Re: v2.2.30 released
Hi Vincent,
The problem was resolved in 2.2.30.2 so feel free to update to that.
On 13 June 2017 at 13:11, wrote:
> Hi,
>
> Same symptoms here when upgrading from 2.2.29 to 2.2.30. Getting back to
> 2.2.29 resolve the problem.
>
> The client here is a webmail ( rainloop ). User automatically logout as if
> the auth did'nt succed although log show successfull login attempt
>
> My configuration
>
> 2.2.29.1 (e0b76e3): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.18 (29cc74d)
> # OS: Linux 4.11.2-gentoo--std-ipv6-64 x86_64 Gentoo Base System
> release 2.4.1
> auth_cache_size = 10 M
> auth_default_realm = aprogsys.com
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /etc/dovecot/dovecot.keytab
> auth_mechanisms = plain login gssapi
> auth_username_format = %Ln
> auth_worker_max_count = 80
> dict {
> acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
> }
> disable_plaintext_auth = no
> dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
> first_valid_uid = 1001
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_access_groups = dovecot
> mail_location = mdbox:~/mdbox
> mail_plugins = " acl fts fts_lucene notify replication virtual"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext
> namespace {
> list = children
> location = mdbox:%%h/mdbox
> prefix = shared/%%n/
> separator = /
> subscriptions = no
> type = shared
> }
> namespace {
> location = virtual:~/virtual
> prefix = virtual/
> separator = /
> }
> namespace inbox {
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> auto = no
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox SPAM {
> auto = create
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> auto = no
> special_use = \Sent
> }
> mailbox Trash {
> auto = no
> special_use = \Trash
> }
> prefix =
> separator = /
> }
> passdb {
> args = cache_key=%s%u *
> driver = pam
> }
> plugin {
> acl = vfile
> acl_anyone = allow
> acl_shared_dict = proxy::acl
> antispam_backend = mailtrain
> antispam_mail_notspam = learn_ham
> antispam_mail_sendmail = /usr/bin/rspamc
> antispam_mail_sendmail_args = -h;localhost:11334;-P;q1
> antispam_mail_spam = learn_spam
> antispam_spam = SPAM
> antispam_trash = Trash
> fts = lucene
> fts_autoindex = yes
> fts_lucene = whitespace_chars=@.
> mail_replica = remote:root@192.168.1.7
> replication_dsync_parameters = -d -U
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_before = /var/lib/dovecot/sieve
> sieve_default = /var/lib/dovecot/sieve/spam.sieve
> sieve_dir = ~/sieve
> }
> protocols = imap pop3 lmtp sieve
> replication_max_conns = 2
> service aggregator {
> fifo_listener replication-notify-fifo {
> mode = 0666
> }
> unix_listener replication-notify {
> mode = 0666
> }
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-client {
> mode = 0666
> }
> unix_listener auth-userdb {
> mode = 0777
> }
> }
> service dict {
> unix_listener dict {
> mode = 0666
> }
> }
> service imap-login {
> process_min_avail = 4
> service_count = 0
> vsz_limit = 256 M
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> inet_listener sieve_deprecated {
> port = 2000
> }
> }
> service replicator {
> process_min_avail = 1
> unix_listener replicator-doveadm {
> mode = 0666
> }
> }
> ssl_cert = ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> protocol lda {
> mail_plugins = " acl fts fts_lucene notify replication virtual sieve"
> }
> protocol imap {
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> tb-lsub-flags
> mail_max_userip_connections = 40
> mail_plugins = " acl fts fts_lucene notify replication virtual antispam
> imap_acl"
> }
> local_name imap.agrobioconso.org {
> ssl_cert =ssl_key = # hidden, use -P to show it
> }
> local_name imap.aprogsys.com {
> ssl_cert =ssl_key = # hidden, use -P to show it
> }
> local_name imap.lesmontreursdours.fr {
> ssl_cert = fullchain.pem
> ssl_key = # hidden, use -P to show it
> }
> local_name pop.aprogsys.com {
> ssl_cert =ssl_key = # hidden, use -P to show it
> }
> local_name imap.caves-explorer.com {
> ssl_cert =ssl_key = # hidden, use -P to show it
> }
> local_name imap.vetienne.net {
> ssl_cert =ssl_key = # hidden, use -P to show it
> }
>
> Regards,
> Vincent ETIENNE
>
> 1 juin 2017 18:48 "Odhiambo Washington" a
Re: v2.2.30 released
Hi,
Same symptoms here when upgrading from 2.2.29 to 2.2.30. Getting back to 2.2.29
resolve the problem.
The client here is a webmail ( rainloop ). User automatically logout as if the
auth did'nt succed although log show successfull login attempt
My configuration
2.2.29.1 (e0b76e3): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 4.11.2-gentoo--std-ipv6-64 x86_64 Gentoo Base System release
2.4.1
auth_cache_size = 10 M
auth_default_realm = aprogsys.com
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_username_format = %Ln
auth_worker_max_count = 80
dict {
acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
first_valid_uid = 1001
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = dovecot
mail_location = mdbox:~/mdbox
mail_plugins = " acl fts fts_lucene notify replication virtual"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace {
list = children
location = mdbox:%%h/mdbox
prefix = shared/%%n/
separator = /
subscriptions = no
type = shared
}
namespace {
location = virtual:~/virtual
prefix = virtual/
separator = /
}
namespace inbox {
inbox = yes
list = yes
location =
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox SPAM {
auto = create
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = no
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = cache_key=%s%u *
driver = pam
}
plugin {
acl = vfile
acl_anyone = allow
acl_shared_dict = proxy::acl
antispam_backend = mailtrain
antispam_mail_notspam = learn_ham
antispam_mail_sendmail = /usr/bin/rspamc
antispam_mail_sendmail_args = -h;localhost:11334;-P;q1
antispam_mail_spam = learn_spam
antispam_spam = SPAM
antispam_trash = Trash
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
mail_replica = remote:root@192.168.1.7
replication_dsync_parameters = -d -U
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve
sieve_default = /var/lib/dovecot/sieve/spam.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 lmtp sieve
replication_max_conns = 2
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-client {
mode = 0666
}
unix_listener auth-userdb {
mode = 0777
}
}
service dict {
unix_listener dict {
mode = 0666
}
}
service imap-login {
process_min_avail = 4
service_count = 0
vsz_limit = 256 M
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl_cert = a écrit:
> Nothing in the error log, because authentication is actually successful.
>
Re: v2.2.30 released
Nothing in the error log, because authentication is actually successful.
2.2.29 (13ebc01): /opt/dovecot2.2/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.3-STABLE i386 ufs
auth_cache_size = 20 M
auth_master_user_separator = *
auth_mechanisms = plain login digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
base_dir = /var/run/dovecot/
default_login_user = dovecot
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 26
hostname = gw.localdomain
info_log_path = /var/log/dovecot.log
mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDEX=MEMORY
mail_plugins = " quota"
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_fields = uid box msgid size
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
}
postmaster_address = postmaster@localdomain
service auth {
unix_listener auth-client {
mode = 0600
user = mailnull
}
unix_listener auth-userdb {
group = mailnull
user = mailnull
}
}
service quota-warning {
executable = script /opt/dovecot2.2/scripts/quota-warning.sh
unix_listener quota-warning {
user = mailnull
}
user = dovecot
}
ssl_cert = wrote:
> At least doveconf -n output would help. I guess related to authentication
> settings. Are there any errors in logs?
>
> > On 1 Jun 2017, at 12.14, Odhiambo Washington wrote:
> >
> >> On 30 May 2017 at 21:16, Timo Sirainen wrote:
> >>
> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> >> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
> >>
> >> * auth: Use timing safe comparisons for everything related to
> >> passwords. It's unlikely that these could have been used for
> >> practical attacks, especially because Dovecot delays and flushes all
> >> failed authentications in 2 second intervals. Also it could have
> >> worked only when passwords were stored in plaintext in the passdb.
> >> * master process sends SIGQUIT to all running children at shutdown,
> >> which instructs them to close all the socket listeners immediately.
> >> This way restarting Dovecot should no longer fail due to some
> >> processes keeping the listeners open for a long time.
> >>
> >> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
> >> + auth: Add passdb { username_filter } to use passdb only if user
> >> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
> >> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
> >> the transaction after saving this many new messages. Because of the
> >> way dsync works, it may not always be possible if mails are copied
> >> or UIDs need to change.
> >> + imapc: Support imapc_features=search without ESEARCH extension.
> >> + imapc: Add imapc_features=fetch-bodystructure to pass through remote
> >> server's FETCH BODY and BODYSTRUCTURE.
> >> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
> >> remote server.
> >> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
> >> + If dovecot.index.cache corruption is detected, reset only the one
> >> corrupted mail instead of the whole file.
> >> + doveadm mailbox status: Add "firstsaved" field.
> >> + director_flush_socket: Add old host's up/down and vhost count as
> >> parameters
> >> - More fixes to automatically fix corruption in dovecot.list.index
> >> - dsync-server: Fix support for dsync_features=empty-header-workaround
> >> - imapc: Various bugfixes, including infinite loops on some errors
> >> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
> >> enabled modseq tracking via CONDSTORE/QRESYNC.
> >> - fts-lucene: Fix it to work again with mbox format
> >> - Some internal error messages may have contained garbage in v2.2.29
> >> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
> >> are used. Otherwise the copied mails can't be opened.
> >> - vpopmail: Fix compiling
> >>
> >
> >
> > Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
> > Outlook!) were being prompted for mail password! They'd enter it, mail is
> > fetched, and on the next check (even though the password had always been
> > saved) they'd be prompted again. So I quickly reverted to 2.2.29 and
> peace
> > prevailed.
> >
> > Now I am just wondering what exactly is causing this and how to fix it
> if I
> > am to come to 2.2.30.1
> >
> >
> >
> > --
> > Best re
Re: v2.2.30 released
At least doveconf -n output would help. I guess related to authentication
settings. Are there any errors in logs?
> On 1 Jun 2017, at 12.14, Odhiambo Washington wrote:
>
>> On 30 May 2017 at 21:16, Timo Sirainen wrote:
>>
>> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
>> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>>
>> * auth: Use timing safe comparisons for everything related to
>> passwords. It's unlikely that these could have been used for
>> practical attacks, especially because Dovecot delays and flushes all
>> failed authentications in 2 second intervals. Also it could have
>> worked only when passwords were stored in plaintext in the passdb.
>> * master process sends SIGQUIT to all running children at shutdown,
>> which instructs them to close all the socket listeners immediately.
>> This way restarting Dovecot should no longer fail due to some
>> processes keeping the listeners open for a long time.
>>
>> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
>> + auth: Add passdb { username_filter } to use passdb only if user
>> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
>> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
>> the transaction after saving this many new messages. Because of the
>> way dsync works, it may not always be possible if mails are copied
>> or UIDs need to change.
>> + imapc: Support imapc_features=search without ESEARCH extension.
>> + imapc: Add imapc_features=fetch-bodystructure to pass through remote
>> server's FETCH BODY and BODYSTRUCTURE.
>> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
>> remote server.
>> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
>> + If dovecot.index.cache corruption is detected, reset only the one
>> corrupted mail instead of the whole file.
>> + doveadm mailbox status: Add "firstsaved" field.
>> + director_flush_socket: Add old host's up/down and vhost count as
>> parameters
>> - More fixes to automatically fix corruption in dovecot.list.index
>> - dsync-server: Fix support for dsync_features=empty-header-workaround
>> - imapc: Various bugfixes, including infinite loops on some errors
>> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
>> enabled modseq tracking via CONDSTORE/QRESYNC.
>> - fts-lucene: Fix it to work again with mbox format
>> - Some internal error messages may have contained garbage in v2.2.29
>> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
>> are used. Otherwise the copied mails can't be opened.
>> - vpopmail: Fix compiling
>>
>
>
> Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
> Outlook!) were being prompted for mail password! They'd enter it, mail is
> fetched, and on the next check (even though the password had always been
> saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace
> prevailed.
>
> Now I am just wondering what exactly is causing this and how to fix it if I
> am to come to 2.2.30.1
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
Re: v2.2.30 released
On 30 May 2017 at 21:16, Timo Sirainen wrote:
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>
> * auth: Use timing safe comparisons for everything related to
>passwords. It's unlikely that these could have been used for
>practical attacks, especially because Dovecot delays and flushes all
>failed authentications in 2 second intervals. Also it could have
>worked only when passwords were stored in plaintext in the passdb.
> * master process sends SIGQUIT to all running children at shutdown,
>which instructs them to close all the socket listeners immediately.
>This way restarting Dovecot should no longer fail due to some
>processes keeping the listeners open for a long time.
>
> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
> + auth: Add passdb { username_filter } to use passdb only if user
>matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
> + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
>the transaction after saving this many new messages. Because of the
>way dsync works, it may not always be possible if mails are copied
>or UIDs need to change.
> + imapc: Support imapc_features=search without ESEARCH extension.
> + imapc: Add imapc_features=fetch-bodystructure to pass through remote
>server's FETCH BODY and BODYSTRUCTURE.
> + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
>remote server.
> + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
> + If dovecot.index.cache corruption is detected, reset only the one
>corrupted mail instead of the whole file.
> + doveadm mailbox status: Add "firstsaved" field.
> + director_flush_socket: Add old host's up/down and vhost count as
> parameters
> - More fixes to automatically fix corruption in dovecot.list.index
> - dsync-server: Fix support for dsync_features=empty-header-workaround
> - imapc: Various bugfixes, including infinite loops on some errors
> - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
>enabled modseq tracking via CONDSTORE/QRESYNC.
> - fts-lucene: Fix it to work again with mbox format
> - Some internal error messages may have contained garbage in v2.2.29
> - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
>are used. Otherwise the copied mails can't be opened.
> - vpopmail: Fix compiling
>
Upgraded a 2.2.29 to this one and all hell broke loose! All users (MS
Outlook!) were being prompted for mail password! They'd enter it, mail is
fetched, and on the next check (even though the password had always been
saved) they'd be prompted again. So I quickly reverted to 2.2.29 and peace
prevailed.
Now I am just wondering what exactly is causing this and how to fix it if I
am to come to 2.2.30.1
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Re: v2.2.30 released
Timo wrote:
(Lots of this ...)
May 26 15:22:50 server dovecot: pop3(user): Warning: Transaction log
file /{cachedir}/dovecot.index.log was locked for 43 seconds (rotating while
syncing)
May 27 16:57:18 server dovecot: imap(user): Warning: Transaction log
file /{cachedir}/dovecot.index.log was locked for 105 seconds (Mailbox was
synchronized)
Not really an error, just bad performance.
Probably happens when a user is doing I/O on their large INBOX's via NFS, and
bogging down. Thanks for explaining this.
Joseph Tam
Re: v2.2.30 released
On 31 May 2017, at 22.56, Joseph Tam wrote:
>
> Timo wrote:
>
+ If dovecot.index.cache corruption is detected, reset only the one
corrupted mail instead of the whole file.
>>>
>>> Is this a big performance win? I still have users with jumbo mailboxes
>>> who insist on direct mailbox file access using procmail or mail readers,
>>> which trigger index rebuilds when dovecot accesses them.
>>
>> What does Dovecot log then? But probably doesn't affect that. It's
>> only when Dovecot logs something about dovecot.index.cache corruption
>> that this helps.
>
> It logs stuff like this
>
> (Lots of this ...)
> May 26 15:22:50 server dovecot: pop3(user): Warning: Transaction log
> file /{cachedir}/dovecot.index.log was locked for 43 seconds (rotating while
> syncing)
> May 27 16:57:18 server dovecot: imap(user): Warning: Transaction log
> file /{cachedir}/dovecot.index.log was locked for 105 seconds (Mailbox was
> synchronized)
Not really an error, just bad performance.
> (... and some this this ...)
> May 26 15:43:07 server dovecot: imap(user): Error: Next message
> unexpectedly corrupted in mbox file /var/mail/user at 9627641
I guess caused by the direct access. I think not a big problem and won't cause
cache corruption.
> (... but very rarely this ...)
> May 8 17:05:59 server dovecot: imap(user): Error: Corrupted index
> cache file /{cachedir}/dovecot.index.cache: Broken virtual size for mail UID
> 12032 in mailbox INBOX: read(/var/mail/user): FETCH BODY[] got too little
> data: 6199 vs 6201
This new feature would actually help with this. It would mark only the one mail
corrupted in cache instead of everything.
Re: v2.2.30 released
Timo wrote:
+ If dovecot.index.cache corruption is detected, reset only the one
corrupted mail instead of the whole file.
Is this a big performance win? I still have users with jumbo mailboxes
who insist on direct mailbox file access using procmail or mail readers,
which trigger index rebuilds when dovecot accesses them.
What does Dovecot log then? But probably doesn't affect that. It's
only when Dovecot logs something about dovecot.index.cache corruption
that this helps.
It logs stuff like this
(Lots of this ...)
May 26 15:22:50 server dovecot: pop3(user): Warning: Transaction log
file /{cachedir}/dovecot.index.log was locked for 43 seconds (rotating while
syncing)
May 27 16:57:18 server dovecot: imap(user): Warning: Transaction log
file /{cachedir}/dovecot.index.log was locked for 105 seconds (Mailbox was
synchronized)
(... and some this this ...)
May 26 15:43:07 server dovecot: imap(user): Error: Next message
unexpectedly corrupted in mbox file /var/mail/user at 9627641
(... but very rarely this ...)
May 8 17:05:59 server dovecot: imap(user): Error: Corrupted index
cache file /{cachedir}/dovecot.index.cache: Broken virtual size for mail UID
12032 in mailbox INBOX: read(/var/mail/user): FETCH BODY[] got too little data:
6199 vs 6201
From what you say, the changes would only affects the latter, so no big change.
Thanks for the info.
Joseph Tam
Re: v2.2.30 released
On 31 May 2017, at 16.32, FUSTE Emmanuel wrote:
>
>> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
>> + auth: Add passdb { username_filter } to use passdb only if user
>>matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
> Shouldn't the wiki be corrected ?
> we have:
> mechanisms: Skip, if non-empty and the current auth mechanism is listed
> here.
>
> but the intended meaning is:
> mechanisms: Skip, if non-empty and the current auth mechanism is not
> listed here.
>
> Isn't it?
Fixed, thanks!
Re: v2.2.30 released
Le 30/05/2017 à 20:16, Timo Sirainen a écrit :
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>
> * auth: Use timing safe comparisons for everything related to
> passwords. It's unlikely that these could have been used for
> practical attacks, especially because Dovecot delays and flushes all
> failed authentications in 2 second intervals. Also it could have
> worked only when passwords were stored in plaintext in the passdb.
> * master process sends SIGQUIT to all running children at shutdown,
> which instructs them to close all the socket listeners immediately.
> This way restarting Dovecot should no longer fail due to some
> processes keeping the listeners open for a long time.
>
> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
> + auth: Add passdb { username_filter } to use passdb only if user
> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
Shouldn't the wiki be corrected ?
we have:
mechanisms: Skip, if non-empty and the current auth mechanism is listed
here.
but the intended meaning is:
mechanisms: Skip, if non-empty and the current auth mechanism is not
listed here.
Isn't it?
Emmanuel.
Re: v2.2.30 released
On 31/05/2017 12:04, A.L.E.C wrote: Recently Timo said "Don't use --with-storages=maildir. The benefits are very close to zero. I think I'll just remove that configure option entirely". So, it's been removed, I suppose. Suppose nothing, it's there (v2.2.30). $ grep with-storages configure --with-storages Build with specified mail storage formats (mdbox # Check whether --with-storages was given. as_fn_error $? "--with-storages needs storage list as parameter" "$LINENO" 5 as_fn_error $? "Duplicate --with-storages: $duplicates" "$LINENO" 5
Re: v2.2.30 released
On 31/05/2017 12:06, Reuben Farrelly wrote: There is a build problem in the configure/make/libtool process when using "./configure ... --with-storages=maildir ...". This was deliberate - see the mailing list archives dated around 9 May 2017 My apologies, I missed that. I've stopped using the option and all is well. Thank you for pointing out the previous thread.
Re: v2.2.30 released
On 05/31/2017 12:54 PM, James wrote: > This can be avoided if "--with-storages=maildir,imapc" is used to build. > I could not find a proper solution in the time I had. Recently Timo said "Don't use --with-storages=maildir. The benefits are very close to zero. I think I'll just remove that configure option entirely". So, it's been removed, I suppose. -- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net] PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
Re: v2.2.30 released
On 31/05/2017 8:54 PM, James wrote: On 30/05/2017 19:16, Timo Sirainen wrote: https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz There is a build problem in the configure/make/libtool process when using "./configure ... --with-storages=maildir ...". This was deliberate - see the mailing list archives dated around 9 May 2017. Refer the commit referring to this: https://github.com/dovecot/core/commit/5b0cbd40cdf36d086f014d4f56dc994bbbe12463 In my view it should have been noted in the release notes as an upgrade caveat because this is a subtle but important build change in behaviour from previous versions. Reuben
Re: v2.2.30 released
On 30/05/2017 19:16, Timo Sirainen wrote: https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz There is a build problem in the configure/make/libtool process when using "./configure ... --with-storages=maildir ...". libtool: link: cc -G -h lib10_quota_plugin.so -o .libs/lib10_quota_plugin.so .libs/quota.o .libs/quota-count.o .libs/quota-fs.o .libs/quota-dict.o .libs/quota-dirsize.o .libs/quota-imapc.o .libs/quota-maildir.o .libs/quota-plugin.o .libs/quota-storage.o .libs/quota-util.o .libs/rquota_xdr.o -lrt -lnsl -lsocket -lsendfile -lc libtool: link: ( cd ".libs" && rm -f "lib10_quota_plugin.la" && ln -s "../lib10_quota_plugin.la" "lib10_quota_plugin.la" ) libtool: link: cc -o .libs/quota-status quota-status.o .libs/quota.o .libs/quota-count.o .libs/quota-fs.o .libs/quota-dict.o .libs/quota-dirsize.o .libs/quota-imapc.o .libs/quota-maildir.o .libs/quota-plugin.o .libs/quota-storage.o .libs/quota-util.o .libs/rquota_xdr.o ../../../src/lib-storage/.libs/libdovecot-storage.so /scratch/build/dovecot/32/src/lib-dovecot/.libs/libdovecot.so ../../../src/lib-imap-storage/.libs/libimap-storage.a ../../../src/lib-dovecot/.libs/libdovecot.so -liconv -lrt -lnsl -lsocket -lsendfile Undefined first referenced symbol in file imapc_simple_run.libs/quota-imapc.o imapc_simple_context_init .libs/quota-imapc.o imapc_command_sendf .libs/quota-imapc.o imapc_client_get_capabilities .libs/quota-imapc.o imapc_storage_client_register_untagged .libs/quota-imapc.o imapc_simple_callback .libs/quota-imapc.o imapc_client_cmd.libs/quota-imapc.o ld: fatal: symbol referencing errors. No output written to .libs/quota-status This can be avoided if "--with-storages=maildir,imapc" is used to build. I could not find a proper solution in the time I had.
Re: v2.2.30 released
On 30 May 2017, at 23.51, Joseph Tam wrote: > > > Timo Sirainen announced > >> + If dovecot.index.cache corruption is detected, reset only the one >> corrupted mail instead of the whole file. > > Is this a big performance win? I still have users with jumbo mailboxes > who insist on direct mailbox file access using procmail or mail readers, > which trigger index rebuilds when dovecot accesses them. What does Dovecot log then? But probably doesn't affect that. It's only when Dovecot logs something about dovecot.index.cache corruption that this helps.
Re: v2.2.30 released
Timo Sirainen announced + If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. Is this a big performance win? I still have users with jumbo mailboxes who insist on direct mailbox file access using procmail or mail readers, which trigger index rebuilds when dovecot accesses them. Joseph Tam
