Mailing List Archive

Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>
> with the old version 3.1.17 i could do an IMAP account setup in
> thunderbird with SSL/TLS on port 993
>
> with the new version 3.2.3 thunderbird now throws me an error that this
> connection type is not supported by the IMAP server.
> if i then switch to STARTTLS on port 143 all is working fine.
>
> before i start into debugging this on my server ...
>
> is this the expected behavior with the IMAP TLS setup in 3.2.3?
> is SSL/TLS on port 993 not supported?
> is STARTTLS on port 143 the only supported encryption?
>
> if not ... how can i best debug this issue? what do i need to do to make
> SSL/TLS on port 993 work again?

just run a proxy in front of dbmail like dovecot (i guess nearly
everybody still using dbmail does that for a long time to avoid
different troubles)

that way dbmail has no need to deal with anything in context of TLS and
143 with STATTLS as well as 993 with the wrapper work and the same for POP3

Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>
>> with the old version 3.1.17 i could do an IMAP account setup in
>> thunderbird with SSL/TLS on port 993
>>
>> with the new version 3.2.3 thunderbird now throws me an error that this
>> connection type is not supported by the IMAP server.
>> if i then switch to STARTTLS on port 143 all is working fine.
>>
>> before i start into debugging this on my server ...
>>
>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>> is SSL/TLS on port 993 not supported?
>> is STARTTLS on port 143 the only supported encryption?
>>
>> if not ... how can i best debug this issue? what do i need to do to make
>> SSL/TLS on port 993 work again?
> just run a proxy in front of dbmail like dovecot (i guess nearly
> everybody still using dbmail does that for a long time to avoid
> different troubles)
>
> that way dbmail has no need to deal with anything in context of TLS and
> 143 with STATTLS as well as 993 with the wrapper work and the same for POP3
>
thanks for your reply and the hint of using dovecot as a proxy in front
of dbmail.

could you perhaps point me to a proper and up-to-date how to? working
config file?

that would be awesome ;)

thanks & greetings
becki
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Am 14.07.2016 um 12:29 schrieb Admin Beckspaced:
> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>> that way dbmail has no need to deal with anything in context of TLS and
>> 143 with STATTLS as well as 993 with the wrapper work and the same for
>> POP3
>>
> thanks for your reply and the hint of using dovecot as a proxy in front
> of dbmail.
>
> could you perhaps point me to a proper and up-to-date how to? working
> config file?
>
> that would be awesome ;)

_________________________________________________________

[root@testserver:~]$ cat /etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3

# configure ssl
ssl = yes
ssl_cert = </etc/postfix/certs/localhost.pem
ssl_key = </etc/postfix/certs/localhost.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
ssl_protocols = !SSLv2 !SSLv3
ssl_prefer_server_ciphers = yes
ssl_options = no_compression,no_ticket

# configure imap-proxy
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
}
vsz_limit = 512M
service_count = 0
process_min_avail = 0
process_limit = 1
client_limit = 300
}

# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
}
vsz_limit = 512M
service_count = 0
process_min_avail = 0
process_limit = 1
client_limit = 300
}

# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk
NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = user=<%u> %r %m %c
login_log_format = %$: %s

mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP
LOGIN PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes

# Logging
syslog_facility = mail

# authentication process
auth_failure_delay = 10
auth_worker_max_count = 50
auth_cache_size = 16384
auth_cache_ttl = 600
auth_cache_negative_ttl = 600
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz

# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no

# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}

# we are not using local users
userdb {
driver = static
args = static uid=10000 gid=10000 home=/dev/null
}

# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
_________________________________________________________

[root@testserver:~]$ cat /etc/dovecot/sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysqld_dbmail.sock
dbname=dbmail user=dbmail password=**mysql-pwd**
password_query = SELECT passwd as password, '127.0.0.1' as host,
IF('%Us'='POP3','20110','20143') as port, userid as destuser, passwd AS
pass, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users
WHERE userid='%u';
default_pass_scheme = plain
_________________________________________________________

[root@testserver:~]$ cat /etc/dbmail.conf
[DBMAIL]
dburi =
mysql://dbmail:**mysql-pwd**@localhost/dbmail?unix-socket=/var/lib/mysql/mysqld_dbmail.sock&charset=utf8
authdriver = sql
table_prefix = dbmail_
max_db_connections = 10

default_msg_encoding = utf8
postmaster = postmaster@testserver.rhsoft.net
sendmail = /usr/sbin/sendmail

syslog_logging_levels = 31
query_time_info = 10
query_time_notice = 20
query_time_warning = 30
query_timeout = 300

effective_user = dbmail
effective_group = dbmail

backlog = 256
timeout = 300
login_timeout = 60
resolve_ip = no
authlog = no
logfile = /var/log/dbmail.log
errorlog = /var/log/dbmail.err
pid_directory = /run/dbmail
header_cache_readonly = yes

[LMTP]
bindip = 127.0.0.1
port = 24
banner = LMTP
timeout = 1800
max_db_connections = 1

[POP]
bindip = 127.0.0.1
port = 20110
pop_before_smtp = no
banner = POP3
timeout = 1800

[IMAP]
bindip = 127.0.0.1
port = 20143
idle_timeout = 35
imap_before_smtp = no
capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk
NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
banner = IMAP
timeout = 3600
max_message_size = 26214400

[SIEVE]
bindip = *
port = 2000
banner = SIEVE

[DELIVERY]
auto_reply = yes
suppress_duplicates = yes
sieve = yes
subaddress = yes
sieve_vacation = no
sieve_notify = no
sieve_debug = no
auto_notify = no
quota_failure = hard
_________________________________________________________

well, and after that you can use dovecot for sasl-auth in postfix too
(main.cf) making sure everything is uisng the same database and auth-mechs

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>
>> with the old version 3.1.17 i could do an IMAP account setup in
>> thunderbird with SSL/TLS on port 993
>>
>> with the new version 3.2.3 thunderbird now throws me an error that this
>> connection type is not supported by the IMAP server.
>> if i then switch to STARTTLS on port 143 all is working fine.
>>
>> before i start into debugging this on my server ...
>>
>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>> is SSL/TLS on port 993 not supported?
>> is STARTTLS on port 143 the only supported encryption?
>>
>> if not ... how can i best debug this issue? what do i need to do to make
>> SSL/TLS on port 993 work again?
> just run a proxy in front of dbmail like dovecot (i guess nearly
> everybody still using dbmail does that for a long time to avoid
> different troubles)
>
> that way dbmail has no need to deal with anything in context of TLS and
> 143 with STATTLS as well as 993 with the wrapper work and the same for POP3
>
just another question:

you wrote "... everybody still using dbmail ..."

what do you mean by 'still'? have you switched to another mail server
like dovecot, cyrus, ...
perhaps not satisfied with dbmail?

i'm just asking because dbmail is not used by that many system admins.
and i'm also sometimes worried about the future of dbmail :(
i'm actually quite happy with dbmail and have been for the last couple
of years.

but i'm always looking for other peoples insights ;) what's your thought
on the current status of dbmail and its future?

thanks for your time & greetings
becki

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

On 14-07-16 6:29 PM, Reindl Harald wrote:
>
>
> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>
>> with the old version 3.1.17 i could do an IMAP account setup in
>> thunderbird with SSL/TLS on port 993
>>
>> with the new version 3.2.3 thunderbird now throws me an error that this
>> connection type is not supported by the IMAP server.
>> if i then switch to STARTTLS on port 143 all is working fine.
>>
>> before i start into debugging this on my server ...
>>
>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>> is SSL/TLS on port 993 not supported?
>> is STARTTLS on port 143 the only supported encryption?
>>
>> if not ... how can i best debug this issue? what do i need to do to make
>> SSL/TLS on port 993 work again?
>
> just run a proxy in front of dbmail like dovecot (i guess nearly
> everybody still using dbmail does that for a long time to avoid
> different troubles)
>
> that way dbmail has no need to deal with anything in context of TLS
> and 143 with STATTLS as well as 993 with the wrapper work and the same
> for POP3


Hi,

I am in a similar position I have been running dbmail 3.1.17 and using
imap with SSL/TLS on port 993 for a few years now. Just for my own use
on a home gentoo server. I am upgrading the hardware and thought I'd
take the opportunity to use dbmail to 3.2.2. However, in my testing
there seems to be no way to access IMAP on port 993 with SSL/TLS.

(Sorry to sound rude but) Rather than telling me to use a different
proxy, could someone confirm that SSL/TLS access on port 993 which
worked on 3.1.17 does NOT and CANNOT work using 3.2.2 (without using
some other proxy).

Unfortunately I think the time may have come for me to find another imap
server after using various versions of dbmail for more than 10 years :(
Although in the short term I'll probably just downgrade to 3.1.17.

Thanks
Ken.
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Am 14.07.2016 um 13:49 schrieb Admin Beckspaced:
> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>>
>>> with the old version 3.1.17 i could do an IMAP account setup in
>>> thunderbird with SSL/TLS on port 993
>>>
>>> with the new version 3.2.3 thunderbird now throws me an error that this
>>> connection type is not supported by the IMAP server.
>>> if i then switch to STARTTLS on port 143 all is working fine.
>>>
>>> before i start into debugging this on my server ...
>>>
>>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>>> is SSL/TLS on port 993 not supported?
>>> is STARTTLS on port 143 the only supported encryption?
>>>
>>> if not ... how can i best debug this issue? what do i need to do to make
>>> SSL/TLS on port 993 work again?
>> just run a proxy in front of dbmail like dovecot (i guess nearly
>> everybody still using dbmail does that for a long time to avoid
>> different troubles)
>>
>> that way dbmail has no need to deal with anything in context of TLS and
>> 143 with STATTLS as well as 993 with the wrapper work and the same for
>> POP3
>>
> just another question:
>
> you wrote "... everybody still using dbmail ..."
>
> what do you mean by 'still'? have you switched to another mail server
> like dovecot, cyrus, ...

me not at the moment but i know people which switched to dovecot due low
maintainance the last year and ongoing user complaints

> perhaps not satisfied with dbmail?

yes and no - my problem is that i built a ton of admin-backends around
dbmail and the database schema combined with a lot of automation and so
it would not be some easy step

> i'm just asking because dbmail is not used by that many system admins.
> and i'm also sometimes worried about the future of dbmail :(
> i'm actually quite happy with dbmail and have been for the last couple
> of years.
>
> but i'm always looking for other peoples insights ;) what's your thought
> on the current status of dbmail and its future?

i hope it will get more love in a forseeable future....

Am 14.07.2016 um 13:57 schrieb Ken Drummond:
> On 14-07-16 6:29 PM, Reindl Harald wrote:
>>
>> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>>
>>> with the old version 3.1.17 i could do an IMAP account setup in
>>> thunderbird with SSL/TLS on port 993
>>>
>>> with the new version 3.2.3 thunderbird now throws me an error that this
>>> connection type is not supported by the IMAP server.
>>> if i then switch to STARTTLS on port 143 all is working fine.
>>>
>>> before i start into debugging this on my server ...
>>>
>>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>>> is SSL/TLS on port 993 not supported?
>>> is STARTTLS on port 143 the only supported encryption?
>>>
>>> if not ... how can i best debug this issue? what do i need to do to make
>>> SSL/TLS on port 993 work again?
>>
>> just run a proxy in front of dbmail like dovecot (i guess nearly
>> everybody still using dbmail does that for a long time to avoid
>> different troubles)
>>
>> that way dbmail has no need to deal with anything in context of TLS
>> and 143 with STATTLS as well as 993 with the wrapper work and the same
>> for POP3
>
> I am in a similar position I have been running dbmail 3.1.17 and using
> imap with SSL/TLS on port 993 for a few years now. Just for my own use
> on a home gentoo server. I am upgrading the hardware and thought I'd
> take the opportunity to use dbmail to 3.2.2. However, in my testing
> there seems to be no way to access IMAP on port 993 with SSL/TLS.
>
> (Sorry to sound rude but) Rather than telling me to use a different
> proxy, could someone confirm that SSL/TLS access on port 993 which
> worked on 3.1.17 does NOT and CANNOT work using 3.2.2 (without using
> some other proxy)

sorry to sound rude but in the current support situation making a dbmail
major upgrade to 3.2 is somehow crazy and there where so much problems
with TLS and haning services in the past years with 3.0/3.1 that it's a
widely accepted recommendation to run it behind a proxy

and if it's only for security resons because dovecot makes the
authetication based on the dbmail database directly with the client and
until that was successful no single bit of a arbitary client passes to
dbmail

guess where security bugs more likely and quicker fixed - dbmail or
dovecot - look at the release freqency and userbase and you know

On 2016-07-14 12:59, Reindl Harald wrote:
> Am 14.07.2016 um 13:49 schrieb Admin Beckspaced:
>> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>>>
>>>> with the old version 3.1.17 i could do an IMAP account setup in
>>>> thunderbird with SSL/TLS on port 993
>>>>
>>>> with the new version 3.2.3 thunderbird now throws me an error that
>>>> this
>>>> connection type is not supported by the IMAP server.
>>>> if i then switch to STARTTLS on port 143 all is working fine.
>>>>
>>>> before i start into debugging this on my server ...
>>>>
>>>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>>>> is SSL/TLS on port 993 not supported?
>>>> is STARTTLS on port 143 the only supported encryption?

IIRC 993 is for SSL, not TLS. I use it via stunnel that handles the SSL
layer,
and forwards to the IMAP port from there. There is, IMO, no good reason
to
even expose port 143 to the internet.

Gordan



_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

On 2016-07-14 13:13, Reindl Harald wrote:
> Am 14.07.2016 um 13:57 schrieb Ken Drummond:
>> On 14-07-16 6:29 PM, Reindl Harald wrote:
>>>
>>> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>>>
>>>> with the old version 3.1.17 i could do an IMAP account setup in
>>>> thunderbird with SSL/TLS on port 993
>>>>
>>>> with the new version 3.2.3 thunderbird now throws me an error that
>>>> this
>>>> connection type is not supported by the IMAP server.
>>>> if i then switch to STARTTLS on port 143 all is working fine.
>>>>
>>>> before i start into debugging this on my server ...
>>>>
>>>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>>>> is SSL/TLS on port 993 not supported?
>>>> is STARTTLS on port 143 the only supported encryption?
>>>>
>>>> if not ... how can i best debug this issue? what do i need to do to
>>>> make
>>>> SSL/TLS on port 993 work again?
>>>
>>> just run a proxy in front of dbmail like dovecot (i guess nearly
>>> everybody still using dbmail does that for a long time to avoid
>>> different troubles)
>>>
>>> that way dbmail has no need to deal with anything in context of TLS
>>> and 143 with STATTLS as well as 993 with the wrapper work and the
>>> same
>>> for POP3
>>
>> I am in a similar position I have been running dbmail 3.1.17 and using
>> imap with SSL/TLS on port 993 for a few years now. Just for my own
>> use
>> on a home gentoo server. I am upgrading the hardware and thought I'd
>> take the opportunity to use dbmail to 3.2.2. However, in my testing
>> there seems to be no way to access IMAP on port 993 with SSL/TLS.
>>
>> (Sorry to sound rude but) Rather than telling me to use a different
>> proxy, could someone confirm that SSL/TLS access on port 993 which
>> worked on 3.1.17 does NOT and CANNOT work using 3.2.2 (without using
>> some other proxy)
>
> sorry to sound rude but in the current support situation making a
> dbmail major upgrade to 3.2 is somehow crazy and there where so much
> problems with TLS and haning services in the past years with 3.0/3.1
> that it's a widely accepted recommendation to run it behind a proxy

Yeah, the fact that upgrade isn't doable simply and quickly in-place
is one of the reasons I'm looking to switch away. For now I fixed my
random hangs by cronning and hourly daemon restart, but that is a
bit naff.

> and if it's only for security resons because dovecot makes the
> authetication based on the dbmail database directly with the client
> and until that was successful no single bit of a arbitary client
> passes to dbmail

The fact that you are running a different IMAP daemon as a proxy
in front of it sounds pretty damning...


_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Am 14.07.2016 um 14:26 schrieb Gordan Bobic:
>> and if it's only for security resons because dovecot makes the
>> authetication based on the dbmail database directly with the client
>> and until that was successful no single bit of a arbitary client
>> passes to dbmail
>
> The fact that you are running a different IMAP daemon as a proxy
> in front of it sounds pretty damning...

no it don't

* you can share the same auth for postfix submission instead
mangle around with sasld and friends

* if you have had historical setups where users needed % instead
of @ and don't want a support nightmare you need something
like "auth_username_translation" from dovecot anyways

* if you consider setup a scalable infrastructure you would
anyways put a proxy in front to have later easy options
for split load on different backends like you are
doing it with http

* if you grow and have to serve *really* high load you
would anyways consider a proxy doing TLS offloading
far away from the backend servers as you do it with http

Am 14.07.2016 um 14:15 schrieb Gordan Bobic:
> IIRC 993 is for SSL, not TLS. I use it via stunnel that handles the SSL
> layer,
> and forwards to the IMAP port from there. There is, IMO, no good reason to
> even expose port 143 to the internet

oh my god - in doubt the other side makes sense

993/995/465 are historical artefacts, 465 in case of mail is even
strongly deprecated in favour of STARTTLS and at the end of the day you
need *both* because some clients support only the wrapper-mode and
others only STARTTLS

>> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>> that way dbmail has no need to deal with anything in context of TLS and
>>> 143 with STATTLS as well as 993 with the wrapper work and the same for
>>> POP3
>>>
>> thanks for your reply and the hint of using dovecot as a proxy in front
>> of dbmail.
>>
>> could you perhaps point me to a proper and up-to-date how to? working
>> config file?
>>
>> that would be awesome ;)
> _________________________________________________________
>
> [root@testserver:~]$ cat /etc/dovecot/dovecot.conf
> # provided services
> protocols = imap pop3
>
> # configure ssl
> ssl = yes
> ssl_cert = </etc/postfix/certs/localhost.pem
> ssl_key = </etc/postfix/certs/localhost.pem
> ssl_cipher_list =
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
> ssl_protocols = !SSLv2 !SSLv3
> ssl_prefer_server_ciphers = yes
> ssl_options = no_compression,no_ticket
>
> # configure imap-proxy
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> }
> vsz_limit = 512M
> service_count = 0
> process_min_avail = 0
> process_limit = 1
> client_limit = 300
> }
>
> # configure pop3-proxy
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> }
> vsz_limit = 512M
> service_count = 0
> process_min_avail = 0
> process_limit = 1
> client_limit = 300
> }
>
> # default settings
> imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk
> NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
> login_greeting =
> login_log_format_elements = user=<%u> %r %m %c
> login_log_format = %$: %s
>
> mail_max_userip_connections = 100
> auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP
> LOGIN PLAIN
> disable_plaintext_auth = no
> shutdown_clients = no
> version_ignore = yes
>
> # Logging
> syslog_facility = mail
>
> # authentication process
> auth_failure_delay = 10
> auth_worker_max_count = 50
> auth_cache_size = 16384
> auth_cache_ttl = 600
> auth_cache_negative_ttl = 600
> auth_username_chars =
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
> auth_username_translation =
> %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
>
> # debug options
> auth_debug = no
> auth_debug_passwords = no
> auth_verbose = no
> mail_debug = no
> verbose_ssl = no
>
> # configure proxy-database
> passdb {
> driver = sql
> args = /etc/dovecot/sql.conf
> }
>
> # we are not using local users
> userdb {
> driver = static
> args = static uid=10000 gid=10000 home=/dev/null
> }
>
> # configure backend for postfix sasl-auth
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0660
> user = postfix
> group = postfix
> }
> }
> _________________________________________________________
>
> [root@testserver:~]$ cat /etc/dovecot/sql.conf
> driver = mysql
> connect = host=/var/lib/mysql/mysqld_dbmail.sock
> dbname=dbmail user=dbmail password=**mysql-pwd**
> password_query = SELECT passwd as password, '127.0.0.1' as host,
> IF('%Us'='POP3','20110','20143') as port, userid as destuser, passwd AS
> pass, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users
> WHERE userid='%u';
> default_pass_scheme = plain
> _________________________________________________________
>
> [root@testserver:~]$ cat /etc/dbmail.conf
> [DBMAIL]
> dburi =
> mysql://dbmail:**mysql-pwd**@localhost/dbmail?unix-socket=/var/lib/mysql/mysqld_dbmail.sock&charset=utf8
> authdriver = sql
> table_prefix = dbmail_
> max_db_connections = 10
>
> default_msg_encoding = utf8
> postmaster = postmaster@testserver.rhsoft.net
> sendmail = /usr/sbin/sendmail
>
> syslog_logging_levels = 31
> query_time_info = 10
> query_time_notice = 20
> query_time_warning = 30
> query_timeout = 300
>
> effective_user = dbmail
> effective_group = dbmail
>
> backlog = 256
> timeout = 300
> login_timeout = 60
> resolve_ip = no
> authlog = no
> logfile = /var/log/dbmail.log
> errorlog = /var/log/dbmail.err
> pid_directory = /run/dbmail
> header_cache_readonly = yes
>
> [LMTP]
> bindip = 127.0.0.1
> port = 24
> banner = LMTP
> timeout = 1800
> max_db_connections = 1
>
> [POP]
> bindip = 127.0.0.1
> port = 20110
> pop_before_smtp = no
> banner = POP3
> timeout = 1800
>
> [IMAP]
> bindip = 127.0.0.1
> port = 20143
> idle_timeout = 35
> imap_before_smtp = no
> capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk
> NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
> banner = IMAP
> timeout = 3600
> max_message_size = 26214400
>
> [SIEVE]
> bindip = *
> port = 2000
> banner = SIEVE
>
> [DELIVERY]
> auto_reply = yes
> suppress_duplicates = yes
> sieve = yes
> subaddress = yes
> sieve_vacation = no
> sieve_notify = no
> sieve_debug = no
> auto_notify = no
> quota_failure = hard
> _________________________________________________________
>
> well, and after that you can use dovecot for sasl-auth in postfix too
> (main.cf) making sure everything is uisng the same database and auth-mechs
>
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
>
thanks a lot for sending the configs, gladly appreciated ;)
will dig into it and report back ...

greetings
becki
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

> Hi,
>
> I am in a similar position I have been running dbmail 3.1.17 and using
> imap with SSL/TLS on port 993 for a few years now. Just for my own use
> on a home gentoo server. I am upgrading the hardware and thought I'd
> take the opportunity to use dbmail to 3.2.2. However, in my testing
> there seems to be no way to access IMAP on port 993 with SSL/TLS.
>
> (Sorry to sound rude but) Rather than telling me to use a different
> proxy, could someone confirm that SSL/TLS access on port 993 which
> worked on 3.1.17 does NOT and CANNOT work using 3.2.2 (without using
> some other proxy).
>
> Unfortunately I think the time may have come for me to find another imap
> server after using various versions of dbmail for more than 10 years :(
> Although in the short term I'll probably just downgrade to 3.1.17.
>
> Thanks
> Ken.
>
>
> ------------------------------
>
hello ken,

the reason i upgraded to 3.2.3 was that dbmail imap in version 3.1.17
kept crashing from time to time without any further info in the error logs.
which was actually not so funny as customers couldn't then login via IMAP

as a workaround i wrote a tiny shell script checking if dbmail-imapd is
running and if not then start a process
since upgrading to 3.2.3 no crash has been reported so far ... keeping
fingers crossed ;)

greetings
becki

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

> Am 14.07.2016 um 13:49 schrieb Admin Beckspaced:
>> Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:
>>>> i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3
>>>>
>>>> with the old version 3.1.17 i could do an IMAP account setup in
>>>> thunderbird with SSL/TLS on port 993
>>>>
>>>> with the new version 3.2.3 thunderbird now throws me an error that this
>>>> connection type is not supported by the IMAP server.
>>>> if i then switch to STARTTLS on port 143 all is working fine.
>>>>
>>>> before i start into debugging this on my server ...
>>>>
>>>> is this the expected behavior with the IMAP TLS setup in 3.2.3?
>>>> is SSL/TLS on port 993 not supported?
>>>> is STARTTLS on port 143 the only supported encryption?
>>>>
>>>> if not ... how can i best debug this issue? what do i need to do to make
>>>> SSL/TLS on port 993 work again?
>>> just run a proxy in front of dbmail like dovecot (i guess nearly
>>> everybody still using dbmail does that for a long time to avoid
>>> different troubles)
>>>
>>> that way dbmail has no need to deal with anything in context of TLS and
>>> 143 with STATTLS as well as 993 with the wrapper work and the same for
>>> POP3
>>>
>> just another question:
>>
>> you wrote "... everybody still using dbmail ..."
>>
>> what do you mean by 'still'? have you switched to another mail server
>> like dovecot, cyrus, ...
> me not at the moment but i know people which switched to dovecot due low
> maintainance the last year and ongoing user complaints
>
>> perhaps not satisfied with dbmail?
> yes and no - my problem is that i built a ton of admin-backends around
> dbmail and the database schema combined with a lot of automation and so
> it would not be some easy step
>
>> i'm just asking because dbmail is not used by that many system admins.
>> and i'm also sometimes worried about the future of dbmail :(
>> i'm actually quite happy with dbmail and have been for the last couple
>> of years.
>>
>> but i'm always looking for other peoples insights ;) what's your thought
>> on the current status of dbmail and its future?
> i hope it will get more love in a forseeable future....
thanks for your thoughts. yes, let's hope dbmail will get more love,
which it surely deserves ;)

i'm actually quite happy with dbmail so far. not many user complaints
and things work as expected.
(except the IMAP SSL/TLS on port 993 ... but actually the POP3 on port
995 works without any errors. is that strange?)
but i'm only running a small mail server with about 100 mail boxes and 2
GB storage in the database

and the mail users are also no experts, just 'normal people', not in
need of any special setup

if i could program some C, C+ i would love to support dbmal, but i'm
'only' a web developer administrating my own linux server ;)

thanks & greetings
becki

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Am 15.07.2016 um 09:34 schrieb Admin Beckspaced:
> the reason i upgraded to 3.2.3 was that dbmail imap in version 3.1.17
> kept crashing from time to time without any further info in the error logs.
> which was actually not so funny as customers couldn't then login via IMAP

rhar shouldn't happen - are you using straight 3.1.17 or the latest
snapshot with all buxfixes?

dbmail-3.1.17-3.fc23.20160705.rh.2874f497fb429ed139e94342ca1c84325b20b3f1.x86_64

http://git.dbmail.eu/paul/dbmail/log/?h=dbmail_3_1

> as a workaround i wrote a tiny shell script checking if dbmail-imapd is
> running and if not then start a process
> since upgrading to 3.2.3 no crash has been reported so far ... keeping
> fingers crossed ;)

should be handeled by the init system these days

[root@mail:~]$ cat /usr/lib/systemd/system/dbmail-imapd.service
[Unit]
Description=DBMail IMAP Server
After=network.service systemd-networkd.service network-online.target
mysqld.service mysqld-dbmail.service
Before=dovecot.service

[Service]
Type=simple
ExecStart=/usr/sbin/dbmail-imapd -D
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
StartLimitBurst=100
TimeoutStopSec=5
LimitNOFILE=50000

PrivateTmp=yes
PrivateDevices=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE
CAP_SETGID CAP_SETUID
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX
AF_NETLINK AF_PACKET AF_X25
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
delete_module fanotify_init finit_module get_mempolicy init_module
io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
open_by_handle_at perf_event_open pivot_root process_vm_readv
process_vm_writev ptrace remap_file_pages request_key set_mempolicy
swapoff swapon umount2 uselib vmsplice

ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/tmp
ReadWriteDirectories=-/var/log

InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/spool

> Am 15.07.2016 um 09:34 schrieb Admin Beckspaced:
>> the reason i upgraded to 3.2.3 was that dbmail imap in version 3.1.17
>> kept crashing from time to time without any further info in the error logs.
>> which was actually not so funny as customers couldn't then login via IMAP
> rhar shouldn't happen - are you using straight 3.1.17 or the latest
> snapshot with all buxfixes?
>
> dbmail-3.1.17-3.fc23.20160705.rh.2874f497fb429ed139e94342ca1c84325b20b3f1.x86_64
>
> http://git.dbmail.eu/paul/dbmail/log/?h=dbmail_3_1
>
>> as a workaround i wrote a tiny shell script checking if dbmail-imapd is
>> running and if not then start a process
>> since upgrading to 3.2.3 no crash has been reported so far ... keeping
>> fingers crossed ;)
> should be handeled by the init system these days
>
> [root@mail:~]$ cat /usr/lib/systemd/system/dbmail-imapd.service
> [Unit]
> Description=DBMail IMAP Server
> After=network.service systemd-networkd.service network-online.target
> mysqld.service mysqld-dbmail.service
> Before=dovecot.service
>
> [Service]
> Type=simple
> ExecStart=/usr/sbin/dbmail-imapd -D
> Environment="LANG=en_GB.UTF-8"
> Restart=always
> RestartSec=1
> StartLimitBurst=100
> TimeoutStopSec=5
> LimitNOFILE=50000
>
> PrivateTmp=yes
> PrivateDevices=yes
> CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE
> CAP_SETGID CAP_SETUID
> RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_IPX
> AF_NETLINK AF_PACKET AF_X25
> SystemCallArchitectures=x86-64
> SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
> delete_module fanotify_init finit_module get_mempolicy init_module
> io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
> kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
> open_by_handle_at perf_event_open pivot_root process_vm_readv
> process_vm_writev ptrace remap_file_pages request_key set_mempolicy
> swapoff swapon umount2 uselib vmsplice
>
> ReadOnlyDirectories=/
> ReadWriteDirectories=-/run
> ReadWriteDirectories=-/tmp
> ReadWriteDirectories=-/var/tmp
> ReadWriteDirectories=-/var/log
>
> InaccessibleDirectories=-/boot
> InaccessibleDirectories=-/home
> InaccessibleDirectories=-/media
> InaccessibleDirectories=-/root
> InaccessibleDirectories=-/etc/dbus-1
> InaccessibleDirectories=-/etc/ssh
> InaccessibleDirectories=-/run/console
> InaccessibleDirectories=-/run/dbus
> InaccessibleDirectories=-/run/lock
> InaccessibleDirectories=-/run/mount
> InaccessibleDirectories=-/run/systemd/generator
> InaccessibleDirectories=-/run/systemd/system
> InaccessibleDirectories=-/run/systemd/users
> InaccessibleDirectories=-/run/udev
> InaccessibleDirectories=-/run/user
> InaccessibleDirectories=-/usr/local/scripts
> InaccessibleDirectories=-/var/lib/dbus
> InaccessibleDirectories=-/var/lib/dnf
> InaccessibleDirectories=-/var/lib/rpm
> InaccessibleDirectories=-/var/lib/systemd
> InaccessibleDirectories=-/var/lib/yum
> InaccessibleDirectories=-/var/spool
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 181 bytes
> Desc: OpenPGP digital signature
> URL: <http://mailman.fastxs.nl/mhonarc/dbmail/attachments/20160715/001ea40b/attachment.pgp>
>
> ------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
>
>
> End of DBmail Digest, Vol 148, Issue 5
> **************************************
>
>
i downloaded the 3.1.17 version from github ->

https://github.com/pjstevns/dbmail/tree/dbmail_3_1

it also had the latest fix in it ... Paul J Stevens prevent assertion
in p_string_erase from 10 jan 2016

but even this release from github kept crashing from time to time on my
opensuse 42.1 with all latest patches


_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail