Dovecot fails to reload after upgrade / code=exited, status=226/NAMESPACE

If your Dovecot fails to reload/restart after upgrade, chances are that your kernel is too old. But you can try and fix this problem with simple step bellow.

This was in syslog log:

systemd[20406]: dovecot.service: Failed at step NAMESPACE spawning /usr/bin/doveadm: No such file or directory
dovecot.service: Control process exited, code=exited status=226
systemd[1]: Reload failed for Dovecot IMAP/POP3 email server.

This was Dovecot service status:

â—Ź dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Tue 2021-09-07 19:31:12 CEST; 1 months 28 days ago
Docs: man:dovecot(1)
Process: 20406 ExecReload=/usr/bin/doveadm reload (code=exited, status=226/NAMESPACE)

To solve, you can try and edit dovecot service script and add coment to PrivateTmp variable.

root@mailmachine:~# vi /lib/systemd/system/dovecot.service

...
[Service]
Type=forking
ExecStart=/usr/sbin/dovecot
PIDFile=/var/run/dovecot/master.pid
ExecReload=/usr/bin/doveadm reload
ExecStop=/usr/bin/doveadm stop
#PrivateTmp=true
NonBlocking=yes
# Enable this if your systemd is new enough to support it:
#ProtectSystem=full
...

SNI support for Dovecot and Postfix

If you are in position that you need multiple SSL certificates for different domains on single mail server, you can do it with SNI. Of corse, on very old versions this is not supported. Check documentation first, if its supported for your version of Dovecot and Postfix.

Dovecot:

In case of incoming mailserver Dovecot it’s easy as listed bellow. I made file ssl-sni.conf in which I add SNI configurations for my domains. Then I included ssl-sni.conf in main dovecot config.

Create ssl-sni.conf and add your SNI definitions in it:

local_name mail.domain1.com {
ssl_cert = </etc/ssl/certs/domain1/fullchain.pem
ssl_key = </etc/ssl/certs/domain1/privkey.pem
}

local_name pop3.domain2.com {
ssl_cert = </etc/ssl/certs/domain2/fullchain.pem
ssl_key = </etc/ssl/certs/domain2/privkey.pem
}
...

Then include this in main dovecot config (you can add those configurations directly in dovecot.conf or 00-ssl.conf also. I just prefer separate this):

# SNI include
!include ssl-sni.conf

Postfix:

As for Postfix, configuration is also simple:

Inside /etc/postfix/, create file domain_ssl.map and add ssl definitions in it:

mail.domain1.com /etc/ssl/certs/domain1/privkey.pem /etc/ssl/certs/domain1/fullchain.pem
smtp.domain2.net /etc/ssl/certs/domain2/privkey.pem /etc/ssl/certs/domain2/fullchain.pem

Run postmap and restart Postfix:

[root@mail postfix]# postmap -F domain_ssl.map which will create domain_ssl.map.db
[root@mail postfix]# systemctl restart postfix

If everything is OK, you should now have SNI supported mail server.

Limit number of email recipients with Roundcube

I had an issue with one of the mail servers on which one user’s account password was stolen and was sending spam. Spam was sent from Roundcube and there was a very large number of recipients in one email. Limit the number of recipients in Postfix was not an option. It had to be done on webmail. It is very simple with Roundcube. Just add variable bellow in your Roundcube configuration file – config.inc.php.

$config['max_recipients'] = 10;

This will allow only 10 recipients in one email message. Of course you can change the number according to your needs.

Directadmin – get disk size information for every email account on your server/user

If you want to get information about how much of disk is consuming every email account on your Directadmin server, then you can use this command.

[root@post ~]# find /home/*/imap/*/*/ -maxdepth 1 -type d -exec du -sh {} \; | awk -F '/' {'print $6"@"$5 " -> " $1'}
info@domain1.si -> 60K
test@domain1.si -> 60K
lala@domain1.ba -> 529M
info@somedomain.ba -> 529M
igor@somedomain.eu -> 772K
...

If you would want for every email account of some specific user, than you can use this:

[root@post ~]# find /home/user1/imap/*/*/ -maxdepth 1 -type d -exec du -sh {} \; | awk -F '/' {'print $6"@"$5 " -> " $1'}
info@domain1.si -> 1.3G
test2@domain1.it -> 1.3G
igor@test.si -> 68M
...

Simple, but it can save some time 🙂

Make single Roundcube instance use multi different databases

I had to configure webmail service with Roundcube which would allow connecting multi mail servers o one platform. Every mail server had it’s own Roundcube instance already, but idea was, that only one installation can handle all mail servers.

I found out, that this can be done pretty symple with some php in roundcube configuration.

Open your roundcube configuration file, for example:

vi /var/www/roundcube/config/config.inc.php

Fetch correct hostname for specific webmail instance in php variable.

$host = $_SERVER['SERVER_NAME'];

Then you should create switch statement that will be able to manage correct database connection and host for specific server name – mail service. You can also have different types of database. For example mysql and postgres.

Continue Reading

malware acl condition: clamd: unable to send file body to socket (127.0.0.1)

If you see error like this in your mail logs, than chances are that your ClamAV is not able to process attachments files larger than limit set in clamav configuration. In this case, sender which sent email with larger attachment to your server, will get something like this in respond:

[10.10.10.10] #<[10.10.10.10] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] 451-'Temporary local problem - please try later' (delivery attempts: 75)> #SMTP#

In your mail log you’ll see something like this:

+++ 1e248B-000NMy-T6 has not completed +++
1969-08-15 01:40:21 1e248B-000NMy-T6 malware acl condition: clamd : unable to send file body to socket (127.0.0.1)
1969-08-25 01:40:21 1e248B-000NMy-T6 H=some.hostname.com [1.1.1.1] X=TLSv1:RC4-SHA:128 CV=no F=<prvs=449d2f142=senders@email.com> temporarily rejected after DATA

To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.

Don’t forget to restart your ClamAV.

Migrate email to gmail with imapsync – Host2 failure: Error login

So you want to migrate your emails from your hosting to your Gmail and you can’t get it to work with imapsync? You triple checked your login credentials and are correct but transfer still doesnt work. So what is causing error bellow?

Host2 failure: Error login on [66.102.1.108] with user [mymail@mydomain.com] auth [LOGIN]: 2 NO [ALERT] Please log in via your web browser

You have to login to your Google Apps settings (Security -> Advanced security settings) and change value for Less secure apps to: Enforce access to less secure apps for all users. Than it should work.

Exim – remove messages from mail queue sorted by email address

Ok, title is a little confusing, I admit :). Let me try to explain. When you have stuffed exim mail queue and you want to remove all messages from specific domain only, sometimes email address that you want to use as key for your parsing is in second line. So, classic exim -bp | grep <searchstring> | awk {‘print $3’} | xargs exim -Mrm is not very useful in this case because it won’t return message ID. Grep with -B flag is what you need in this case. -B will show line before your “key” string also – message ID in this case. You can check how to on example below.

  • Check exim mail queue
[root@mailserver ~]# exim -bp

46h   58K 1b59PU-000J6d-1U <something@domain.com>
          info@mydomain.si

44h   11K 1b5Bj4-000MJC-GF <johndoe@iasoiasd.in>
          info@mydomain.si

44h   16K 1b5BjQ-000MNC-0M <jimi.hendrix@guitar.com>
          peter@olderdomain.org

43h  9.0K 1b5Bvp-000P1c-6s <purchase@domainname.net>
          info@mydomain.si

43h   11K 1b5BzX-000PmA-S5 <GallowayIla96@asgasfasgas.com>
          info@mydomain.si

41h   59K 1b5Dhb-000I5h-8E <bloop@auhuiejnapob.net>
          info@mydomain.si

27h   17K 1b5RNl-000OFW-Tn <sasa@bjkoapojfoaubopaw.si>
          info@mydomain.si

22h   78K 1b5W42-000Nna-Jn <johndoe@gmail.com>
          anothermail@foo.com

22h   11K 1b5W8b-000Oes-Fb <ramones@band.com>
          info@mydomain.si

22h  250K 1b5WHr-0000Om-Oa <fuckface@guilttrip.com>
          joasd@aasdfasf.si

20h   12K 1b5YEZ-000MF7-Jq <mrinsignificant@mobile.cn>
          test@anotherdomain.net

19h  9.1K 1b5YK6-000NPV-1m <fetasir@cheese.com>
          info@mydomain.si

19h   12K 1b5YXM-000Ppg-Qd <asfaeaw@asdasa.com.br>
          info@mydomain.si

19h   11K 1b5Yeq-0001JN-9a <geaafwawfaef@gesawad.vn>
          blabla@mojadomena.si
.
.
.
  • We want to delete all messages that contains string info@mydomain.si and are in second line.
[root@mailserver ~]# exim -bp | awk {'print $1,$3'} | grep -B1 mydomain | awk {'print $2'} | xargs exim -Mrm

Message 1b59PU-000J6d-1U has been removed
Message 1b5Bj4-000MJC-GF has been removed
Message 1b5Bvp-000P1c-6s has been removed
Message 1b5BzX-000PmA-S5 has been removed
Message 1b5Dhb-000I5h-8E has been removed
Message 1b5RNl-000OFW-Tn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5W42-000Nna-Jn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5YK6-000NPV-1m has been removed
Message 1b5YEZ-000MF7-Jq has been removed
Message 1b5YK6-000NPV-1m has been removed
.
.
.

Directadmin – enable and configure Spamassassin automatically when adding user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users may not know about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. So it may be good practice to enable Spamassassin by default. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin sites. But you may also want to define some parameters for Spamassassin “on the fly”. You can do that by manipulating filter.conf file.
In this example I want that on user creation:

  1. spam goes to appropriate users spam folder,
  2. I don’t want to delete high scoring spam,
  3. I want to rewrite subject of spam email with *****SPAM*****.

Just add below code in your user_create_post.sh script. And remove script comments (##).

## We enable Spamassassin, create needed files and give them appropriate permissions
if [ “$spam” = “ON” ]; then
DIR=/home/$username/.spamassassin
mkdir $DIR
touch $DIR/user_prefs
chown ${username}:mail $DIR
chmod 771 $DIR
chown $username:$username $DIR/user_prefs
chmod 755 $DIR/user_prefs
touch $DIR/spam
chown mail:$username $DIR/spam
chmod 660 $DIR/spam

## Here we define some variables for Spamassassin by adding some lines to filter.conf
echo “high_score=15” >> /etc/virtual/$domain/filter.conf
echo “high_score_block=no” >> /etc/virtual/$domain/filter.conf
echo “where=userspamfolder” >> /etc/virtual/$domain/filter.conf
echo “rewrite_header subject *****SPAM*****” >> /home/$username/.spamassassin/user_prefs

## Adding operation in task queue
echo “action=rewrite&value=filter&user=$username” >> /usr/local/directadmin/data/task.queue
fi
exit 0;

© 2024 geegkytuts.net
Hosted by SIEL


About author