22 192.168.111.23 
192.168.111.24 192.168.111.25 192.168.111.26

director_servers = 195.78.67.29
director_user_expire = 2 hours
disable_plaintext_auth = no
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  mail_log_fields = box msgid from size
}
protocols = imap pop3
service auth {
  client_limit = 1
  unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
  }
}
service director {
  inet_listener {
port = 9090
  }
  unix_listener login/director {
mode = 0666
  }
}
service imap-login {
  executable = imap-login director
}
service pop3-login {
  executable = pop3-login director
}
ssl_ca = /etc/ssl/dovecot.ca
ssl_cert = /etc/ssl/dovecot.crt
ssl_key = /etc/ssl/dovecot.key

Re: [Dovecot] dovecot-uidlist crashing and re retriving messages by pop3 clients

2013-02-13 Thread Piotr Rotter 
I apologize for asking a question too fast without checking , I forgot 
look at logs.


Of course missing iterate_query

iterate_query = SELECT email AS user FROM postfix_users