search for: _keytabusers

...fail > Not trivially. We would need to know which groups to drop and which not. Looking at id output id uid=501(hwr) gid=20(staff) groups=20(staff),6(mail),12(everyone),61(localaccounts),80(admin),98(_lpadmin),500(users),701(com.apple.sharepoint.group.1),702(com.apple.sharepoint.group.2),30(_keytabusers),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),103(com.apple.access_screensharing-disabled),104(com.apple.access_ssh-disabled) it seems that all the com.apple ones can easily be dropped. What about a config list, that the admin can set with a list of...

...a_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster at mini.mmpcrofton.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service...

...ivially. We would need to know which groups to drop and which not. > Looking at id output > > id > uid=501(hwr) gid=20(staff) groups=20(staff),6(mail),12(everyone),61(localaccounts),80(admin),98(_lpadmin),500(users),701(com.apple.sharepoint.group.1),702(com.apple.sharepoint.group.2),30(_keytabusers),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),103(com.apple.access_screensharing-disabled),104(com.apple.access_ssh-disabled) > > it seems that all the com.apple ones can easily be dropped. > What about a config list, that the admin can set...

..._warning2 = storage=80%% quota-warning %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster at xserve04.customer.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap-postlogin { executable = script-login -d /etc/...

...eve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmaster at vishniac.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dict { unix_listener dict { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_l...

Hello, I have recently upgraded to macOS 10.14 (Mojave) and am running into an issue where one use can no longer log into dovecot via imap. Log shows Oct 11 08:10:27 imap(hwr)<12659><YpC/0+133+EAAAAAAAAAAAAAAAAAAAAB>: Fatal: setgroups(501) failed: Too many extra groups and indeed, the user is in 17 groups, which is more than NGROUPS_MAX (16). Another user with << 16 groups

...ax_storage = 50M > } > postmaster_address = postmaster at domain.tld > protocols = imap lmtp sieve > quota_full_tempfail = yes > sendmail_path = /opt/local/sbin/sendmail > service auth-worker { > group = mail > user = root > } > service auth { > extra_groups = _keytabusers > idle_kill = 15 mins > unix_listener /opt/local/var/spool/postfix/private/auth { > group = mail > mode = 0660 > user = _postfix > } > } > service imap-login { > inet_listener imap { > address = 127.0.0.1, ::1 > port = 143 > } >...

...quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/roundcube.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u } postmaster_address = postmaster at server.risk.gg protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { client...

...ve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = postmaster at office.domain.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { extra_groups = _keytabusers idle_kill = 15 mins unix_listener auth-userdb { user = _dovecot } } service dns_client { unix_listener dns-client { mode = 0600 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service...

...> sieve_quota_max_storage = 50M > } > postmaster_address = postmaster at domain.tld > protocols = imap lmtp sieve > quota_full_tempfail = yes > sendmail_path = /opt/local/sbin/sendmail > service auth-worker { > user = root > } > service auth { > extra_groups = _keytabusers > idle_kill = 15 mins > unix_listener /opt/local/var/spool/postfix/private/auth { > group = mail > mode = 0660 > user = _postfix > } > } > service imap-login { > inet_listener imap { > address = 127.0.0.1, ::1 > port = 143 > } >...

...0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = _keytabusers group = idle_kill = 15 mins privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_u...