Background: I'm new to dovecot (although with many years Washington IMAP behind me). We're considering migrating from Washington IMAP to dovecot on the main service here, and have just started trying dovecot, using RC7. Washington, IMAP has the usual(-ish) "/var/spool/mail" shared area for the INBOX (trad. UNIX "From " format); a user's folders default to being in their home directory (same format). We are looking towards a "minimal effort" migration to dovecot, so wish to keep this layout. (In an ideal world, we would re-think, including "maildir" etc. But that's not an option at the moment.) I have encountered three issues (so far); I'm not sure whether their mine or something in dovecot (if the latter, whether bugs or features; whether RC7-specific issues; etc.). 1. The overall description of "default_mail_env" seems inadequate (in the conf file, "doc/variables.txt" and "doc/mail-storages.txt"). I'm trying: default_mail_env = mbox:~:INBOX=/var/spool/mail/%-2.02i/%u:INDEX=/tmp/indexes/%d/%n and that seems OK-ish. (The extra "%-2.02i" is because we subdivide the otherwise huge "/var/spool/mail/" directory using the user's uid-mod-100.) But the mere act of an IMAP "login" commands creates a directory (empty) with the liternal name of ~ (tilde). (An IMAP 'list "Mail" "*"' command successfully finds the usr folders in the 'Mail' subdirectory of the user's home directory.) It's almost as if the 'default_mail_env' is telling it to create (literal) '~' before realising that this is shorthand (as in C-shell) for home directory. 2. We have some Pine usage in our UNIX cluster. Historically this has taken advantage of the Pine "rsh mailmachine /etc/rimapd" ability to avoid the need for the password: pre-authentication etc. (Yes, we realise that 'rsh' has security issues.) But when I try making symlink "/etc/rimapd" point to "/usr/dovecot/sbin/dovecot" this fails: Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: Permission denied We have: /etc/ssl/certs/dovecot.pem (mode 444) /etc/ssl/private/dovecot.pem (mode 400) for the sake of secure-IMAP (port 993). But why does this come into the equation at all for this (none-SSL) "rsh ... /etc/rimapd" usage? 3. I was developing and testing this here at work using an account that I mostly use from home using Outlook Express. I was very careful (I think!) only to use the read-only "examine INBOX" command (not "select INBOX"). When I went home and tried it as usual (connecting to our production Washington IMAP service reading that INBOX). But OE showed all the email (including previously read) as "unread" (closed envelope icon). It seems that dovecot has done something to the message headers (even under "examine") that has worried OE. Any thoughts? Finally any hints for NFS-based working? We have a farm of a few Fedora machines running the IMAP processes and the sendmail locally-delivery. Our current "/etc/fstab" NFS spec. for the INBOX area (on a NetApp) is: rw,noac,actimeo=0,vers=3,tcp,timeo=600,rsize=32768,wsize=32768,hard,intr,fg,nosuid Any changes? Issues? Thinks to consider? Etc. Many thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. :
David Lee wrote:> Background: I'm new to dovecot (although with many years Washington IMAP > behind me). We're considering migrating from Washington IMAP to dovecot > on the main service here, and have just started trying dovecot, using RC7.We did this last year without the users noticing!> > I have encountered three issues (so far); I'm not sure whether their mine > or something in dovecot (if the latter, whether bugs or features; > whether RC7-specific issues; etc.). > > 1. The overall description of "default_mail_env" seems inadequate (in the > conf file, "doc/variables.txt" and "doc/mail-storages.txt"). I'm trying: > default_mail_env = mbox:~:INBOX=/var/spool/mail/%-2.02i/%u:INDEX=/tmp/indexes/%d/%n > > and that seems OK-ish. (The extra "%-2.02i" is because we subdivide the > otherwise huge "/var/spool/mail/" directory using the user's uid-mod-100.) > But the mere act of an IMAP "login" commands creates a directory (empty) > with the liternal name of ~ (tilde). (An IMAP 'list "Mail" "*"' command > successfully finds the usr folders in the 'Mail' subdirectory of the > user's home directory.) > > It's almost as if the 'default_mail_env' is telling it to create (literal) > '~' before realising that this is shorthand (as in C-shell) for home > directory. >Hmm. Could you try using "~/" or "%h" instead of "~"?> 2. We have some Pine usage in our UNIX cluster. Historically this has > taken advantage of the Pine "rsh mailmachine /etc/rimapd" ability to avoid > the need for the password: pre-authentication etc. (Yes, we realise that > 'rsh' has security issues.) But when I try making symlink "/etc/rimapd" > point to "/usr/dovecot/sbin/dovecot" this fails: > Error: Can't use SSL key file /etc/ssl/private/dovecot.pem: Permission denied >Sounds yucky. I think the program you'd need to run is "/usr/dovecot/libexec/imap" rather than "dovecot" but you'll need to supply it some environment variables. I've never tried though. One thing to watch though, is that you don't have any Pine 3.x users (as we had!) as it uses obsolete IMAP (v2!) commands not supported by Dovecot and they would have problems accessing folders.> 3. I was developing and testing this here at work using an account that I > mostly use from home using Outlook Express. I was very careful (I think!) > only to use the read-only "examine INBOX" command (not "select INBOX"). > When I went home and tried it as usual (connecting to our production > Washington IMAP service reading that INBOX). But OE showed all the email > (including previously read) as "unread" (closed envelope icon). It seems > that dovecot has done something to the message headers (even under > "examine") that has worried OE. Any thoughts? >Even "select INBOX" shouldn't have changed anything (at least not in mbox format), so this is very strange. I take it that OE is talking to the Washington IMAP server. Was OE connected at the time you did the "examine"? If so, I'd expect Washington to get a bit upset, probably just losing its "mailbox lock".> Finally any hints for NFS-based working? We have a farm of a few Fedora > machines running the IMAP processes and the sendmail locally-delivery. > Our current "/etc/fstab" NFS spec. for the INBOX area (on a NetApp) is: > rw,noac,actimeo=0,vers=3,tcp,timeo=600,rsize=32768,wsize=32768,hard,intr,fg,nosuidNot really. I'd guess as long as you include "dotlock" in the lock options for the MTA and dovecot, it should work OK. You probably don't need "mmap_disable = yes" as the mail spool is local to Dovecot.> > Any changes? Issues? Thinks to consider? Etc. >Folder subscriptions may need migrating or tweaking and you probably need to do something with hidden namespaces to deal with the folder prefix. Hope this helps, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin at reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
On Mon, 2006-08-21 at 15:58 +0100, David Lee wrote:> 2. We have some Pine usage in our UNIX cluster. Historically this has > taken advantage of the Pine "rsh mailmachine /etc/rimapd" ability to avoid > the need for the password: pre-authentication etc. (Yes, we realise that > 'rsh' has security issues.) But when I try making symlink "/etc/rimapd" > point to "/usr/dovecot/sbin/dovecot" this fails:"dovecot --exec-mail imap" is the correct way to do this.> 3. I was developing and testing this here at work using an account that I > mostly use from home using Outlook Express. I was very careful (I think!) > only to use the read-only "examine INBOX" command (not "select INBOX"). > When I went home and tried it as usual (connecting to our production > Washington IMAP service reading that INBOX). But OE showed all the email > (including previously read) as "unread" (closed envelope icon). It seems > that dovecot has done something to the message headers (even under > "examine") that has worried OE. Any thoughts?Not really.. Examine command does change the mbox headers (just as it does with UW-IMAP), but the changes should be fully compatible with UW-IMAP. The message is "unread" if it doesn't have "Status: R" header. Dovecot really shouldn't be removing any of those.> Finally any hints for NFS-based working? We have a farm of a few Fedora > machines running the IMAP processes and the sendmail locally-delivery. > Our current "/etc/fstab" NFS spec. for the INBOX area (on a NetApp) is: > rw,noac,actimeo=0,vers=3,tcp,timeo=600,rsize=32768,wsize=32768,hard,intr,fg,nosuid > > Any changes? Issues? Thinks to consider? Etc.http://wiki.dovecot.org/NFS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060821/09558520/attachment.bin>
Timo Sirainen <tss at iki.fi> writes:> On Mon, 2006-08-21 at 15:58 +0100, David Lee wrote: >> 2. We have some Pine usage in our UNIX cluster. Historically this has >> taken advantage of the Pine "rsh mailmachine /etc/rimapd" ability to avoid >> the need for the password: pre-authentication etc. (Yes, we realise that >> 'rsh' has security issues.) But when I try making symlink "/etc/rimapd" >> point to "/usr/dovecot/sbin/dovecot" this fails: > > "dovecot --exec-mail imap" is the correct way to do this.Could you document this in some prominent place, inside the package? While this is shown on http://wiki.dovecot.org/CommandLine, I find it awkward to go online to check. While a Wiki is a good complement to share some cheats, may I ask for a complete documentation to ship with the Dovecot tarball? Some systems even have policies as to manual pages. -- Matthias Andree
On Mon, 21 Aug 2006, Timo Sirainen wrote:> On Mon, 2006-08-21 at 15:58 +0100, David Lee wrote: > > 2. We have some Pine usage in our UNIX cluster. Historically this has > > taken advantage of the Pine "rsh mailmachine /etc/rimapd" ability to avoid > > the need for the password: pre-authentication etc. (Yes, we realise that > > 'rsh' has security issues.) But when I try making symlink "/etc/rimapd" > > point to "/usr/dovecot/sbin/dovecot" this fails: > > "dovecot --exec-mail imap" is the correct way to do this.(Sorry for delay in replying: other things in the way for a few days.) Many thanks for that hint. That seems to work nicely. With uw-imap, "/etc/rimapd" is usually a symlink to imapd. But with dovecot, because of those extra arguments ("--exec-mail imap"), I ended up make "/etc/rimapd" a tiny shell fragment: #! /bin/sh exec /usr/dovecot/sbin/dovecot --exec-mail imap (The slightly unusual directory path is a purely local thing here...) Is it in the WIKI? If not, can it be put in? By you? me? a.n.other?> > > 3. I was developing and testing this here at work using an account that I > > mostly use from home using Outlook Express. I was very careful (I think!) > > only to use the read-only "examine INBOX" command (not "select INBOX"). > > When I went home and tried it as usual (connecting to our production > > Washington IMAP service reading that INBOX). But OE showed all the email > > (including previously read) as "unread" (closed envelope icon). It seems > > that dovecot has done something to the message headers (even under > > "examine") that has worried OE. Any thoughts? > > Not really.. Examine command does change the mbox headers (just as it > does with UW-IMAP), but the changes should be fully compatible with > UW-IMAP. The message is "unread" if it doesn't have "Status: R" header. > Dovecot really shouldn't be removing any of those.Well, it didn't reproduce. Let's put this to one side for the moment with possible "pilot error". (I haven't got my dovecot wings yet!) Many thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. :