Univention Bugzilla – Bug 34839
Dovecot as alternative to cyrus
Last modified: 2015-07-10 10:29:45 CEST
A partner asked for plans for an integration of dovecot as alternative to cyrus. He sees advantages in larger environments for scalability and administration. This entry should first of all serve as a reminder for further roadmap discussions.
Also asked at Ticket#2015011421000342
Initial commit in r60263. * Authorization against PAM, authentication with LDAP * provides SASL for Postfix * SMTP and POP/IMAP login with the mailPrimaryAddress * mails are stored under /var/mail/dovecot/<domain>/<local>/Maildir/
With commit 61430 a separate user account "dovemail" is used for Maildir file access only.
Please create "dovemail" in .postinst before #DEBHELPER# and not in .preinst.
With r61448 adduser was moved from preinst to postinst.
r61496 adds listener support for account rename and merges some QA fixes.
r61504 adds UCRVs mail/dovecot/imap and mail/dovecot/pop3 for feature parity with Cyrus and so the same text in documentation is valid.
r61504 & r61505 add UCRVs mail/dovecot/imap and mail/dovecot/pop3 for feature parity with Cyrus and so the same text in documentation is valid.
root@master:~# doveadm acl get -u user11@nstx.local foo1@nstx.local/INBOX doveadm(user11@nstx.local): Error: user user11@nstx.local: Initialization failed: Namespace 'foo1@nstx.local/': stat(/var/spool/dovecot/public/nstx.local/foo1) failed: Permission denied (euid=112(dovemail) egid=117(dovemail) missing +x perm: /var/spool/dovecot/public/nstx.local, dir owned by 114:119 mode=0700) doveadm(user11@nstx.local): Fatal: User init failed root@master:~#
Dev upgrade error: before 0.0.0-30 (r61430) dovecot:dovecot was used everywhere. Now in most places dovemail:dovemail is used. The "chown" in postinst will run online when installing, not when upgrading (there might be 10000s of files). Please run # chown dovemail:dovemail /var/lib/dovecot /var/spool/dovecot
61679 and 61681 (got separated because a merge conflict) modify the meaning of the UCRV mail/dovecot/ssl/cafile. It now redines the CA for the IMAP/POP3/managesieve server. Before it meant the CA for the LDAP client. That is now mail/dovecot/auth/ldap/cafile (default /etc/univention/ssl/ucsCA/CAcert.pem). The commits adds two UCRVs: * mail/dovecot/sieve/client/cafile is the CA file to use to connect to the local managesieve server (used by the listener module) (default /etc/univention/ssl/ucsCA/CAcert.pem) * mail/dovecot/auth/ssl_require_client_cert configures if a valid SSL client certificate is required (default no)
Commit 61648 make the postinst wait for Dovecot to generate the ssl-parameters file before restarting the listener. This is necessary in the case of fresh installations where previously created users with mailPrimaryAdresses make the listener create them, but Dovecot is not yet ready to receive connections (for Sieve script upload), because it is busy creating 2048 bit DH.
Commit 61831 / 0.0.0-50 moves auth cache flush for modrdn from command=a into command=r phase.
(In reply to Daniel Tröder from comment #13) > Commit 61831 / 0.0.0-50 moves auth cache flush for modrdn from command=a > into command=r phase. → OK, tested several times (In reply to Daniel Tröder from comment #12) > Commit 61648 make the postinst wait for Dovecot to generate the > ssl-parameters file before restarting the listener. After this commit, no related error message could be found in listener.log anymore. Code change seems reasonable. (In reply to Daniel Tröder from comment #11) > 61679 and 61681 (got separated because a merge conflict) modify the meaning > of the UCRV mail/dovecot/ssl/cafile. It now redines the CA for the > IMAP/POP3/managesieve server. → OK
All code related bugs are now in status VERIFIED; the manual related bug 38846 is currently open but will be fixed shortly → RESOLVED Several tests have been performed: - update of existing cyrus environments - update of existing OX environments - installation of the UCS mail stack with dovecot - switching between cyrus and dovecot (hint: NO migration of maildata! Just deinstalling dovecot and installing cyrus and vice versa) - ucs-tests
<http://errata.univention.de/ucs/4.0/232.html>
<http://errata.univention.de/ucs/4.0/233.html>
<http://errata.univention.de/ucs/4.0/234.html>
<http://errata.univention.de/ucs/4.0/238.html>
<http://errata.univention.de/ucs/4.0/239.html>
<http://errata.univention.de/ucs/4.0/237.html>