Re: [Dovecot] specifying home/sieve/sieve_dir relative to mail_location
On 25.6.2012, at 12.54, Edgar Fuß wrote: With 1.2, is it possible to specify home, sieve and sieve_dir relative to mail_location? No-one, this one? Too simple? Too stupid? Too obvious? Not possible? Mail/Sieve dirs can be relative to home dir, not vice versa.. I know it's possible to specify everything relative to home, so I could probably use relative ~/../-type paths for mail_locatin etc., but that looks a bit awkward. Yeah, that would probably work. Maybe look into changing your directory hierarchy so mails are under home.
Re: [Dovecot] specifying home/sieve/sieve_dir relative to mail_location
On 25.6.2012, at 17.42, Edgar Fuß wrote: Ah, and what about the WIKI ``user_attrs = .., mailDirectory=home=/var/vmail/%$'' example that I don't understand? Well, you could use a single mailDirectory LDAP attribute that expands to your mail directory to provide for all of the other home/sieve fields as well. But that requires Dovecot v2.1.
Re: [Dovecot] Mail migration to dovecot with doveadm backup
On 24.6.2012, at 18.57, Reinhard Vicinus wrote: i try to migrate mails from a non dovecot imap server to a dovecot imap server with doveadm backup as described there: http://wiki2.dovecot.org/Migration/Dsync i first tried (local-mailbox port 18143 is the non dovecot imap server): /usr/bin/doveadm -o imapc_user=u...@example.org -o imapc_password=imappw -o imapc_host=local-mailbox -o imapc_features=rfc822.size -o imapc_port=18143 -o mailbox_list_index=no -v -D backup -R -f -u u...@example.org -m Sent imapc: and got the following error: dsync(u...@example.org): Fatal: dsync backup: Looks like you're trying to run backup in wrong direction. Source is empty and destination is not. Strange. -R is supposed to make it copy from imapc to mdbox.. Have you tried if Dovecot can see mails at all from the remote server? Try doveadm -o mail=imapc: -o ... fetch instead of doveadm backup command. As the dovecot imap account is newly created and therefore empty it seams to try to backup from the dovecot imap server to the non dovecot imap server. So i tried instead: /usr/bin/doveadm -o imapc_user=u...@example.org -o imapc_password=imappw -o imapc_host=local-mailbox -o imapc_features=rfc822.size -o imapc_port=18143 -o mailbox_list_index=no -v -D backup -f -u u...@example.org -m Sent imapc: Now this is copying from mdbox to imapc, which is also why you're getting the crash: Sometimes (every other time?) i got the following segmentation fault: bt #0 0x7f15e2c9ed74 in strcasecmp () from /lib/libc.so.6 #1 0x7f15e327eaff in imapc_save_callback (reply=0x7fff56096a70, context=value optimized out) at imapc-save.c:168 Note how it's saving a mail to imapc. But still, that's a bug, fixed: http://hg.dovecot.org/dovecot-2.1/rev/20703dbd1168 dsync(u...@example.org): Warning: Destination mailbox Sent has been modified, need to recreate it before we can continue syncing I think this is also because it's going to wrong direction. i think the problem could be that the account name on the remote server and the local server is absolute identical and doveadm backup has therefore problems discerning between the two locations. But that's only a stab in the dark and any help is appreciated. Shouldn't be a problem.
Re: [Dovecot] dsync error: Mailboxes don't have unique GUIDs
On 25.6.2012, at 19.49, Charles Marcus wrote: I did try the 2.1.x version of dsync back in March. I found the version to be very unreliable. It would crash with many types of operations (e.g. maildir - mdbox conversions). Well, the version in 2.0.x was problematic, which is why Timo was rewriting it from scratch. Also, that was 3 *months* ago - more than likely a lot has changed since then. I'd suggest you try again with 2.1.7... The rewritten dsync is in v2.2 tree. v2.1's dsync is a fixed version of v2.0's dsync. I have no idea why v2.1's dsync would be less reliable than v2.0's. It only had bugfixes. Anyway, the GUID error could very well be because of buggy mailbox listing code in v2.0, which was rewritten for v2.1.
Re: [Dovecot] specifying home/sieve/sieve_dir relative to mail_location
That example means that if you have in LDAP mailDirectory=domain.com/username field, and you want user's home to be /var/vmail/domain.com/username, then you can set mailDirectory=home=/var/vmail/%$ where %$ gets expanded to domain.com/username. I don't think it's relevant to what you want. On 25.6.2012, at 21.08, Edgar Fuß wrote: But that requires Dovecot v2.1. I was refering to http://wiki1.dovecot.org/VirtualUsers/Home which, to my understanding, should apply to 1.2. I don't understand the Example at the bottom: LDAP with relative directory paths If your LDAP database uses e.g. mailDirectory = domain/user/, you can use it as a base for home directory: user_attrs = .., mailDirectory=home=/var/vmail/%$ Then just use mail_location = maildir:~/Maildir.
Re: [Dovecot] Mail migration to dovecot with doveadm backup
On 25.6.2012, at 21.21, Reinhard Vicinus wrote: Jun 25 20:01:26 10.129.3.200 dovecot: dsync(u...@example.org): Error: user u...@example.org: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_host Jun 25 20:01:26 10.129.3.200 dovecot: dsync(u...@example.org): Fatal: User init failed So I think that all the -o configurations aren't transfered via the doveadm-server socket. Correct. None of them are, and that's by design.
Re: [Dovecot] Director + managesieve: is it posible?
On 26.6.2012, at 17.16, Joseba Torre wrote: I've just tried to add managesieve to our director server, and when I try to connect they fail with Jun 26 12:28:13 director2 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=sieve#011secured#011session=5LNQjl3DjQAKAAsR#011lip=10.0.100.75#011rip=10.0.11.17#011lport=4190#011rport=39309#011resp=hidden Jun 26 12:28:13 director2 dovecot: managesieve-login: Error: proxy: host not given: user=test1, method=PLAIN, rip=10.0.11.17, lip=10.0.100.75, TLS, session=5LNQjl3DjQAKAAsR host not given. You've not configured service managesieve-login { executable = managesieve-login director }
Re: [Dovecot] Maildir Seen Flags not heeded when dovecot-shared present
On 26.6.2012, at 21.34, J E Lyon wrote: After many hours of searching (!) and lots of testing procmail scripts, I found the explanation I was looking for -- something you explained at http://www.dovecot.org/list/dovecot/2008-July/032551.html That explains it. Thing is, though, every time I've seen shared mailboxes -- really shared by multiple staff or not -- the preference is in fact for the shared behaviours to also share the Seen flags. Typically, someone doesn't want to read an email that someone else has already picked up and started dealing with or responded to. (They'll file it in due course, but the Seen flag is the first indicator that someone's opened and started to deal with it.) Hacking source code and branching and whatnot isn't easy or done lightly, but I wondered if anything else had come to light in recent years about this issue. So you don't want shared seen flags? You can simply not create dovecot-shared file nowadays. It's not necessary. The only other purpose for it was as the template for file permissions, but those are nowadays taken from the maildir itself: http://wiki2.dovecot.org/SharedMailboxes/Permissions
Re: [Dovecot] [PATCH] GSSAPI authorization and virtual users
On Tue, 2012-03-06 at 18:12 +, Sam Morris wrote: On Mon, 2012-03-05 at 20:52 +0200, Timo Sirainen wrote: On 5.3.2012, at 20.45, Sam Morris wrote: 3. The credentials lookup triggers an info log message saying that credentials for GSSAPI were requested, but we have only (e.g.) MD5-CRYPT. The authplugin doesn't actually want the credential, but I think that the only way the authplugin can trigger a passdb lookup is by requesting it. I'll look at the rest more closely later, but this should be an easy fix: request instead of GSSAPI. Thanks for pointing that out. Here's a newer version of the patch with that change. I also realised that the gss_buffer is not required in the code that runs once the passdb lookup is complete, so I removed the code that stashes it in struct gssapi_auth_request. I finally looked into this and did some changes. Does it still work? :) http://hg.dovecot.org/dovecot-2.2/rev/183adc90781c
Re: [Dovecot] Problem with 'doveadm mailbox status -t' reporting cumulative vsizes after upgrading from v2.0.16 to v2.1.7
On Mon, 2012-06-18 at 18:35 +0100, Jase Thew wrote: The reporting script at its core calls : doveadm -f flow mailbox status -A -t 'messages vsize' '*' It appears that Dovecot 2.1.7 is not resetting the vsize after collating the sum total of mailboxes sizes for each user, so that vsize just constantly increases as it iterates over each user. Fixed: http://hg.dovecot.org/dovecot-2.1/rev/d8d587bd5a29
Re: [Dovecot] pop3c_master_user
On Tue, 2012-06-19 at 00:41 +0200, Martin Schitter wrote: the configuration keyword pop3c_master_user mentioned in the dsync migration documentation (http://wiki2.dovecot.org/Migration/Dsync) does not work for dovecot 2.1.7. a config line like: pop3c_master_user = cyrus will produce this error: doveconf: Fatal: Error in configuration file /etc/dovecot/local.conf line 33: Unknown setting: pop3c_master_user Added: http://hg.dovecot.org/dovecot-2.1/rev/06ba409a63d3
Re: [Dovecot] director map and mysql
On Wed, 2012-06-20 at 14:40 +1100, Костырев Александр Алексеевич wrote: but what mechanisms do I have if I want certain user to be always proxied to certain host, but if that host is down, to redirect him to another? You'll have to mark the host down in SQL, and change your SQL query to return something else for the host value when that host is down (either another host or NULL to let director handle it).
Re: [Dovecot] doveadm proxy kick in director setups
On Thu, 2012-06-21 at 10:48 -0400, Tom Pawlowski wrote: Something I noticed on a 2.1.7 director test cluster (two directors, three backends): 'doveadm proxy kick user' will kick all connections for that user on that director only. Any additional connections on other directors will remain active unless the command is run on all directors. Are the proxy and director sub-commands intended to be separate and distinct in their operation? If so, then this makes sense, as a proxy isn't necessarily a director. They are separate, yes. Are there any plans for a proxy kick equivalent that would work across directors? With director it would be possible to kick all users that match the user's 32bit hash. If there are hash collisions then it would kick also other users.. Another possibility would be to create something that allows running the same doveadm command in all directors, but ssh pretty much can do that already. :)
Re: [Dovecot] pop3-throttle
On Sat, 2012-06-23 at 07:04 +0200, Emmanuel Dreyfus wrote: Hello I am having a hard time with users using POP while leaving mailboxes of several gigabyte cumulated. This causes a lot of disk I/O and kills performancs for everyone. I try to encourage people migrating to IMAP, but that migration will take some time, and therefore I am looking for alterantive ways to workaround the problem. What mailbox format do you use? This shouldn't be a problem with for example mdbox, probably not with sdbox either and with mbox/maildir there are settings that can improve this. Or are you not talking about opening the mailbox, but about clients redownloading all the mails all the time? I found pop3-throttle-plugin.c, which seems a smart way to solve the problem, unfortunately it comes with no documentation. I was able to build it and load it, bu itsays nothing in the logs. Is there any doc somewhere? Any advices on how to set it up? It's about allowing clients to see only X new mails per Y time. But I don't see how that would help with your problem if that's related to old mails. Anyway, quick docs: touch /etc/dovecot/pop3-throttle-enabled to enable the throttling plugin { pop3_throttle_max_msgs = 10 pop3_throttle_max_kbytes = 1024 } Which allows a single user to see max 10 new messages or max 1 MB of new messages per 15 minutes, whichever limit comes first. After 15 minutes more messages become visible again to reach the limit. The 15 minute limit is configurable by recompiling: #define POP3_THROTTLE_STATE_RESET_SECS (60*15)
Re: [Dovecot] pop3-throttle
On 27.6.2012, at 14.55, Emmanuel Dreyfus wrote: On Wed, Jun 27, 2012 at 12:50:20PM +0300, Timo Sirainen wrote: What mailbox format do you use? This shouldn't be a problem with for example mdbox, probably not with sdbox either and with mbox/maildir there are settings that can improve this. This is mbox. Or are you not talking about opening the mailbox, but about clients redownloading all the mails all the time? I don't think the client downloads the whole mailbox each time. It takes so long on a 1 GB mbox that the users would have complained. However, I can see a lot of disk I/O activity for pop daemon operating on the bigger mbox (easy to spot looking at the process uid) Try mbox_very_dirty_syncs=yes
Re: [Dovecot] Removing specific entry in user/auth cache
On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for?
Re: [Dovecot] permissions on auth-userdb
On 23.6.2012, at 13.34, Charles Marcus wrote: It would be nice if there were a wiki page specifically describing how permissions should be set for all of the services/directories that dovecot uses. Even better would be a dovecot/doveconf command that would test the permissions and, if possible, even fix them (like the postfix 'set-permissions' command)... The problem with those is that it depends on the installation. Each user may need different permissions. Many installations don't have a way to list users to even do a userdb lookup. I guess it would be possible to write such a tool for specific installations where it could work, but it wouldn't work everywhere..
Re: [Dovecot] RFE: IMAP LIST Extension for Special-Use Mailboxes
On 26.6.2012, at 18.54, Charles Marcus wrote: My question (I guess for Timo) is, would it be crazy/possible to implement some kind of 'alias' conversion in dovecot that would work regardless of client cooperation? Ie, in a config file, add a list of 'aliases' for these special use folders (similar to how it is done now), but where dovecot would then silently translate/map a request for any of the defined aliases to the defined special use folder? so, if Outlook wants to save a sent message to 'Sent Items', it would simply and silently be saved to 'Sent' (or whatever the admin had defined as the 'real' sent folder). This wouldn't then require anything to be implemented in a client, it would only require the Admin to know what clients they want to support and what folders those clients look for by default. There would be two possibilities: 1) Have aliases where the alias is visible with LIST and all other commands. Most clients will then show that mailbox duplicated with two names, probably causing user confusion. 2) Have aliases where the alias isn't visible with LIST, but it would be possible to APPEND/COPY messages there, or CREATE, SELECT, etc. I have no idea how different clients would behave with this behavior. Might work with some, or might not.. You can kind of emulate 2) behavior and see what happens by setting up namespaces like: namespace { prefix = separator = / inbox = yes list = no hidden = no } namespace { prefix = RealMails/ separator = / list = no hidden = yes } # I think there needs to be one list=yes namespace: namespace { prefix = something/ separator = / list = yes hidden = yes location = mbox:/var/lib/dovecot/empty } Anyway you could see if clients show the Drafts/Sent etc. mailboxes that they create and allows actually accessing them.
Re: [Dovecot] Setting up mixed mbox and maildir
On 27.6.2012, at 0.19, Jonathan Ryshpan wrote: If you are working with 2.0 or later dovecot, you should be at http://wiki2.dovecot.org/Namespaces I am using 2.1.7 . I surmise from this Namespace page that the form: namespace type { where type is one of public, private, or shared creates an unnamed namespace of type type while the form: namespace name { where name is none of public, private, or shared, creates a namespace with the name name and the default type (unspecified on this page, but probably private). I don't see any of that in the wiki2 page. Maybe you were looking at wiki1 page. The namespace can be given the type desired by an (undocumented) namespace setting: namespace inbox ( type = type Is this correct? It's mentioned in examples :) Yeah, could be more clearly mentioned in the wiki page too. Of course it's already in the example-config/conf.d/10-mail.conf file. The name part in namespace name { } should also be in the wiki page, although that's not namespace-specific thing at all, but works everywhere in dovecot.conf. It simply gives a (human-readable) name for the namespace within the configuration, it doesn't actually do anything.
Re: [Dovecot] Default for non-present LDAP attributes?
On Wed, 2012-06-27 at 22:18 +0200, Edgar Fuß wrote: With 1.2, is there a syntax to, for LDAP lookups, use a given fixed replacement for a non-present LDAP attribute? E.g. something that would extend user_attrs = mailFileServer=mail=maildir:/import/mail/%$/%d to use maildir:/import/mail/foo/%d in case the mailFileServer attribute is not present? The mail field defaults to mail_location setting. Other fields you can put to plugin {} section.
Re: [Dovecot] Removing specific entry in user/auth cache
On Wed, 2012-06-27 at 19:08 -0700, Joseph Tam wrote: I dont known about Angel, but for me is useful because sometimes i need to deactivate smtp/imap/pop access from accounts, or change their home after storage migration, and removing a specific record i can use a long time cache. I'm not sure that the auth cache holds that information, userdb lookups are also cached. but I think you can at least invalidate a particular auth cache entry by 1) Changing the user password (and save the previous hash) 2) Authenticate using the new credentials (and invalidate the auth cache entry). For example, you can just do a manual connection on your dovecot server x login someuser newpassword This will replace the cache entry with a new one. 3) When you are ready to put the account back online, change the password back to the original. A password mismatch forces a resync to your authentication system which will restore the auth cache. This works for passdb cache, but not for userdb cache. It would be possible to add a doveadm command for this.. I think the main reason why I already didn't do it last time I was asked this was because I wanted to use doveadm auth cache flush or something similar as the command, but there already exists doveadm auth command and cache flush would be treated as username=cache password=flush :( Anyone have thoughts on a better doveadm command name? Or should I just break it and have v2.2 use doveadm auth check or something for the old doveadm auth command?
Re: [Dovecot] indexer-worker
On Thu, 2012-06-28 at 07:54 +0200, Wojciech Puchar wrote: why this process (which most probably do squat index/update) runs as root, not - like imap process - as user? 29413 root 1 760 22820K 9204K kqread 1 0:17 5.86% indexer-worker It runs as root while not really doing anything, but when it starts accessing users' files it temporarily drops privileges. This is necessary if users have multiple different UIDs. If you have only one UID e.g. vmail, you could set: service indexer-worker { user = vmail } There are a couple of ways to do this automatically whenever it's possible.. I guess I'll add those to v2.2.
Re: [Dovecot] permissions on auth-userdb
On Wed, 2012-06-27 at 08:34 -0400, Charles Marcus wrote: On 2012-06-27 8:29 AM, Timo Sirainen t...@iki.fi wrote: On 23.6.2012, at 13.34, Charles Marcus wrote: It would be nice if there were a wiki page specifically describing how permissions should be set for all of the services/directories that dovecot uses. Even better would be a dovecot/doveconf command that would test the permissions and, if possible, even fix them (like the postfix 'set-permissions' command)... The problem with those is that it depends on the installation. Each user may need different permissions. Many installations don't have a way to list users to even do a userdb lookup. I guess it would be possible to write such a tool for specific installations where it could work, but it wouldn't work everywhere. Hmmm... I wonder how postfix does it then... maybe it doesn't have as many potential variations I guess? Postfix internally doesn't really use anything except root and postfix users. Dovecot can be configured in many different ways to handle mail users and that configuration affects quite a many settings. Is there maybe just a basic/standard set of permissions that can work for many installations, then have a way to detect non-standard installs and just provide a link to a wiki page describing things in more detail? I guess there could be two common settings described: Virtual users with one UID, and system users with multiple UIDs. Is there a wiki page for this already? I didn't find one... Maybe something could be written under http://wiki2.dovecot.org/UserIds
Re: [Dovecot] Mail migration to dovecot with doveadm backup
On Wed, 2012-06-27 at 15:10 +0200, Reinhard Vicinus wrote: Hi, if i delete the home directory and all content below an existing account u...@example.org. Then run: /usr/bin/doveadm quota recalc -u u...@example.org Are you sure quota recalc makes a difference here? What if you simply run doveadm twice? and afterwards: /usr/bin/doveadm -o imapc_user=u...@example.org -o imapc_password=imappw -o imapc_host=local-mailbox -o imapc_features=rfc822.size -o imapc_port=18143 -D -v backup -R -f -u u...@example.org imapc: dsync(u...@example.org): Error: Mailbox INBOX changed its GUID (c92f64f79f0d1ed01e6d5b314f04886c - 54c23c119d04eb4f00514f99b03d) dsync(u...@example.org): Error: msg iteration failed: Couldn't open mailbox c92f64f79f0d1ed01e6d5b314f04886c Bug/feature .. you could try if running with imapc:/tmp/imapc-username instead of imapc: helps.
Re: [Dovecot] Default for non-present LDAP attributes?
On 28.6.2012, at 12.19, Edgar Fuß wrote: The mail field defaults to mail_location setting. Ah, yes, thanks. So simple I didn't think of it. Will it default when the LDAP attribute is not present or will I have to check the attribute's presence in the LDAP filter? The default settings are in dovecot.conf. LDAP attributes that are returned by the LDAP server override those settings.
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On 28.6.2012, at 17.43, Gary Mort wrote: http://wiki2.dovecot.org/MailboxFormat/dbox To make life easy, I'll stick with just single-dbox as a start, however multi-dbox would be doable. With dbox, the only thing that I need to change is the alternate storage model: An upshot of the way alternate storage works is that any given storage file (mailboxes/folder/dbox-Mails/u.* (sdbox) or storage/m.* (mdbox)) can only appear *either* in the primary storage area *or* the alternate storage area but not both — if the corresponding file appears in both areas then there is an inconsistency. Whoever wrote that wasn't exactly correct (or clear). There's no problem having the same file in both primary and alt storage. Only if the files are different there's a problem, but that shouldn't happen.. First I want to add AWS S3 as a storage option for alternate storage. Then instead of the above model, the new model would be that email is always stored in alternate storage, and may be in primary storage. So, when mail comes in, I'd have Dovecot save the email to the alternate storage S3 bucket and update the indexs and other information[ideally, for convenience purposes, a few bits of relevant indexing information can be stored as metadata in the S3 object - sufficient so that instead of retrieving the entire S3 object, just the meta data can be pulled to build indexes. The indexes have to be in primary storage. When a client attempts to retrieve an email message, Dovecot would check primary storage as it does now, if the message is not found than it will retrieve it from the alternate storage system AND store a copy in the primary storage. I think the storing wouldn't be very useful. Most clients download the message once. There's no reason to cache it if it doesn't get downloaded again. The way it should work that new mails are immediately delivered to both primary and alt storage. Secondly, I'd like to replace the Mysql database usage with a simpleDB database. While simpleDB lacks much of MySQL's sophistication, it doesn't seem that Dovecot is really using any of that, so simpleDB can be functionally equivalent. Dovecot will probably get Redis and/or memcache backend for passdb+userdb. If simpledb is similar key-value database I guess the same code could be used partially.
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On 28.6.2012, at 20.14, Timo Sirainen wrote: An upshot of the way alternate storage works is that any given storage file (mailboxes/folder/dbox-Mails/u.* (sdbox) or storage/m.* (mdbox)) can only appear *either* in the primary storage area *or* the alternate storage area but not both — if the corresponding file appears in both areas then there is an inconsistency. Whoever wrote that wasn't exactly correct (or clear). There's no problem having the same file in both primary and alt storage. Only if the files are different there's a problem, but that shouldn't happen.. Hmm. Although looking at the mdbox index rebuilding code: /* duplicate file. either readdir() returned it twice (unlikely) or it exists in both alt and primary storage. to make sure we don't lose any mails from either of the files, give this file a new ID and rename it. */ It probably shouldn't be doing that. sdbox isn't doing that: /* we were supposed to open the file in alt storage, but it exists in primary storage as well. skip it to avoid adding it twice. */
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On 28.6.2012, at 20.55, Gary Mort wrote: The indexes have to be in primary storage. True, but the data they are based on I'm assuming does not include the full email message, just a few key pieces: uniqueid, subject, from, to, etc. For an always running server, the indexes are always up to date in primary. For a server starting up with no index data, it will need to rebuild the index information[or for a second server running when new email has been delivered]. As such, rather then download every single email message just for a few bits of key info, I can run a re-index process to pull just the meta information and grab the data from there. With sdbox you can't lose index files without also losing all message flags. And in general sdbox assumes that indexes are always up to date. When a client attempts to retrieve an email message, Dovecot would check primary storage as it does now, if the message is not found than it will retrieve it from the alternate storage system AND store a copy in the primary storage. I think the storing wouldn't be very useful. Most clients download the message once. There's no reason to cache it if it doesn't get downloaded again. The way it should work that new mails are immediately delivered to both primary and alt storage. I've got tons of space - so I don't mind having 750MB or so for primary email message storage. If I can track how many times a message was actually read, over time I can get an idea of how I use it and setup the primary storage purge rules accordingly. I'd be interested in knowing what those statistics will end up looking like. My guess is that it's not worth coding such feature, but of course some real world data would be better than my guesses :) Secondly, I'd like to replace the Mysql database usage with a simpleDB database. While simpleDB lacks much of MySQL's sophistication, it doesn't seem that Dovecot is really using any of that, so simpleDB can be functionally equivalent. Dovecot will probably get Redis and/or memcache backend for passdb+userdb. If simpledb is similar key-value database I guess the same code could be used partially. simpleDB is more like SQLLITE: .. You query the data like an SQL table: http://docs.amazonwebservices.com/AmazonSimpleDB/latest/DeveloperGuide/UsingSelect.html OK, so that would mean implementing lib-sql driver for SimpleDB and use sql passdb/userdb.
Re: [Dovecot] Integrating Dovecot with Amazon Web Services
On 28.6.2012, at 21.04, Gary Mort wrote: mdbox though is different, multiple messages are stored in a single file. The index indicates in which file each message is located. When the data is moved to alt storage, the filename can change in which case the index is updated. IE: Primary/Msg06282012 -- contains Msg007, Msg008, Msg009 Primary/Msg06272012 -- contains Msg004, Msg005, Msg006 Primary/Msg06262012 -- contains Msg001, Msg002, Msg003 along comes archiving and the new format is: Primary/Msg06292012 -- contains Msg010, Msg011, Msg012 Primary/Msg06282012 -- contains Msg007, Msg009 Primary/Msg06272012 -- contains Msg004, Msg006 Primary/Msg06262012 -- contains Msg003 Alt/Msg06292012 00 contains Msg001, Msg002, Msg005, Msg008 Yes, doveadm altmove works like this now. Since the archive rules can be based on a lot of different scenarios[and a message can even be archived from the command line], the filenames between Primary and Alternate are not the same - and in fact the same filename in each place could have different messages. For example: if messages are archived when a user sets an imap flag on them. There shouldn't normally ever be a situation where the same filename is used in both storages, because every time a new file is created to either of the storages a new unique number is used. So with the way it's written now, it's not possible to have a simple fallback by filename. It would be possible if the naming convention was strictly enforced, ie after archiving you have: Primary/Msg06292012 -- contains Msg010, Msg011, Msg012 Primary/Msg06282012 -- contains Msg007, Msg009 Primary/Msg06272012 -- contains Msg004, Msg006 Primary/Msg06262012 -- contains Msg003 Alt/Msg06282012 -- contains Msg008 Alt/Msg06272012 -- contains Msg005 Alt/Msg06262012 -- contains Msg001, Msg002 Now the index can simply say what file a message is in and doesn't have to specify primary or secondary, and the primary file with that name can be checked first, and then if it is not there check the alternate. This already works like that in the reading side. If you did altmoving by mv m.123 /altstorage/... instead of doveadm it would work.
Re: [Dovecot] Removing specific entry in user/auth cache
On 28.6.2012, at 9.43, Timo Sirainen wrote: It would be possible to add a doveadm command for this.. I think the main reason why I already didn't do it last time I was asked this was because I wanted to use doveadm auth cache flush or something similar as the command, but there already exists doveadm auth command and cache flush would be treated as username=cache password=flush :( Anyone have thoughts on a better doveadm command name? Or should I just break it and have v2.2 use doveadm auth check or something for the old doveadm auth command? Perhaps for v2.2: doveadm auth test user [pass] doveadm auth cache flush [user] doveadm auth cache stats and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] so you couldn't test authentication against cache user, but that's probably not a problem.
Re: [Dovecot] Removing specific entry in user/auth cache
On 29.6.2012, at 5.18, Daniel Parthey wrote: wouldn't it be better to use a syntax similar to other doveadm commands, with labels for all arguments? doveadm auth test -u user -p [pass] doveadm auth cache flush -u [user] doveadm auth cache stats This will allow you to syntactically distinguish commands from arguments. Otherwise you might run into the same kludgy syntax problem again, as soon as the number of subcommands changes. The problem was with the auth toplevel command not having subcommands. I don't think there are going to be any problems with subcommands. Also there are many commands already that take user without the -u parameter. Actually it's only the mail commands that take -u parameter at all. Another potential problem is doveadm user command. I'm wondering if it might be a good idea to move it to doveadm auth user or doveadm auth userdb command. There should be also a similar doveadm auth passdb command that does a passdb lookup without authentication.
Re: [Dovecot] auth service: out of memory
On 29.6.2012, at 9.35, Mailing List SVR wrote: I have some out of memory errors in my logs (file errors.txt attached) How large is your auth process's VSZ when it starts up and has handled a couple of logins? It's possible that it's not leaking at all, you're just not giving enough memory for its normal operation. Some Linux distros nowadays build binaries that eat up a lot of VSZ immediately when they start up.
Re: [Dovecot] Removing specific entry in user/auth cache
On 29.6.2012, at 10.13, Angel L. Mateo wrote: Other command it could be usefull is to remove a temporal user-server association in director. For example, I had a downtime in one server, so users normally directed to this server is now been directed to other. Now I want a user to get back to his normal server (force it, I know we willl get back after a timeout), but I don't want to flush all user connections to the backup server. There's already doveadm director move command.
Re: [Dovecot] auth service: out of memory
On 29.6.2012, at 10.39, Mailing List SVR wrote: Il 29/06/2012 09:19, Timo Sirainen ha scritto: On 29.6.2012, at 9.35, Mailing List SVR wrote: I have some out of memory errors in my logs (file errors.txt attached) How large is your auth process's VSZ when it starts up and has handled a couple of logins? It's possible that it's not leaking at all, you're just not giving enough memory for its normal operation. Some Linux distros nowadays build binaries that eat up a lot of VSZ immediately when they start up. ps aux report this: dovecot 7454 0.0 0.0 85980 3776 ?S09:36 0:00 dovecot/auth before restarting dovecot the auth process was running since about 1 hour and this is the output from ps aux dovecot 25002 0.0 0.0 86112 3780 ?S08:24 0:00 dovecot/auth So you have 44 MB of VSZ available after startup. You also have 10 MB of auth cache, which could in reality take somewhat more than 10 MB. It doesn't leave a whole lot available for regular use. I'd increase the auth process's VSZ limit and see if it still crashes. If you want to, you could also test with valgrind if there's a leak: service auth { executable = /usr/bin/valgrind --leak-check=full -q /usr/libexec/dovecot/auth } You'd then need to restart the auth process to make valgrind output the leaks.
Re: [Dovecot] lmtp proxy timeout while waiting for reply to DATA reply
On 2.7.2012, at 9.49, Angel L. Mateo wrote: My problem was that this timeout seems to be counted from the beginning of the LMTP connection, so when I have a lot of recipients in the same connection, last ones sometimes timedout. I solved it increasing this timeout with proxy_timeout option and reducing max number of lmtp recipients in postfix. Ah, interesting. These should help: http://hg.dovecot.org/dovecot-2.1/rev/27dccff46fe9 http://hg.dovecot.org/dovecot-2.1/rev/8a97daa8aff6
Re: [Dovecot] lmtp proxy timeout while waiting for reply to DATA reply
On 2.7.2012, at 10.10, Timo Sirainen wrote: On 2.7.2012, at 9.49, Angel L. Mateo wrote: My problem was that this timeout seems to be counted from the beginning of the LMTP connection, so when I have a lot of recipients in the same connection, last ones sometimes timedout. I solved it increasing this timeout with proxy_timeout option and reducing max number of lmtp recipients in postfix. Ah, interesting. These should help: http://hg.dovecot.org/dovecot-2.1/rev/27dccff46fe9 http://hg.dovecot.org/dovecot-2.1/rev/8a97daa8aff6 Plus http://hg.dovecot.org/dovecot-2.1/rev/569588ff7ef0 although I'm not entirely sure if it's needed. The LMTP code is rather ugly and difficult to follow..
Re: [Dovecot] director directing to wrong server (sometimes)
On 2.7.2012, at 9.53, Angel L. Mateo wrote: I have a user, its assigned server is 155.54.211.164. The problem is that I don't know why director sent him yesterday to a different server, because my server was up all the time. Moreover, I'm using poolmon in director servers to check availability of final servers and it didn't report any problem with the server. Which version of dovecot are you using? doveconf -n of director and mailbox instance? Sorry. Here you have them I think this shouldn't matter, but would be better to make both %n anyway: auth_username_format = %n director_username_hash = %u
Re: [Dovecot] UTF-8 mailbox name STATUS response
On 2.7.2012, at 12.07, Ewald Dieterich wrote: STATUS in Dovecot 2.1.7 returns the UTF-8 decoded folder name in a string literal: . CREATE INBOX.Euro IKw- . OK Create completed. . LIST INBOX.Euro IKw- * LIST (\HasNoChildren) . INBOX.Euro IKw- . STATUS INBOX.Euro IKw- (MESSAGES) * STATUS {14} INBOX.Euro € (MESSAGES 0) . OK Status completed. Is this intended? My Perl script based on Mail::IMAPTalk doesn't like it and I wonder if there are other clients that don't cope with it. Most likely that mailbox exists like that in the filesystem. It shouldn't. Dovecot hasn't allowed creating those for several years now. There's no good way to handle that, because even if Dovecot translated it to mUTF-7 it couldn't access the mailbox because it wouldn't exist as mUTF-7 in the filesystem..
Re: [Dovecot] lmtp proxy timeout while waiting for reply to DATA reply
On 2.7.2012, at 12.31, Angel L. Mateo wrote: My problem was that this timeout seems to be counted from the beginning of the LMTP connection, so when I have a lot of recipients in the same connection, last ones sometimes timedout. I solved it increasing this timeout with proxy_timeout option and reducing max number of lmtp recipients in postfix. Ah, interesting. These should help: http://hg.dovecot.org/dovecot-2.1/rev/27dccff46fe9 http://hg.dovecot.org/dovecot-2.1/rev/8a97daa8aff6 Plus http://hg.dovecot.org/dovecot-2.1/rev/569588ff7ef0 although I'm not entirely sure if it's needed. The LMTP code is rather ugly and difficult to follow.. Are these patches included in any released? (I have 2.1.5) I wrote those 3 hours ago, so no.
Re: [Dovecot] UTF-8 mailbox name STATUS response
On 2.7.2012, at 14.06, Ewald Dieterich wrote: . CREATE INBOX.Euro IKw- . OK Create completed. . LIST INBOX.Euro IKw- * LIST (\HasNoChildren) . INBOX.Euro IKw- . STATUS INBOX.Euro IKw- (MESSAGES) * STATUS {14} INBOX.Euro € (MESSAGES 0) . OK Status completed. Is this intended? My Perl script based on Mail::IMAPTalk doesn't like it and I wonder if there are other clients that don't cope with it. Most likely that mailbox exists like that in the filesystem. It shouldn't. Dovecot hasn't allowed creating those for several years now. In the filesystem the mailbox is in mUTF-7: Oh, sorry. I didn't even consider that it could have been broken for this long in v2.1.x without anyone noticing. Fixed: http://hg.dovecot.org/dovecot-2.1/rev/a698fccd37c3 Time for v2.1.8 soon I guess :)
Re: [Dovecot] Outlook 2010 very slow when using IMAP - are there any tweaks?
On 2.7.2012, at 19.12, Kaya Saman wrote: what's really weird is that if I keep increasing the Cache TTL and Cache size, the speed of transfer starts dropping. I think it may just be a coincidence that changing cache values appears to help, and the real reason maybe being just that Dovecot got restarted. Because if Outlook is using NTLM + winbind for authentication, the auth cache isn't used at all.
Re: [Dovecot] Authentication failed (migrate from 2.0.13 to 2.0.17)
On 2.7.2012, at 16.51, Dovecot user wrote: imap-login: Aborted login (auth failed, 1 attempts): user=, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, TLS Jul 2 15:19:13 mx dovecot: auth-worker: mysql(localhost): Connected to database mail Jul 2 15:19:15 mx dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Can you help me please ? Isn't there anything more in the logs? It should at the very least say password mismatch.. CRAM-MD5 authentication is a bit annoying to debug though. But I haven't touched its code for a long time, so it shouldn't have gotten broken.
Re: [Dovecot] Proxy config help please
On 30.6.2012, at 0.41, Zac Israel wrote: # 2.0.19: /etc/dovecot/dovecot.conf .. passdb { args = proxy=proxy_always nopassword=y host=172.16.0.13 port=143 proxy_timeout=5 starttls=y ssl=any-cert v2.0 has some problems with this. You should use v2.1 and use server name as the host value instead of IP. But anyway, the main problem is that you haven't specified ssl_ca setting that contains the accepted CA certificate.
Re: [Dovecot] doveadm purge -A via doveadm-proxy director fails after some users
On 29.6.2012, at 19.21, Daniel Parthey wrote: Jun 29 15:40:31 10.129.3.249 dovecot: doveadm(use...@domain1.example.org): Error: user use...@domain1.example.org: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied I've noticed a similar problem happening somewhat randomly, but I still haven't looked into why exactly it happens. Anyway the attached patch should fix this specific error, but I'm not sure if there isn't another one. Try and let me know? :) diff Description: Binary data
Re: [Dovecot] indexer-worker
On 28.6.2012, at 13.38, Wojciech Puchar wrote: 29413 root 1 760 22820K 9204K kqread 1 0:17 5.86% indexer-worker It runs as root while not really doing anything, but when it starts accessing users' files it temporarily drops privileges. This is necessary if users have multiple different UIDs. to showed it with root privilege and 60% CPU load+disk I/O when doing text search over not yet indexed folder. Maybe your ps/kernel shows the process's real uid instead of the effective uid. If you have only one UID e.g. vmail, you could set: i'm not sure what you exactly mean. I have simplest possible config - mail accounts are unix accounts and mail is at Maildir Yes, so the problem is that if the same indexer-worker process wants to index mails to two different users, it can't drop root privileges completely because otherwise it couldn't switch between the users' UIDs. Anyway, it would be possible to drop the root privileges completely by servicing only a single indexing request and then stopping the process. This would be worse for performance of course, but it should still be an option. I'll probably add to v2.2.
Re: [Dovecot] Setting up mixed mbox and maildir
On 28.6.2012, at 2.34, Jonathan Ryshpan wrote: I am continuing to attempt to set up dovecot to keep its mail store in maildir form while receiving it from an mbox, but without success. Dovecot reports the error that it can't create the file ~/mail/.imap/INBOX (and also that it can't chown it to user mail, not surprising since it doesn't exist). This seems reasonable, since jonrysh (that is me) is not a member of the group mail. What should be done next? Should I join the group mail? It seems that this should not be necessary in general. The mail store is in ~/maildir, so what is the function of the mbox ~/mail? Dovecot must be misconfigured, but it's not clear to a newbie like myself what's wrong. Any advice would be appreciated. I have attached an extract from maillog showing the errors (dovecot.log) dovecot reports (dovecot.log), and the output of dovecot -n (dovecot-n). The log shows the URL for the explanation and the solution: http://wiki2.dovecot.org/Errors/ChgrpNoPerm
Re: [Dovecot] dict Panic after upgrade to 2.1.7
On 24.6.2012, at 13.21, ckubu wrote: dovecot log entries: Jun 23 23:19:10 mx dovecot: dict: Panic: file driver-pgsql.c: line 84 (driver_pgsql_set_state): assertion failed: (state == SQL_DB_STATE_BUSY || db- cur_result == NULL) This is clearly a bug, but I don't really see why it's happening. It would be helpful if you could get a gdb backtrace: http://dovecot.org/bugreport.html
Re: [Dovecot] Wrong headers in dovecot-crlf
On 26.6.2012, at 21.55, Matthieu RAKOTOJAONA wrote: I'm using the very good imaptest [0] tool to test my little imap server implementation. I've tried to use the dovecot-crlf [1] file, but it looks like there are some major issues : $ grep -n In-Reply-To.*; tests/data/dovecot-crlf 479:In-Reply-To: 20020806175441.ga7...@linux.taugt.net; from rueck...@informatik.uni-rostock.de on Tue, Aug 06, 2002 at 07:54:41PM +0200 Yes, those aren't valid RFC 2822 headers. I'm not entirely sure if they're valid RFC 822 headers. As you can see, many of the In-Reply-To headers are polluted with some junk. The situation is the same for many Message-ID headers. I don't know why they are here, but I think it's a mistake. I thought I would let you know. They're there because those headers were sent originally to this list. I don't have any specific reason to modify the mails, and it might be better not to do it so that real world parsers can also figure out what to do with broken mails.
Re: [Dovecot] userdb errors after upgrading to 2.1
On 26.6.2012, at 18.04, André Rodier wrote: I am using LDAP lookups, and virtual users with the same UID/GID. Everything was working fine before, but now, I have this error when I try to send an email to a local account: Jun 26 15:46:52 lapetus dovecot: lmtp(24518): Error: user user.t...@indienet.com: Auth USER lookup failed Jun 26 15:46:52 lapetus dovecot: auth: Error: userdb(user.t...@indienet.com,127.0.0.1): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket However, even if I set the permissions to 0666, I still have the same error. Can you point me in the right direction to fix this, please? Easiest fix is to set permissions to 0777. A better one would be to set them to 0600 and set the socket's UID to your virtual user's UID.
Re: [Dovecot] Additional passdb result status
On 24.6.2012, at 23.37, Jürgen Pabel wrote: I am implementing a plugin (for the pop3/imap process) that requires some data to provided from the authentication phase (a derivative of the password). For that, I have now implemented a passdb plugin that generates this data and I would like to pass this data down to the mail process (pop3/imap) via extra_fields in the reply of the authentication. The general idea is that my custom passdb plugin calculates the data, sets the extra_field and returns some error (authentication was not successful) so that the real passdb backend can be invoked to really validate the authentication data. This is a bit related to another feature people have requested: Ability to merge data from multiple userdbs into a single reply. Perhaps the same could be done for passdbs. Also in my TODO is that master=yes passdb currently preserves userdb extra fields, but not passdb extra fields and that behavior probably isn't optimal. There is already passdb { pass=yes } setting for masterdbs. I guess the same could be used for non-masterdbs and also added to userdbs. However, in auth_request_handle_passdb_callback() the extra_fields are reseted unless the return code is PASSDB_RESULT_USER_DISABLED. But if that return code is used then any following passdb's aren't invoked any more - which makes sense with respect to user authenticiation. I would therefore like to propose that some IGNORE/CONTINUE-status to be introduced in auth/passdb.h, that would be handled in that extra_fields and possible other values are not reseted in order to allow such propagation of data from authentication process down to the mail process (which could be extracted from the reply string by parsing it). Yes, extra_fields really need to get reset between passdb calls. Same for userdb_reply. As a further implementation alternative (to the parsing of the reply string), I also propose that some new environment item be introduced (in auth_request) in order to allow such data passing in a generic manner. Maybe a new permanent_extra_fields, which gets added as default to new passdb/userdb lookups. If the lookup has pass=yes, the result gets added to permanent_extra_fields. Although the code is beginning to have too many extra_fields variables. Maybe it would be possible to merge extra_fields, extra_cache_fields and userdb_reply into one array of structs: struct auth_field { const char *key, *value; bool cache_only; bool userdb; bool permanent; }; I hope you consider my proposal to be reasonable. If desired, I could implement this myself and provide a patch for merging (based on 2.0.x). If my proposal is generally unfavored, it would be great if any alternative approaches for my situation were suggested. Thanks. I could add such a patch to v2.2.
[Dovecot] v2.1.8 released
http://dovecot.org/releases/2.1/dovecot-2.1.8.tar.gz http://dovecot.org/releases/2.1/dovecot-2.1.8.tar.gz.sig Most importantly fixes a pretty bad behavior of sending mailbox names as UTF-8 instead of mUTF-7 as required by IMAP RFC. I'm surprised nobody hadn't noticed this in v2.1.x tree before yesterday. I guess some clients might have translated the name to UTF-8 anyway and not noticed it, while others would have silently ignored the problem of not seeing STATUS updates. + pop3c: Added pop3c_master_user setting. - imap: Mailbox names were accidentally sent as UTF-8 instead of mUTF-7 in previous v2.1.x releases for STATUS, MYRIGHTS and GETQUOTAROOT commands. - lmtp proxy: Don't timeout connections too early when mail has a lot of RCPT TOs. - director: Don't crash if the director is working alone. - shared mailboxes: Avoid doing @domain userdb lookups. - doveadm: Fixed crash with proxying some commands. - fts-squat: Fixed handling multiple SEARCH parameters. - imapc: Fixed a crash when message had more than 8 keywords. - imapc: Don't crash on APPEND/COPY if server doesn't support UIDPLUS.
Re: [Dovecot] Authentication failed (migrate from 2.0.13 to 2.0.17)
On 3.7.2012, at 7.37, Dovecot user wrote: There's no way to troubleshoot this error ? Set auth_debug_passwords=yes and show all of the log entries from a failed login. Preferably use a test password so it won't be exposed. :) I use the same config file for dovecot 2.0.13, all works. Perhaps in 2.0.17, something is missing in my config file, or there's new keyword... ?? No, the configuration is identical between those version. The CRAM-MD5 code is also identical between those versions. I guess there could be some other seemingly unrelated change that might have broken it for some reason.
Re: [Dovecot] Authentication failed (migrate from 2.0.13 to 2.0.17)
On 3.7.2012, at 8.00, Dovecot user wrote: I tried to do the same 'dovecot -n' (dovecot 2.0.13, same config file) : Oh, are you saying that the difference isn't just the Dovecot version, but that they are completely different systems with (somewhat) different settings also? That's much more likely the problem than the version number. Is it normal that there are no lines : default_internal_user = _dovecot default_login_user = _dovenull Normal enough. It's then using the Dovecot's defaults which are dovecot and dovenull. I will try auth_debug_passwords=yes, keep you informed. Look at this output in your 2.0.13 setup and in 2.0.17 setup and see what the differences are.
Re: [Dovecot] Dovecot shared library to replace libc-client
On 3.7.2012, at 8.53, Asheesh Laroia wrote: I see there is a dovecot shared library. I haven't looked into the details, but here are things I'm interested in: 1. Replacing libc-client's use as a client library .. I envision creating libdovecot-c-client-alike that is a set of headers and a library that is API-compatible with (at least a subset of) c-client. You can call that a compatibility shim. Then e.g. php5-imap could be given the path to those headers and the corresponding libdovecot-c-client-alike library, and when it thinks it is linking to c-client, it could instead link to the libdovecot-c-client-alike. Yeah, that's a possibility. Although Dovecot's libraries are still more about the server side stuff than client side stuff, so it's possible that there are many important missing things. Also libc-client is commonly used to do IMAP access and Dovecot's imapc backend is still lacking quite a lot of that functionality. This might be convenient if you want to limit how much of a public API is presented by the current dovecot.so that gets installed in e.g. /usr/lib/dovecot/. The compatiblity shim could have a small API, and if you don't want provide ABI guarantees within dovecot.so, the shim could dlopen() dovecot.so rather than link to it. I'm still not ready to give ABI or even API guarantees to libdovecot.. There are still several important large changes to do and I don't really want to keep a ton of ugly backwards compatibility stuff just for external users of the library. Also another potential problem is that libdovecot.so doesn't use a global namespace prefix for all of its functions, so linking it with php could cause symbol name conflicts (especially md5_*, sha1_* and such could cause trouble, like they already have caused with libmysql). Once Dovecot becomes more finished (a few years?) I could consider API/ABI guarantees.. Of course nothing prevents anyone else from distributing a (patched) libdovecot already that actually does give some ABI guarantees. I just don't want to spend time on it. And v2.1 - v2.2 - v2.3 etc. transitions are going to be large changes. 2. Use of Dovecot shared library within alpine, embedding the imapd Right now, the mail client alpine embeds a copy of the UW IMAP source. It uses this when accessing local mail spools, for example. If Dovecot's IMAPd were available as a shared library, perhaps with a c-client-like API, (although not necessarily -- it would be feasible to upgrade alpine to a different API), then alpine could use Dovecot's mail drivers directly. I wonder if it would make any sense to for Alpine not use libdovecot API directly but rather talk IMAP protocol to Dovecot code (maybe running in a separate process)? The Dovecot configuration could be passed pretty easily from Alpine code without requiring any extra config files.
Re: [Dovecot] Authentication failed (migrate from 2.0.13 to 2.0.17)
With auth_debug_passwords=yes you'll get a lot more in the log. If you don't see, you're not looking into the correct file. Make sure you look into the debug log as shown by doveadm log find. On 3.7.2012, at 8.34, Dovecot user wrote: i just get this error : dovecot: imap-login: Aborted login (auth failed, 1 attempts): method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, secured root@mx:/var/log # date IMAP Error: Login failed for test...@mydomain.net from 192.168.0.92. Authentication failed. in /var/www/webmail/roundcubemail-0.7.2/program/include/rcube_imap.php on line 205 (POST /webmail/?_task=login_action=login) On 03.07.2012 09:20, Timo Sirainen wrote: On 3.7.2012, at 8.00, Dovecot user wrote: I tried to do the same 'dovecot -n' (dovecot 2.0.13, same config file) : Oh, are you saying that the difference isn't just the Dovecot version, but that they are completely different systems with (somewhat) different settings also? That's much more likely the problem than the version number. Is it normal that there are no lines : default_internal_user = _dovecot default_login_user = _dovenull Normal enough. It's then using the Dovecot's defaults which are dovecot and dovenull.
Re: [Dovecot] Dovecot shared library to replace libc-client
On 3.7.2012, at 9.18, Asheesh Laroia wrote: I'm still not ready to give ABI or even API guarantees to libdovecot.. There are still several important large changes to do and I don't really want to keep a ton of ugly backwards compatibility stuff just for external users of the library. Also another potential problem is that libdovecot.so doesn't use a global namespace prefix for all of its functions, so linking it with php could cause symbol name conflicts (especially md5_*, sha1_* and such could cause trouble, like they already have caused with libmysql). Yeah, I totally understand your desire to not make backwards compatiblity a goal of the project. Interesting point about the global namespace prefix. Is this something you'd be willing to reconsider, and start using a global namespace prefix? Dovecot in any case will have many different prefixes (I don't want to change ALL functions to begin with the same one), but there is one that is somewhat commonly used already: i_ which originally indicated irssi library :) dovecot-2.1/src/lib% grep '\bi_' *.h|wc -l 175 Much of the rest of the functions in lib/ could be prefixed with i_ I guess. But there are several annoying problems, such as t_ prefix is also commonly used in many places and I don't want to remove them (but they probably won't be a real problem either). Then there's i_stream_*() for input streams vs. o_stream_*() for output streams. But for some of the clearly unproblematic ones the i_ prefix could be added, like for md5/sha/etc small and potentially conflicting functions. Also I think GNU ld supports some way of hiding all but the explicitly wanted symbols from libraries, which would allow libdovecot to use all of its functions internally without the danger of them conflicting with outside users. But I'm not entirely sure how that works, maybe it needs to be done at linking stage which won't be good for Dovecot binaries that link with libdovecot. Once Dovecot becomes more finished (a few years?) I could consider API/ABI guarantees.. Of course nothing prevents anyone else from distributing a (patched) libdovecot already that actually does give some ABI guarantees. I just don't want to spend time on it. And v2.1 - v2.2 - v2.3 etc. transitions are going to be large changes. Yeah -- what I think is the most sensible, at the moment, is to distribute a small shim that has reasonably-tight dependencies to dovecot itself, and so when you upgrade dovecot, you probably have to upgrade the shim. So it proxies away the instability in dovecot, and provides a small, stable API/ABI. That's something that it seems you might not be interested in, but I wonder if I can convince you otherwise. If not, I might try convincing others to write it, but I'm hoping you might since you are so great! (-: The best I can do is that at some point in future (might still be 1-2 years) I want to provide scripting language bindings for Dovecot APIs, maybe even allow creating plugins with non-C languages. Those APIs would then pretty much have to be frozen so that they don't break. Before that I need to do a few more larger API breakages to support some missing things. I wonder if it would make any sense to for Alpine not use libdovecot API directly but rather talk IMAP protocol to Dovecot code (maybe running in a separate process)? The Dovecot configuration could be passed pretty easily from Alpine code without requiring any extra config files. That's my fallback plan at the moment, yeah. It seems like more work, though, but it has some serious tidiness possibly going for it. You could have Alpine keep the libc-client code and simply use it to connect to local Dovecot via IMAP protocol. All of the mailbox access would then go via Dovecot. I don't think it would be much work, mainly you'd need to create libc-client mail storage configuration - Dovecot settings in key=value format, fork a new process, put the settings to environment, exec imap and that's about it.
Re: [Dovecot] Outlook 2010 very slow when using IMAP - are there any tweaks?
On 3.7.2012, at 9.38, Kaya Saman wrote: So if I look at a different authentication mechanism say LDAP would it improve performance? I doubt authentication has anything to do with why Outlook downloads mails slowly. But you could configure Outlook to use plaintext authentication instead of NTLM authentication to see if it makes a difference. No need to change anything on Dovecot side then.
Re: [Dovecot] Removing specific entry in user/auth cache
On Fri, 2012-06-29 at 05:01 +0300, Timo Sirainen wrote: and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] Done: http://hg.dovecot.org/dovecot-2.1/rev/007bf0047ab0 http://hg.dovecot.org/dovecot-2.1/rev/1093c74f54af so you couldn't test authentication against cache user, but that's probably not a problem. Actually you only can't test authentication against cache user with flush password. Even less likely to be a problem.
Re: [Dovecot] dovecot and nfs readdir vs readdirplus operations
On 4.7.2012, at 21.49, Angel L. Mateo wrote: Although nfs configuration is the same, there are a lot of differences on readdir vs readdirplus nfs operations. In fact, in the old one we have 12% readdir operations and 3% of readdirplus. And in the new one we have 46% of readdirplus and no readdir operations. I'm not entirely sure, but I think it's the kernel that decides if readdir or readdirplus is used and Dovecot can't affect that decision. (Unless maybe kernel does some heuristics.) PS: I have attached doveconf -n of the new server. At least this reduces performance: mail_nfs_storage = yes Also maildir_very_dirty_syncs=yes improves performance by reducing readdirs. It's safe to use as long as only Dovecot is reading the Maildir.
Re: [Dovecot] dovecot and nfs readdir vs readdirplus operations
On 5.7.2012, at 8.44, Angel L. Mateo wrote: El 04/07/12 23:55, Timo Sirainen escribió: Also maildir_very_dirty_syncs=yes improves performance by reducing readdirs. It's safe to use as long as only Dovecot is reading the Maildir. Is it safe to use it although a user could have open simultaneous sessions in different servers? Each server has local indexes? Then it's not very optimal.. but it doesn't break anything badly, Dovecot just might not immediately notice when another server has done changes.
Re: [Dovecot] Howto add another disk storage
On 5.7.2012, at 10.44, Adrian M wrote: All this is telling me that is safer to have two or tree smaller filesystems than a big one. Dovecot has a nice feature for this Directory hashing http://wiki.dovecot.org/MailLocation/ What I don't know is a nice way to migrate from a single directory no hashing to more than one and hashing. Alternative to hashing is to simply return a mail or home setting from userdb pointing to your new mountpoint.
Re: [Dovecot] dovecot and nfs readdir vs readdirplus operations
On 5.7.2012, at 15.55, Angel L. Mateo wrote: Concluding... in my systems, with users with hugh mail folders (thousands of mails) in maildir format, disabling rdirplus with mount options (mount option nordirplus) increases performance (maybe we could do more precise test and this could be documented in dovecot's nfs documentation) BTW. What NFS server are you using? The problem is mainly on the server side, so would be useful to know which NFS server implementations (if any?) can handle readdirplus without such a huge performance loss. Mainly I'm wondering about NetApp, since that's what most large Dovecot NFS installations use.
Re: [Dovecot] Dovecot 2.1.8 crashes when doing POP3 UIDL on empty INBOX
On 7.7.2012, at 3.38, Joseph Tam wrote: #0 i_panic (format=0xff2302f8 Trying to allocate %u bytes) at failures.c:259 #1 0xff2068a4 in pool_alloconly_malloc (pool=0x60330, size=0) at mempool-alloconly.c:259 #2 0x00018248 in client_uidls_save (client=0x54d28) at pop3-commands.c:761 #3 0x00018444 in cmd_uidl_init (client=0x54d28, seq=0) at pop3-commands.c:793 #4 0x000185a8 in cmd_uidl (client=0x54d28, args=0x19eb8 ) at pop3-commands.c:824 #5 0x00018a24 in client_command_execute (client=0x54d28, name=0x2b550 UIDL, args=0x19eb8 ) at pop3-commands.c:889 Fixed: http://hg.dovecot.org/dovecot-2.1/rev/ea18b2ddb67b
Re: [Dovecot] Dsync replication
On 6.7.2012, at 23.28, l...@airstreamcomm.net wrote: Thanks, that certainly helps identify the configuration options. However I am more concerned about the experiences of others who have actually used the replication. What is the rate of change on your mail cluster, how many concurrent users do you support with replication enabled, do you use synchronous or asynchronous replication, are you using it in an active/active or active/passive state, is it possible to have a cluster with multiple servers at each site hosting the same mail data, does dysnc replication scale well (10,000 - 100,000 - 1,000,000 users)? Just trying to get a good feel for whether dsync replication is capable of handling the use case I am proposing before investing too much time in testing it. I wouldn't use it for large systems yet. It is still pretty inefficient. v2.2 will have a redesigned dsync that can do incremental syncs much faster and with less bandwidth. Anyway, in my small installation I'm using it in active-active mode and it works well enough. I've even configured my clients intentionally so that they use different servers.
Re: [Dovecot] Dovecot 2.1.8 crashes when doing POP3 UIDL on empty INBOX
On 8.7.2012, at 10.07, J E Lyon wrote: I think some of the things Timo does, he is able to do in his sleep . . What's annoying is that I sometimes do, and all the hard work gets lost somewhere to the dream world :(
Re: [Dovecot] imap-login: Panic: epoll_ctl(add, 6) failed: Invalid argument
On Mon, 2012-07-09 at 13:39 +0200, Angel L. Mateo wrote: Hello, More problems (it seems that we won't be able to put our new servers in production). The problem now is that when we reach 1000 dovecot processes we have errors like: Jul 9 12:10:22 myotis31 dovecot: imap-login: Panic: epoll_ctl(add, 6) failed: Invalid argument Jul 9 12:10:22 myotis31 dovecot: imap-login: Fatal: master: service(imap-login): child 32251 killed with signal 6 (core dumps disabled) and server doesn't accept any new connection. Our servers are running in ubuntu 12.04 with kernel 3.2.0-24-generic kernel. I have found a similar problem at https://bugzilla.redhat.com/show_bug.cgi?id=681578 but it is for redhat kernel of series 2.6. Could be the same problem? It's definitely the same problem. Any pointer to this problem for ubuntu kernels? Or for generic 3.0 kernels? Sorry, no idea.
Re: [Dovecot] Howto add another disk storage
On 10.7.2012, at 8.31, Frank Bonnet wrote: Would it be possible to close this thread from Dovecot mailing-list ? Yeah, enough with this thread.
Re: [Dovecot] mail_log plugin logs UTF-8 mailbox name
On 11.7.2012, at 15.42, Ewald Dieterich wrote: A small bug in the mail_log plugin: When I copy a mail from the inbox to a mailbox with special characters, the mailbox name is logged in UTF-8: [...] copy from INBOX: box=INBOX.Euro €, [...] I think the UTF8 name is more correct here I guess the name should be in mUTF-7, like it is done when I copy the other way round: [...] copy from Euro IKw-: box=INBOX, [...] and I should change this instead. Just because IMAP protocol uses mUTF7 doesn't mean that it should be visible anywhere else. (You can already use UTF8 for mailbox names on the filesystem.)
Re: [Dovecot] doveadm director status username != doveadm director status username@mailserver
On 17.7.2012, at 13.43, Joseba Torre wrote: I've almost finished my new director based setup, but in the first test I discovered that imap and lmtp connections were not always being proxied to the same server. After some research now I think that the main problem is that in imap connections users connect as 'username' while lmtp connections are as 'username@mailserver'. In my current setup I receive mail via SMTP in my director servers (which are loadbalanced by a CISCO machine), and then they send them to dovecot running on localhost. I've tried to get rid of the @mailserver in postfix in a generic way with no success. Is there any way to redirect connections based only in the local part of the address? Or there is a way to get rid of the @mailserver in the postfix - lmtp connection? director_username_hash = %n
Re: [Dovecot] bcypt availability
On 12.7.2012, at 13.32, Nick Edwards wrote: Do you intend to introduce bcrypt into the built in password schemes? No, but I would accept a patch for that.
Re: [Dovecot] Selective TLS per local IP
On 17.7.2012, at 1.35, Robert Blayzor wrote: So is there any way possible to turn off advertising of TLS on port or turn it off/on per IP? Something like: If those work, then yes. If they don't, then no. I'd think they would work. ssl = yes ssl_cert = /etc/ssl/cert/default.pem ssl_key = /etc/ssl/cert/default.pem local 10.1.1.1 { protocol imap { ssl_cert = /etc/ssl/cert/site1.pem ssl_key = /etc/ssl/cert/site1.pem } protocol pop3 { ssl_cert = /etc/ssl/cert/site1.pem ssl_key = /etc/ssl/cert/site1.pem } } local 10.1.1.2 { ssl = no } *or* ssl = no local 10.1.1.1 { ssl = yes protocol imap { ssl_cert = /etc/ssl/cert/site1.pem ssl_key = /etc/ssl/cert/site1.pem } protocol pop3 { ssl_cert = /etc/ssl/cert/site1.pem ssl_key = /etc/ssl/cert/site1.pem } } -- Robert Blayzor INOC, LLC rblay...@inoc.net http://www.inoc.net/~rblayzor/
Re: [Dovecot] SQLite dovecot query caching
On 13.7.2012, at 8.30, Dominic Malolepszy wrote: It caches the passdb lookup. The cache key consists of the given % variables in the SQL query. So if your SQL query doesn't contain %n/%u then the cache doesn't add per-user entries. I had a chance to play around with this in the lab. The cache hit appears to be returning values that should actually be ignored particularly the username for the previous cached entry. This is causing it to rewrite the username using what is in the cache. The simplest solution would be to just not put username to cache, but I'm worried it might break something else.. So for now I don't think I'm going to change it.
Re: [Dovecot] Difference between proxy_refresh and proxy_timeout in director
On 13.7.2012, at 11.52, Angel L. Mateo wrote: I know proxy_timeout is the timeout for the director operation. But what is the purpose for proxy_refresh? Director returns proxy_refresh to login process. The login process then tells director this often that the user's connection still exists. So it's an internal thing that you shouldn't need to care about.
Re: [Dovecot] Override userdb=passwd gid
On 12.7.2012, at 16.43, Veiko Kukk wrote: I have problem with Dovecot 2.1.1 writing maildir files as users primary group. Tried to override gid value, but probably i'm missing something... userdb { args = blocking=no gid=mail driver = passwd } Also tried using 'override_fields = gid=mail'. Users are from nss and winbind. Should work I think. Any ideas what i might do wrong? Set auth_debug=yes and mail_debug=yes and show the logs.
Re: [Dovecot] Seq-range order in sequence-set are matter?
I can reproduce this in v1.0 and v1.1, but not with v1.2 or newer. So this has been fixed 3 years ago. On 12.7.2012, at 14.13, Lay András wrote: Hi! I have a mailbox with 12 messages. Theese two commands: x fetch 5,8:12 (UID) * 5 FETCH (UID 10) * 8 FETCH (UID 13) * 9 FETCH (UID 14) * 10 FETCH (UID 15) * 11 FETCH (UID 16) * 12 FETCH (UID 17) x OK Fetch completed. and x fetch 8:12,5 (UID) * 5 FETCH (UID 10) * 8 FETCH (UID 13) * 9 FETCH (UID 14) * 10 FETCH (UID 15) * 11 FETCH (UID 16) * 12 FETCH (UID 17) x OK Fetch completed. outputs are equeal, this clean. But: x fetch 1:*,5 (UID) * 1 FETCH (UID 4) * 2 FETCH (UID 5) * 3 FETCH (UID 6) * 4 FETCH (UID 7) * 5 FETCH (UID 10) * 6 FETCH (UID 11) * 7 FETCH (UID 12) * 8 FETCH (UID 13) * 9 FETCH (UID 14) * 10 FETCH (UID 15) * 11 FETCH (UID 16) * 12 FETCH (UID 17) x OK Fetch completed. and x fetch 5,1:* (UID) * 5 FETCH (UID 10) * 6 FETCH (UID 11) * 7 FETCH (UID 12) * 8 FETCH (UID 13) * 9 FETCH (UID 14) * 10 FETCH (UID 15) * 11 FETCH (UID 16) * 12 FETCH (UID 17) x OK Fetch completed. command outputs are NOT equal? Why? Thank you! Lay
Re: [Dovecot] different mail_max_userip settings
On 10.7.2012, at 10.24, Federico Bianchi wrote: Is it possible to have mail_max_userip set to a value for localhost (webmail) and to another value for everything else? mail_max_userip_connections = 10 remote 127.0.0.1 { mail_max_userip_connections = 0 }
Re: [Dovecot] dovecot 2.1.8 still tries to touch any mountpoint
On 10.7.2012, at 14.00, Reindl Harald wrote: why does dovecot touch any ever used fuse-mountpoint and scream at the next start that is no longer mounted? If this is intentional, remove it with doveadm mount why if i never called doveadm on any setup at all? Jul 10 09:10:56 rh dovecot: master: Dovecot v2.1.8 starting up (core dumps disabled) Jul 10 09:10:56 rh dovecot: master: Warning: /sys/fs/cgroup/cpu is no longer mounted. If this is intentional, remove it with doveadm mount v2.1.9+ log message will point to http://wiki2.dovecot.org/Mountpoints
Re: [Dovecot] doveadm director status username != doveadm director status username@mailserver
On 17.7.2012, at 13.54, Timo Sirainen wrote: On 17.7.2012, at 13.43, Joseba Torre wrote: I've almost finished my new director based setup, but in the first test I discovered that imap and lmtp connections were not always being proxied to the same server. After some research now I think that the main problem is that in imap connections users connect as 'username' while lmtp connections are as 'username@mailserver'. In my current setup I receive mail via SMTP in my director servers (which are loadbalanced by a CISCO machine), and then they send them to dovecot running on localhost. I've tried to get rid of the @mailserver in postfix in a generic way with no success. Is there any way to redirect connections based only in the local part of the address? Or there is a way to get rid of the @mailserver in the postfix - lmtp connection? director_username_hash = %n BTW. This feature was implemented so that %d value could be used to allow shared mailboxes between domains to work in setups that have many smallish domains. And now that I think about it, the default should probably be %Lu
Re: [Dovecot] dovecot 2.1.8 still tries to touch any mountpoint
On 17.7.2012, at 15.12, Reindl Harald wrote: v2.1.9+ log message will point to http://wiki2.dovecot.org/Mountpoints Dovecot already internally filters out many mountpoints and filesystems that are pretty much guaranteed not to contain any emails i bet /sys/fs/cgroup will never contain any mail :-) v2.1.7+ won't add any mounts from /sys by default. But you had already run an older Dovecot version that had added those mountpoints, so v2.1.8 will still complain about them until you remove them. But they won't get added again even if you don't add an ignore for them. the bug is taht it also adds fuse-mountpoints where the dovecot suer never ever has any access permissions and whines later if they are unmounted It's not easy for Dovecot to know this. Other installations are using FUSE mountpoints to store mails. i see no reason for such magic why does a mailserver touch any mountpoint where it is not explicit configured to store mails? Because Dovecot doesn't know where mails can be stored (userdb lookups can override the defaults). The other possibility would have been to require you to explicitly list all the mountpoints that can contain mails/indexes and have Dovecot refuse to access the mails outside that list. But that would have broken all the existing installations. Jul 17 14:10:17 srv-rhsoft dovecot: master: Warning: /var/run/vmblock-fuse is no longer mounted. If this is intentional, remove it with doveadm mount I guess /var/run and /run could be added to the default ignore list.
Re: [Dovecot] Selective TLS per local IP
On 17.7.2012, at 15.20, Robert Blayzor wrote: On Jul 17, 2012, at 6:59 AM, Timo Sirainen wrote: On 17.7.2012, at 1.35, Robert Blayzor wrote: So is there any way possible to turn off advertising of TLS on port or turn it off/on per IP? Something like: If those work, then yes. If they don't, then no. I'd think they would work. No, they do not. It would be nice if it did. Or at least some way to disable TLS offering/advertisement if disabling the SSL socket is not possible. Here: http://hg.dovecot.org/dovecot-2.1/rev/258c2e231357
Re: [Dovecot] files missed from install
On 4.7.2012, at 19.17, Tim Dickson wrote: version: using dovecot 2.1.8 or 2.0.12 bug: installation - some files missed details: dovecot-openssl.cnf and mkcert.sh are not copied from the src/doc folder to the installation doc folder on installation (make install) both are referred to in the documentation and are useful. is there any chance of updating the build scripts to include these files? thanks, I suppose they could be. http://hg.dovecot.org/dovecot-2.1/rev/d01a06d821cf
Re: [Dovecot] LDAP.conf filter issue
On 5.7.2012, at 16.45, Tony Hlabse wrote: We are trying to use the user_filter options to limit authentication to a single user group. The cusotmer has security rules that they want to only have users belonging to a group to have access. Sample we have tried. auth_bind = yes auth_bind_userdn = EXAMPLE\%n user_filter is used only for userdb lookup, not for authentication. You could use pass_filter to limit authentication, but with the auth_bind_userdn setting enabled that doesn't work because its whole purpose is to skip the pass_filter.
Re: [Dovecot] Feature request
On 7.7.2012, at 17.26, Malloc Kilobyte wrote: Appreciating all Dovecot rich features, I lack just one. And this is the ability to customize the quota exceeded, message rejected message. I know I can set it's default content using quota_exceeded_message parameter, but i would also like to have ability to set: - to whom the message is sent. Some mail systems send copy not only to the sender, but also to the recipient. It makes sense in case rejected message has big size. I've thought about changing the default over-quota handling so that the user would be allowed one final mail to go over quota, as long as the mail is smaller than the user's total quota. And in normal situations user's quota is higher than the max. allowed message size advertised by SMTP server. Then this setting wouldn't be useful. - it's subject rejection_subject setting can already change this, although it applies also for Sieve rejects. Also in a preferred setup the rejection is done by replying failure to SMTP's RCPT TO command, in which case nothing else can be configured besides the one rejection string. - if the rejected message is being attached ( with or without it's own attachments ) or not Spam is often sent this way. Moreover, I think it would make sense if the rejected messege contained information about size of rejected message and current mailbox space usage. Message size could possibly be added, but I think current space usage could be considered a privacy leak.
Re: [Dovecot] MySQL dict issues
On 11.7.2012, at 21.10, l...@airstreamcomm.net wrote: Testing using the mysql dict for quota storage (dovecot-2.0.12-2_127.el5), and ran into a couple issues. First is a permissions issue: dovecot: lmtp(26786, d...@test.tld): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000(unknown) egid=5000(unknown) missing +r perm: /var/run/dovecot/dict, euid is not dir owner) The file /var/run/dovecot/dict is listed with srw--- perms. I changes the perms to srwrwx and it works, but I would like to figure out how to configure properly to run with the uid and gid 5000 as this is the user for virtual mail. http://wiki2.dovecot.org/Dict explains this. The second issue is that two identical rows are created in the mysql database for each user quota. The next message delivered updates both rows. Identical? Or perhaps one is the number of bytes and the other is the number of messages? The last issue might be a documentation omission. Dovecot warned me that the mysql user did not have DELETE privileges on the quota table: dovecot: dict: Error: sql dict: commit failed: DELETE command denied to user 'user'@'a.b.c.d' for table 'domain_user_quotas' This is done when recalculating quota. The quota dict documentation (at http://wiki2.dovecot.org/Quota/Dict) does not mention DELETE being needed: Updated.
Re: [Dovecot] quota fs: Support for hardlimit quotas (where softquota is unset)
On Sun, 2012-07-08 at 09:42 +0200, Jan Friesse wrote: Hi, included is patch which adds support for calculating fs quota from hardlimit where softlimit is unset. I'm usually not setting softlimit on my server causing dovecot work incorrectly (not reporting quota at all). Committed to v2.2: http://hg.dovecot.org/dovecot-2.2/rev/cdba6fec5ddf Seems like it could cause behavior to change for existing installations and maybe cause trouble, so I won't add it to v2.1.
Re: [Dovecot] Timeout (180s) while waiting for lock for transaction log file
On Mon, 2012-07-09 at 10:45 +0200, Angel L. Mateo wrote: We still have problems with our updated dovecot servers... The problem now is that we are having errors like: Jul 9 10:22:02 myotis31 dovecot: lmtp(15431, user): Error: Timeout (180s) while waiting for lock for transaction log file /var/indexes/user/.INBOX/dovecot.index.log .. maildir are in a nfs storage, but indexes are in local disk. I don't know if the problem could be related with a some specific messages or something specific to the user, because we are having this problem only with a few users and the problem repeatedly happens when our mta tries to deliver the queued message. If you can somewhat easily reproduce this for specific users, maybe you could strace -tt the lmtp process doing the delivery to see what is happening? Also, if the .log file is really locked for longer than 180secs, you should see a warning: Transaction log file %s was locked for %u seconds You could maybe also decrease the threshold for that warning: diff -r 56ef4e70b1a9 src/lib-index/mail-transaction-log-file.c --- a/src/lib-index/mail-transaction-log-file.c Tue Jul 17 15:44:36 2012 +0300 +++ b/src/lib-index/mail-transaction-log-file.c Tue Jul 17 16:09:28 2012 +0300 @@ -386,7 +386,7 @@ return; lock_time = time(NULL) - file-lock_created; - if (lock_time = MAIL_TRANSCATION_LOG_LOCK_TIMEOUT) { + if (lock_time = 30) { i_warning(Transaction log file %s was locked for %u seconds, file-filepath, lock_time); }
Re: [Dovecot] [PATCH] Interop problem with Cyrus SASL and GSSAPI
On Sat, 2012-07-14 at 19:17 +0100, Ben Morrow wrote: I have been trying to get a Postfix mail server using Dovecot SASL to accept GSSAPI AUTH from another Postfix server using Cyrus SASL, and I believe I have found a couple of bugs in Dovecot's GSSAPI implementation. Committed: http://hg.dovecot.org/dovecot-2.1/rev/ced6a796f56d I also noticed another bug while checking that: http://hg.dovecot.org/dovecot-2.1/rev/35ae9569de5a
Re: [Dovecot] Dovecot-2.1.8 process imap crashed
On 17.7.2012, at 17.15, Marcin Mirosław wrote: Hello! I've just upgraded dovecot from 2.0.18 to 2.1.8 and configured impac. I notice dovecot/imap throws segfault from time to time. I'm not sure i know what steps are needed to reproduce problem. .. #3 0x02d0fbf6208a in imapc_connection_abort_commands (conn=0x2b46579c10, disconnected=optimized out, keep_retriable=optimized out) at imapc-connection.c:271 #4 0x02d0fbf624be in imapc_connection_disconnect (conn=0x2b46579c10) at imapc-connection.c:371 .. #15 0x002b4461b58e in client_destroy (client=0x2b465891d0, reason=0x0) at imap-client.c:219 #16 0x002b44615552 in idle_client_input (ctx=optimized out) at cmd-idle.c:113 This happened when the client was IDLEing and the connection got closed. It's definitely a bug, but I haven't so far bothered to look into it much because the end result from the client's point of view is the same anyway (getting disconnected).
Re: [Dovecot] Compile issue Dovecot 2.1.8, OS X 10.6.x
I always use: CPPFLAGS='-I/opt/local/include/postgresql85 -I/opt/local/include' \ LDFLAGS=-L/opt/local/lib/postgresql85 -L/opt/local/lib \ ./configure Because otherwise system iconv conflicts with macports iconv. But it has been this way in v2.0 as well. On 18.7.2012, at 8.09, Jim wrote: Hey all, I'm still stumped here. No suggestions from anyone on anything I can look at? Has anyone successfully compiled the 2.1.x branch on Mac OS X 10.6.x? Jim On Jul 16, 2012, at 8:10 PM, Jim wrote: I just did tried building Dovecot 2.1.0, same issue. Dovecot 2.0.21 was able to build without issues, so this problem seems to be with the entire 2.1.x branch. Jim On Jul 16, 2012, at 4:25 PM, Jim wrote: Hey all. I'm running Mac OS X 10.6.4, and had Dovecot 2.0.7 installed built from source. I'm now wanting to upgrade to Dovecot 2.1.8, but I can't get MAKE to finish without errors: Undefined symbols: _libiconv_open, referenced from: _charset_to_utf8_begin in libcharset.a(charset-iconv.o) _libiconv, referenced from: _charset_to_utf8_reset in libcharset.a(charset-iconv.o) _charset_to_utf8 in libcharset.a(charset-iconv.o) _libiconv_close, referenced from: _charset_to_utf8_end in libcharset.a(charset-iconv.o) ld: symbol(s) not found collect2: ld returned 1 exit status make[3]: *** [libdovecot.la] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2
Re: [Dovecot] dovecot 2.x via xinetd
On 23.7.2012, at 4.37, Mathieu Roy wrote: I was using dovecot 1.2.x via xinetd with a setup like http://wiki.dovecot.org/InetdInstall Since I upgraded to Debian Wheezy, shipping dovecot 2.x, it no longer works. At best, I end up with stuff like Doesn't work anymore. No plans to make it work anymore. Way too much trouble. Is there any way to make dovecot aware of hosts.deny and hosts.allow? If you've compiled with tcpwrappers, you can do: login_access_sockets = tcpwrap
Re: [Dovecot] Remove leading and trailing spaces from folder names?
On 25.7.2012, at 13.43, Ralf Hildebrandt wrote: * Ed W li...@wildgooses.com: Oh, sorry. Why doveadm though? Why not attack the filesystem directly? It's a bit hard with mdbox: mailboxes. Actually it is allowed to simply mv the directory names, but I don't think that's all that much easier than just using doveadm rename. The way I'd do this is to just do doveadm mailbox list, put the strings through some regexps and doveadm rename if necessary. Repeat for all users.
Re: [Dovecot] Remove leading and trailing spaces from folder names?
On 25.7.2012, at 13.54, Ralf Hildebrandt wrote: The way I'd do this is to just do doveadm mailbox list, put the strings through some regexps and doveadm rename if necessary. Repeat for all users. Yes, something along those lines. It's just that I find it hard to craft a regexp which does that. Maybe after the vacation. echo foo/ b a r / baz / sup | perl -pe 's, +/,/,g; s,/ +,/,g; s/^ +//; s/ +$//'
Re: [Dovecot] what best for anti-spam filter?
On 24.7.2012, at 16.46, Patrick Ben Koetter wrote: this is a mailing list dedicated to Dovecot and the protocols POP, IMAP and MANAGESIEVE with the one or the other detour to storage. Greylisting and other Anti-Spam techniques, as discussed in this thread, truely are off-topic. Please take discussion offlist or to another list that deals with such stuff. I think threads like this and storage and maybe others could be moved to some wiki pages. It could be helpful to have a list of possibilities discussing their upsides and downsides, which would work much better in a wiki page than spread into 100 different messages in this list. So, anyone feel free to create http://wiki2.dovecot.org/AntiSpam and start filling it out.
Re: [Dovecot] what best for anti-spam filter?
Stop replying here and start writing to http://wiki2.dovecot.org/AntiSpam - I added some kind of a template now. Thread closed.
Re: [Dovecot] lock file strangeness
Dovecot doesn't create lock files named like these. On 25.7.2012, at 22.50, McGraw, Robert P wrote: We are running dovecot-1.2.10 on a Solaris 10 x86 host. Starting on July 24 I started seeing the following type lock files I the /var/mail directory. -rw-rw-rw- 1 agab mail 0 Jul 24 10:08 agabriel.lock.1343138908.28535.hardy.purdue.edu -rw-rw-rw- 1 agab mail 0 Jul 24 10:08 agabriel.lock.1343138907.28535.hardy.purdue.edu -rw-rw-rw- 1 agab mail 0 Jul 24 10:08 agabriel.lock.1343138906.28535.hardy.purdue.edu -rw-rw-rw- 1 agab mail 0 Jul 24 10:08 agabriel.lock.1343138905.28535.hardy.purdue.edu They are being created by only three of our users. What is common with the three users is that they are using alpine mail client. Again these just started on July 24. We have over 300 user and a lot of them use alpine but only three users seem to generate these lock files. Can some one tell me what and why these are being created and why they are not getting destroyed? Thanks Robert _ Robert P. McGraw, Jr. Manager, Computer SystemEMAIL: rmcg...@purdue.edu Purdue UniversityROOM: MATH-807 Department of Mathematics PHONE: (765) 494-6055 150 N. University Street West Lafayette, IN 47907-2067
Re: [Dovecot] fts solr : out of memory
On 28.7.2012, at 19.09, Matthew Powell wrote: This looks very much like an issue I've been having with fts-lucene. Indexing works (or at least completes without errors) in 2.1.7, but runs out of memory in 2.1.8. doveadm -v index -u username '*' crashes with: doveadm(username): Fatal: pool_system_realloc(536870912): Out of memory .. I've posted an example message that triggers the crash here: https://www.atom.net/dovecot/testcase1.eml. That's a very contrived test case, but I've encountered the same behaviour with a real message. Thanks, fixed: http://hg.dovecot.org/dovecot-2.1/rev/cbd2b321a68f
Re: [Dovecot] lmtp log message
On 27.7.2012, at 9.01, Daniel L. Miller wrote: I just tried switching to lmtp from lda. Messages are being delivered, but I now see messages similar to: Jul 26 22:59:21 bubba dovecot: lmtp(20508): Disconnect from local: Client quit (in reset) in my log for every message. Is this a normal sign-off - or does this indicate a misconfiguration? It's normal.
Re: [Dovecot] Slightly OT - Winbind and remote authentication.
On 27.7.2012, at 20.01, Simon Brereton wrote: I was doing some research on setting up a samba server for my internal network (as an alternative to NAS). The setup looks easy enough, but then I got to thinking - I already have an internet host with an mysql DB that has usernames and passwords and it would be simpler all round to reuse that as the authentication server. That server is also running Dovecot, so I thought it might be simpler still to set up samba to authenticate using IMAP (the mysql server is not accessible on port 3306 anyway). A quick google resulted in a suggestion from Robert (who by now must be on every single list I'm on or rather vice-versa) about using winbind. I went off to the link he posted - http://wiki.dovecot.org/Authentication/Mechanisms/Winbind?highlight=%28winbind%29 and the problem is that seems to indicate bind and dovecot are on the same server. That link is about Dovecot authenticating via Samba, not vice versa. So, this not being the samba list notwithstanding, is it possible to use a remote dovecot host as an authentication back-end on a local samba installation? No idea, but I think at least some Samba auth mechanisms probably want to have access to the plaintext password.
Re: [Dovecot] Auto logging-out client
On 26.7.2012, at 16.58, Nicolás wrote: I'm writing because of an issue I'm having with my Postfix-Dovecot installation. Everything's working fine but when an IMAP client is idle for some time, Dovecot automatically logs it out. Jul 26 14:01:16 mail dovecot: imap(nico...@devels.es): Disconnected: Logged out bytes=1271/7439 IMAP client logs out. Dovecot doesn't automatically do anything. There's no way (even theoretically) to prevent this from Dovecot's side. This entails errors when trying to send e-mails after this auto logout, such as: host devels.es[91.215.158.237] said: 550-Please turn on SMTP Authentication in your mail client, or login to the 550-IMAP/POP3 server before sending your message. Your server supports pop3/imap-before-smtp kludge. I'd remove that entirely and require SMTP AUTH always.
Re: [Dovecot] Re move .INBOX from folders.
On 26.7.2012, at 22.38, ssukh wrote: Hello all, i am just new to dovecot and trying to figure out how to remove .INBOX from the folders. Now all the folders are created like .INBOX.spam .INBOX.temp But i would like to have .spam .temp Either: a) Remove INBOX. namespace prefix from your client's configuration. or b) Set prefix=INBOX. to Dovecot's namespace configuration