Bug 34839 - Dovecot as alternative to cyrus
Dovecot as alternative to cyrus
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail - Dovecot
UCS 3.2
Other Linux
: P5 enhancement (vote)
: ---
Assigned To: Daniel Tröder
Sönke Schwardt-Krummrich
:
Depends on: 38405 38406 38457 38458 38461 38462 38463 38464 38469 38470 38471 38472 38473 38474 38475 38476 38477 38478 38479 38480 38498 38500 38525 38553 38573 38707 38708 38716 38718 38725 38733 38740 38751 38759 38784 38791 38805 38811 38839 38840 38846 38848 38864 38882
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-15 13:52 CEST by Nico Gulden
Modified: 2015-07-10 10:29 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Roadmap discussion
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Gulden univentionstaff 2014-05-15 13:52:29 CEST
A partner asked for plans for an integration of dovecot as alternative to cyrus. He sees advantages in larger environments for scalability and administration.

This entry should first of all serve as a reminder for further roadmap discussions.
Comment 1 Tobias Birkefeld univentionstaff 2015-01-16 16:50:56 CET
Also asked at Ticket#2015011421000342
Comment 2 Daniel Tröder univentionstaff 2015-04-28 23:03:46 CEST
Initial commit in r60263.

* Authorization against PAM, authentication with LDAP
* provides SASL for Postfix
* SMTP and POP/IMAP login with the mailPrimaryAddress
* mails are stored under /var/mail/dovecot/<domain>/<local>/Maildir/
Comment 3 Daniel Tröder univentionstaff 2015-06-23 18:09:42 CEST
With commit 61430 a separate user account "dovemail" is used for Maildir file access only.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2015-06-24 14:58:42 CEST
Please create "dovemail" in .postinst before #DEBHELPER# and not in .preinst.
Comment 5 Daniel Tröder univentionstaff 2015-06-24 16:54:28 CEST
With r61448 adduser was moved from preinst to postinst.
Comment 6 Daniel Tröder univentionstaff 2015-06-25 17:31:14 CEST
r61496 adds listener support for account rename and merges some QA fixes.
Comment 7 Daniel Tröder univentionstaff 2015-06-26 09:24:08 CEST
r61504 adds UCRVs  mail/dovecot/imap and mail/dovecot/pop3 for feature parity with Cyrus and so the same text in documentation is valid.
Comment 8 Daniel Tröder univentionstaff 2015-06-26 09:26:55 CEST
r61504 & r61505 add UCRVs  mail/dovecot/imap and mail/dovecot/pop3 for feature parity with Cyrus and so the same text in documentation is valid.
Comment 9 Sönke Schwardt-Krummrich univentionstaff 2015-06-30 00:04:50 CEST
root@master:~# doveadm acl get -u user11@nstx.local foo1@nstx.local/INBOX
doveadm(user11@nstx.local): Error: user user11@nstx.local: Initialization failed: Namespace 'foo1@nstx.local/': stat(/var/spool/dovecot/public/nstx.local/foo1) failed: Permission denied (euid=112(dovemail) egid=117(dovemail) missing +x perm: /var/spool/dovecot/public/nstx.local, dir owned by 114:119 mode=0700)
doveadm(user11@nstx.local): Fatal: User init failed
root@master:~#
Comment 10 Daniel Tröder univentionstaff 2015-06-30 09:06:43 CEST
Dev upgrade error: before 0.0.0-30 (r61430) dovecot:dovecot was used everywhere. Now in most places dovemail:dovemail is used. The "chown" in postinst will run online when installing, not when upgrading (there might be 10000s of files).
Please run
# chown dovemail:dovemail /var/lib/dovecot /var/spool/dovecot
Comment 11 Daniel Tröder univentionstaff 2015-07-02 17:57:32 CEST
61679 and 61681 (got separated because a merge conflict) modify the meaning of the UCRV mail/dovecot/ssl/cafile. It now redines the CA for the IMAP/POP3/managesieve server.

Before it meant the CA for the LDAP client. That is now mail/dovecot/auth/ldap/cafile (default /etc/univention/ssl/ucsCA/CAcert.pem).

The commits adds two UCRVs:
* mail/dovecot/sieve/client/cafile is the CA file to use to connect to the local managesieve server (used by the listener module) (default /etc/univention/ssl/ucsCA/CAcert.pem)
* mail/dovecot/auth/ssl_require_client_cert configures if a valid SSL client certificate is required (default no)
Comment 12 Daniel Tröder univentionstaff 2015-07-02 18:04:34 CEST
Commit 61648 make the postinst wait for Dovecot to generate the ssl-parameters file before restarting the listener.

This is necessary in the case of fresh installations where previously created users with mailPrimaryAdresses make the listener create them, but Dovecot is not yet ready to receive connections (for Sieve script upload), because it is busy creating 2048 bit DH.
Comment 13 Daniel Tröder univentionstaff 2015-07-07 12:12:53 CEST
Commit 61831 / 0.0.0-50 moves auth cache flush for modrdn from command=a into command=r phase.
Comment 14 Sönke Schwardt-Krummrich univentionstaff 2015-07-09 11:48:29 CEST
(In reply to Daniel Tröder from comment #13)
> Commit 61831 / 0.0.0-50 moves auth cache flush for modrdn from command=a
> into command=r phase.

→ OK, tested several times

(In reply to Daniel Tröder from comment #12)
> Commit 61648 make the postinst wait for Dovecot to generate the
> ssl-parameters file before restarting the listener.

After this commit, no related error message could be found in listener.log anymore. Code change seems reasonable.

(In reply to Daniel Tröder from comment #11)
> 61679 and 61681 (got separated because a merge conflict) modify the meaning
> of the UCRV mail/dovecot/ssl/cafile. It now redines the CA for the
> IMAP/POP3/managesieve server.

→ OK
Comment 15 Sönke Schwardt-Krummrich univentionstaff 2015-07-09 11:52:45 CEST
All code related bugs are now in status VERIFIED; the manual related bug 38846 is currently open but will be fixed shortly → RESOLVED

Several tests have been performed:
- update of existing cyrus environments
- update of existing OX environments
- installation of the UCS mail stack with dovecot
- switching between cyrus and dovecot (hint: NO migration of maildata! Just 
  deinstalling dovecot and installing cyrus and vice versa)
- ucs-tests
Comment 16 Janek Walkenhorst univentionstaff 2015-07-09 18:08:03 CEST
<http://errata.univention.de/ucs/4.0/232.html>
Comment 17 Janek Walkenhorst univentionstaff 2015-07-09 18:08:25 CEST
<http://errata.univention.de/ucs/4.0/233.html>
Comment 18 Janek Walkenhorst univentionstaff 2015-07-09 18:08:37 CEST
<http://errata.univention.de/ucs/4.0/234.html>
Comment 19 Janek Walkenhorst univentionstaff 2015-07-09 18:09:52 CEST
<http://errata.univention.de/ucs/4.0/238.html>
Comment 20 Janek Walkenhorst univentionstaff 2015-07-09 18:10:28 CEST
<http://errata.univention.de/ucs/4.0/239.html>
Comment 21 Janek Walkenhorst univentionstaff 2015-07-09 18:12:06 CEST
<http://errata.univention.de/ucs/4.0/237.html>