voytek at sbt.net.au
2017-Dec-15 14:47 UTC
2.1 to 2.2 server migration Qs: sanity check, config ?
I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql virtual domains, in the process of setting a new Centos 7 to migrate, copied /etc/dovecot, made some minor edits to get rid of errors, added Letsencrypt in place of self certified certs, it seems to work, using mail client I can log on StartSSL/110/143, TLS/995/993 with no visible errors when login on is there any other sanity checks I should do ? before I start putting users on it ? attaching dovecot.conf at the end, appreciate any suggestion or correction I see a lot of these warning, are they benign? #grep Warning /var/log/dovecot.log | wc 74 1102 6900 # wc /var/log/dovecot.log 174 2299 19716 /var/log/dovecot.log Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending requests: EOF Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending requests: Connection reset by peer ( as I've re used an old host name, I can see some users already trying to connect, they must've never removed this server name when it was shut down, perhaps they're generating these errors, repeatedly logging on ?) # doveadm who username # proto (pids) (ips) five at aaa.com.au 1 imap (9047) (35.196.255.170) seven at aaa.com.au 1 imap (9056) (104.196.21.108) eight at aaa.com.au 1 imap (9062) (35.196.255.170) five at aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) six at aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) postbox at aa.com.au 1 imap (9057) (104.196.178.232) eight at aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) seven at aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) six at aaa.com.au 1 imap (9054) (35.185.44.87) doveconf -n -c /etc/dovecot/test/dovecot.conf > /etc/dovecot/test/dovecot.conf.new # cat dovecot.conf.new # 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location prefix separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_rule = *:storage=1G quota_warning = storage=85%% quota-warning 85 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = /%Lh/sieve/dovecot.sieve sieve_dir = /%Lh/sieve sieve_global_dir = /var/vmail/sieve sieve_global_path = /var/vmail/sieve/dovecot.sieve } protocols = pop3 imap sieve service auth { unix_listener /var/spool/postfix/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service pop3-login { service_count = 1 } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/letsencrypt/..fullchain.pem ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { auth_socket_path = /var/run/dovecot/auth-master lda_mailbox_autocreate = yes log_path = /var/log/sieve.log mail_plugins = quota sieve autocreate postmaster_address = root } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 60 mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } #
Please read between the lines =) at least you should remove autocreate plugin.> On December 15, 2017 at 4:47 PM voytek at sbt.net.au wrote: > > > I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql > virtual domains, in the process of setting a new Centos 7 to migrate, > copied /etc/dovecot, made some minor edits to get rid of errors, added > Letsencrypt in place of self certified certs, it seems to work, using mail > client I can log on StartSSL/110/143, TLS/995/993 with no visible errors > when login on > > is there any other sanity checks I should do ? before I start putting > users on it ? > > attaching dovecot.conf at the end, appreciate any suggestion or correction > > I see a lot of these warning, are they benign? > > #grep Warning /var/log/dovecot.log | wc > 74 1102 6900 > # wc /var/log/dovecot.log > 174 2299 19716 /var/log/dovecot.log > > > Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending > requests: Connection reset by peer > Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending > requests: EOF > Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending > requests: Connection reset by peer > > ( as I've re used an old host name, I can see some users already trying to > connect, they must've never removed this server name when it was shut > down, perhaps they're generating these errors, repeatedly logging on ?) > > # doveadm who > username # proto (pids) (ips) > five at aaa.com.au 1 imap (9047) (35.196.255.170) > seven at aaa.com.au 1 imap (9056) (104.196.21.108) > eight at aaa.com.au 1 imap (9062) (35.196.255.170) > five at aa.com.au 2 imap (9240 9044) (203.194.43.48 35.196.255.170) > six at aa.com.au 2 imap (9248 9063) (203.194.43.48 35.185.44.87) > postbox at aa.com.au 1 imap (9057) (104.196.178.232) > eight at aa.com.au 2 imap (9244 9050) (203.194.43.48 35.196.255.170) > seven at aa.com.au 2 imap (9055 9242) (104.196.21.108 203.194.43.48) > six at aaa.com.au 1 imap (9054) (35.185.44.87) > > > doveconf -n -c /etc/dovecot/test/dovecot.conf > > /etc/dovecot/test/dovecot.conf.new > > # cat dovecot.conf.new > > # 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf > # Pigeonhole version 0.4.21 (92477967) > # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release > 7.4.1708 (Core) > auth_master_user_separator = * > auth_mechanisms = PLAIN LOGIN > dict { > acl = mysql:/etc/dovecot/dovecot-share-folder.conf > quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf > } > first_valid_uid = 2000 > last_valid_uid = 2000 > listen = * > log_path = /var/log/dovecot.log > mail_gid = 2000 > mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/The INDEX= is redundant.> mail_plugins = quota > mail_uid = 2000 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace { > inbox = yes > location > prefix > separator = / > type = private > } > namespace { > list = children > location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%uYou should read https://wiki.dovecot.org/SharedMailboxes/Shared> prefix = Shared/%%u/ > separator = / > subscriptions = yes > type = shared > } > passdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > passdb { > args = /etc/dovecot/dovecot-master-users-password > driver = passwd-file > master = yes > } > plugin { > acl = vfile > acl_shared_dict = proxy::acl > auth_socket_path = /var/run/dovecot/auth-master > autocreate = INBOX > autocreate2 = Sent > autocreate3 = Trash > autocreate4 = Drafts > autocreate5 = Junk > autosubscribe = INBOX > autosubscribe2 = Sent > autosubscribe3 = Trash > autosubscribe4 = Drafts > autosubscribe5 = Junkautocreate & autosubscribe should be converted into namespace { mailbox INBOX { auto = subscribe # (or just create if subscribing is not required) } }> quota = dict:user::proxy::quotadict > quota_rule = *:storage=1G > quota_warning = storage=85%% quota-warning 85 %u > quota_warning2 = storage=90%% quota-warning 90 %u > quota_warning3 = storage=95%% quota-warning 95 %u > sieve = /%Lh/sieve/dovecot.sieve > sieve_dir = /%Lh/sieve > sieve_global_dir = /var/vmail/sieve > sieve_global_path = /var/vmail/sieve/dovecot.sieve > } > protocols = pop3 imap sieve > service auth { > unix_listener /var/spool/postfix/dovecot-auth { > group = postfix > mode = 0666 > user = postfix > }This could be mode = 0600> unix_listener auth-master { > group = vmail > mode = 0666 > user = vmail > } > unix_listener auth-userdb { > group = vmail > mode = 0660 > user = vmail > } > }You sure you need these?> service dict { > unix_listener dict { > group = vmail > mode = 0660 > user = vmail > } > } > service imap-login { > process_limit = 500 > service_count = 1 > } > service pop3-login { > service_count = 1 > } > service quota-warning { > executable = script /usr/local/bin/dovecot-quota-warning.sh > unix_listener quota-warning { > group = vmail > mode = 0660 > user = vmail > } > } > ssl = required > ssl_cert = </etc/letsencrypt/..fullchain.pem > ssl_key = # hidden, use -P to show it > userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > protocol lda { > auth_socket_path = /var/run/dovecot/auth-mastershould not be needed> lda_mailbox_autocreate = yes > log_path = /var/log/sieve.log > mail_plugins = quota sieve autocreate > postmaster_address = root > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > mail_max_userip_connections = 60 > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > pop3_uidl_format = %08Xu%08Xv > } > # > > >Aki
voytek at sbt.net.au
2017-Dec-15 23:44 UTC
2.1 to 2.2 server migration Qs: sanity check, config ?
On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:> Please read between the lines =)> at least you should remove autocreate plugin.Aki, thanks. I forgot to write this is meant as a plain vanilla pop/imap multi user/multi domain server, no special requirements or deviations should be needed>> mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ >> > > The INDEX= is redundant.so I go from mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ to mail_location = maildir:/%Lh/Maildir/>> private } >> namespace { list = children location >> maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u >> > > You should read https://wiki.dovecot.org/SharedMailboxes/Shared(not sure whether I might have tried shareing my mailbox across two domains for myself once?...maybe that's why it's there... not sure) so I just remove this whole block: namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u # this namespace should handle its own subscriptions or not. subscriptions = yes list = children } thanks again, sorry for dumb questions Voytek
Apparently Analagous Threads
- 2.1 to 2.2 server migration Qs: sanity check, config ?
- 2.1 to 2.2 server migration Qs: sanity check, config ?
- Changing location of vmail folder, mail started downloading again
- Quota-Status issue
- Dovecot replies with default SSL certificate instead of the vhost's