diff options
-rw-r--r-- | common.yml | 2 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf | 3 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf | 35 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-master.conf | 14 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 16 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf | 109 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf | 3 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf | 25 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext | 2 | ||||
-rw-r--r-- | roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | 5 | ||||
-rw-r--r-- | roles/IMAP/tasks/imap.yml | 17 | ||||
-rw-r--r-- | roles/IMAP/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/IMAP/templates/etc/postfix/main.cf.j2 | 7 | ||||
-rw-r--r-- | roles/common/files/etc/logcheck/ignore.d.server/dovecot-local | 7 |
14 files changed, 139 insertions, 108 deletions
@@ -41,7 +41,7 @@ - common-web - name: Configure amavis - hosts: MDA:out + hosts: out gather_facts: False tags: amavis roles: diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf index cf0189e..d4f323d 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-auth.conf @@ -6,7 +6,8 @@ # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. -disable_plaintext_auth = yes +# See also ssl=required setting. +#disable_plaintext_auth = yes # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf index dcc1d9c..c98d3f6 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-mail.conf @@ -107,7 +107,7 @@ namespace virtual { #list = children #} # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? -#mail_shared_explicit_inbox = yes +#mail_shared_explicit_inbox = no # System user and group used to access mails. If you use multiple, userdb # can override these by returning uid or gid fields. You can use either numbers @@ -133,6 +133,10 @@ mail_gid = vmail # or ~user/. #mail_full_filesystem_access = no +# Dictionary for key=value mailbox attributes. Currently used by URLAUTH, but +# soon intended to be used by METADATA as well. +#mail_attribute_dict = + ## ## Mail processes ## @@ -151,13 +155,6 @@ mail_gid = vmail # never: Never use it (best performance, but crashes can lose data) #mail_fsync = optimized -# Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches -# whenever needed. If you're using only a single mail server this isn't needed. -#mail_nfs_storage = no -# Mail index files also exist in NFS. Setting this to yes requires -# mmap_disable=yes and fsync_disable=no. -#mail_nfs_index = no - # Locking method for index files. Alternatives are fcntl, flock and dotlock. # Dotlocking uses some tricks which may create more disk I/O than other locking # methods. NFS users: flock doesn't work, remember to change mmap_disable. @@ -170,14 +167,14 @@ mail_gid = vmail # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. -first_valid_uid = 1 +#first_valid_uid = 500 #last_valid_uid = 0 # Valid GID range for users, defaults to non-root/wheel. Users having # non-valid GID as primary group ID aren't allowed to log in. If user # belongs to supplementary groups with non-valid GIDs, those groups are # not set. -first_valid_gid = 1 +#first_valid_gid = 1 #last_valid_gid = 0 # Maximum allowed length for mail keyword name. It's only forced when trying @@ -216,6 +213,10 @@ mail_plugins = virtual zlib ## Mailbox handling optimizations ## +# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are +# also required for IMAP NOTIFY extension to be enabled. +mailbox_list_index = yes + # The minimum number of mails in a mailbox before updates are done to cache # file. This allows optimizing Dovecot's behavior to do less disk writes at # the cost of more disk reads. @@ -267,6 +268,10 @@ mail_plugins = virtual zlib # broken size. The performance hit for enabling this is very small. #maildir_broken_filename_sizes = no +# Always move mails from new/ directory to cur/, even when the \Recent flags +# aren't being reset. +#maildir_empty_new = no + ## ## mbox-specific settings ## @@ -285,8 +290,14 @@ mail_plugins = virtual zlib # in is important to avoid deadlocks if other MTAs/MUAs are using multiple # locking methods as well. Some operating systems don't allow using some of # them simultaneously. +# +# The Debian value for mbox_write_locks differs from upstream Dovecot. It is +# changed to be compliant with Debian Policy (section 11.6) for NFS safety. +# Dovecot: mbox_write_locks = dotlock fcntl +# Debian: mbox_write_locks = fcntl dotlock +# #mbox_read_locks = fcntl -#mbox_write_locks = dotlock fcntl +#mbox_write_locks = fcntl dotlock # Maximum time to wait for lock (all of them) before aborting. #mbox_lock_timeout = 5 mins @@ -350,8 +361,6 @@ mail_plugins = virtual zlib # also allows single instance storage for them. Other backends don't support # this for now. -# WARNING: This feature hasn't been tested much yet. Use at your own risk. - # Directory root where to store mail attachments. Disabled, if empty. #mail_attachment_dir = diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf index 30e9fb6..189e96e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf @@ -8,25 +8,25 @@ # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. -default_login_user = dovenull +#default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. -default_internal_user = dovecot +#default_internal_user = dovecot service imap-login { inet_listener imap { port = 0 } inet_listener imaps { - port = 993 - ssl = yes + #port = 993 + #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> - service_count = 1 + #service_count = 1 # Max. number of IMAP processes (logins) process_limit = 256 @@ -46,8 +46,6 @@ service pop3-login { #port = 995 #ssl = yes } - - service_count = 1 } service lmtp { @@ -112,7 +110,7 @@ service auth { } # Auth process is run as this user. - user = $default_internal_user + #user = $default_internal_user } service auth-worker { diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index 526da9c..90843b2 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -26,6 +26,13 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes +# Directory and/or file for trusted SSL CA certificates. These are used only +# when Dovecot needs to act as an SSL client (e.g. imapc backend). The +# directory is usually /etc/ssl/certs in Debian-based systems and the file is +# /etc/pki/tls/cert.pem in RedHat-based systems. +#ssl_client_ca_dir = +#ssl_client_ca_file = + # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no @@ -35,10 +42,8 @@ ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 168 +# DH parameters length to use. +#ssl_dh_parameters_length = 1024 # SSL protocols to use ssl_protocols = !SSLv2 @@ -46,5 +51,8 @@ ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH +# Prefer the server's order of ciphers over client's. +#ssl_prefer_server_ciphers = no + # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf index 2557b78..1807e05 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/20-imap.conf @@ -2,67 +2,70 @@ ## IMAP specific settings ## -protocol imap { - # Maximum IMAP command line length. Some clients generate very long command - # lines with huge mailboxes, so you may need to raise this if you get - # "Too long argument" or "IMAP command line too large" errors often. - #imap_max_line_length = 64k +# Maximum IMAP command line length. Some clients generate very long command +# lines with huge mailboxes, so you may need to raise this if you get +# "Too long argument" or "IMAP command line too large" errors often. +#imap_max_line_length = 64k - # Maximum number of IMAP connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - mail_max_userip_connections = 16 +# IMAP logout format string: +# %i - total number of bytes read from client +# %o - total number of bytes sent to client +#imap_logout_format = in=%i out=%o - # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins antispam +# Override the IMAP CAPABILITY response. If the value begins with '+', +# add the given capabilities on top of the defaults (e.g. +XFOO XBAR). +#imap_capability = - # IMAP logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - #imap_logout_format = bytes=%i/%o +# How long to wait between "OK Still here" notifications when client is +# IDLEing. +#imap_idle_notify_interval = 2 mins - # Override the IMAP CAPABILITY response. If the value begins with '+', - # add the given capabilities on top of the defaults (e.g. +XFOO XBAR). - #imap_capability = +# ID field names and values to send to clients. Using * as the value makes +# Dovecot use the default value. The following fields have default values +# currently: name, version, os, os-version, support-url, support-email. +#imap_id_send = - # How long to wait between "OK Still here" notifications when client is - # IDLEing. - #imap_idle_notify_interval = 2 mins +# ID fields sent by client to log. * means everything. +#imap_id_log = - # ID field names and values to send to clients. Using * as the value makes - # Dovecot use the default value. The following fields have default values - # currently: name, version, os, os-version, support-url, support-email. - #imap_id_send = +# Workarounds for various client bugs: +# delay-newmail: +# Send EXISTS/RECENT new mail notifications only when replying to NOOP +# and CHECK commands. Some clients ignore them otherwise, for example OSX +# Mail (<v2.1). Outlook Express breaks more badly though, without this it +# may show user "Message no longer in server" errors. Note that OE6 still +# breaks even with this workaround if synchronization is set to +# "Headers Only". +# tb-extra-mailbox-sep: +# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and +# adds extra '/' suffixes to mailbox names. This option causes Dovecot to +# ignore the extra '/' instead of treating it as invalid mailbox name. +# tb-lsub-flags: +# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). +# This makes Thunderbird realize they aren't selectable and show them +# greyed out, instead of only later giving "not selectable" popup error. +# +# The list is space-separated. +#imap_client_workarounds = - # ID fields sent by client to log. * means everything. - #imap_id_log = +# Host allowed in URLAUTH URLs sent by client. "*" allows all. +#imap_urlauth_host = - # Workarounds for various client bugs: - # delay-newmail: - # Send EXISTS/RECENT new mail notifications only when replying to NOOP - # and CHECK commands. Some clients ignore them otherwise, for example OSX - # Mail (<v2.1). Outlook Express breaks more badly though, without this it - # may show user "Message no longer in server" errors. Note that OE6 still - # breaks even with this workaround if synchronization is set to - # "Headers Only". - # tb-extra-mailbox-sep: - # Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and - # adds extra '/' suffixes to mailbox names. This option causes Dovecot to - # ignore the extra '/' instead of treating it as invalid mailbox name. - # tb-lsub-flags: - # Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). - # This makes Thunderbird realize they aren't selectable and show them - # greyed out, instead of only later giving "not selectable" popup error. - # - # The list is space-separated. - #imap_client_workarounds = +protocol imap { + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins - # Load the 'antispam' plugin for people using the content filter. - # (Otherwise fallback to the static userdb.) - userdb { - driver = ldap - args = /etc/dovecot/dovecot-ldap-userdb.conf.ext + # Maximum number of IMAP connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 16 - # Default fields can be used to specify defaults that LDAP may override - default_fields = home=/home/mail/virtual/%d/%n - } +# # TODO Load the 'antispam' plugin for people using the content filter. +# # (Otherwise fallback to the static userdb.) +# userdb { +# driver = ldap +# args = /etc/dovecot/dovecot-ldap-userdb.conf.ext +# +# # Default fields can be used to specify defaults that LDAP may override +# default_fields = home=/home/mail/virtual/%d/%n +# } } diff --git a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf index b0be573..cd48ab8 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/20-lmtp.conf @@ -10,6 +10,9 @@ # lda_mailbox_autocreate settings. #lmtp_save_to_detail_mailbox = no +# Verify quota before replying to RCPT TO. This adds a small overhead. +#lmtp_rcpt_check_quota = no + protocol lmtp { postmaster_address = postmaster@fripost.org # Space separated list of plugins to load (default is global mail_plugins). diff --git a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf index 4d0420a..8308adc 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/90-sieve.conf @@ -1,6 +1,6 @@ ## ## Settings for the Sieve interpreter -## +## # Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf # by adding it to the respective mail_plugins= settings. @@ -22,7 +22,7 @@ plugin { # is also where the ManageSieve service stores the user's scripts. sieve_dir = ~/sieve - # Directory for :global include scripts for the include extension. + # Directory for :global include scripts for the include extension. #sieve_global_dir = # Path to a script file or a directory containing script files that need to be @@ -39,17 +39,17 @@ plugin { # user's script (only when keep is still in effect!). Multiple script file or # directory paths can be specified by appending an increasing number. #sieve_after = - #sieve_after2 = + #sieve_after2 = #sieve_after2 = (etc...) - # Which Sieve language extensions are available to users. By default, all + # Which Sieve language extensions are available to users. By default, all # supported extensions are available, except for deprecated extensions or # those that are still under development. Some system administrators may want # to disable certain Sieve extensions or enable those that are not available # by default. This setting can use '+' and '-' to specify differences relative # to the default. For example `sieve_extensions = +imapflags' will enable the # deprecated imapflags extension in addition to all extensions were already - # enabled by default. + # enabled by default. #sieve_extensions = +notify +imapflags # Which Sieve language extensions are ONLY available in global scripts. This @@ -57,7 +57,7 @@ plugin { # control, for instance when these extensions can cause security concerns. # This setting has higher precedence than the `sieve_extensions' setting # (above), meaning that the extensions enabled with this setting are never - # available to the user's personal script no matter what is specified for the + # available to the user's personal script no matter what is specified for the # `sieve_extensions' setting. The syntax of this setting is similar to the # `sieve_extensions' setting, with the difference that extensions are # enabled or disabled for exclusive use in global scripts. Currently, no @@ -68,13 +68,14 @@ plugin { # setting, the used plugins can be specified. Check the Dovecot wiki # (wiki2.dovecot.org) or the pigeonhole website # (http://pigeonhole.dovecot.org) for available plugins. + # The sieve_extprograms plugin is included in this release. #sieve_plugins = - # The separator that is expected between the :user and :detail - # address parts introduced by the subaddress extension. This may - # also be a sequence of characters (e.g. '--'). The current - # implementation looks for the separator from the left of the - # localpart and uses the first one encountered. The :user part is + # The separator that is expected between the :user and :detail + # address parts introduced by the subaddress extension. This may + # also be a sequence of characters (e.g. '--'). The current + # implementation looks for the separator from the left of the + # localpart and uses the first one encountered. The :user part is # left of the separator and the :detail part is right. This setting # is also used by Dovecot's LMTP service. recipient_delimiter = + @@ -99,6 +100,6 @@ plugin { # The maximum amount of disk storage a single user's scripts may occupy. If # set to 0, no limit on the used amount of disk storage is enforced. - # (Currently only relevant for ManageSieve) + # (Currently only relevant for ManageSieve) #sieve_quota_max_storage = 0 } diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext index 5237fc2..360727e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext @@ -1,4 +1,4 @@ -# Authentication for LDAP users. Included from auth.conf. +# Authentication for LDAP users. Included from 10-auth.conf. # # <doc/wiki/AuthDatabase.LDAP.txt> diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext index 1ffa73d..72f4604 100644 --- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext @@ -1,3 +1,6 @@ +# This file is commonly accessed via passdb {} or userdb {} section in +# conf.d/auth-ldap.conf.ext + # This file is opened as root, so it should be owned by root and mode 0600. # # http://wiki2.dovecot.org/AuthDatabase/LDAP @@ -90,7 +93,7 @@ ldap_version = 3 base = fvl=%n,fvd=%d,ou=virtual,dc=fripost,dc=org # Dereference: never, searching, finding, always -deref = never +#deref = never # Search scope: base, onelevel, subtree scope = base diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index b142ba6..9365640 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -17,13 +17,16 @@ password=! state=present -# Required for dbox, see -# http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox -- name: Create a nightly cron job to purge expunged messages - cron: name="Purge expunged messages" - minute=7 hour=5 - user=vmail cron_file=doveadm-purge - job="/usr/bin/doveadm purge -A" +## TODO: make a LDAP query listing all users using iterate_attrs and +## iterate_filter. (Alternatively, use a dict, see +## https://www.opensource.apple.com/source/dovecot/dovecot-293/dovecot.Config/dovecot-dict-auth.conf.ext) +## Required for dbox, see +## http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox +#- name: Create a nightly cron job to purge expunged messages +# cron: name="Purge expunged messages" +# minute=7 hour=5 +# user=vmail cron_file=doveadm-purge +# job="/usr/bin/doveadm purge -A" # The ownership and permissions ensure that dovecot won't try to # deliver mails under an umounted mountpoint. diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml index c6fbbd9..9ed2ea6 100644 --- a/roles/IMAP/tasks/main.yml +++ b/roles/IMAP/tasks/main.yml @@ -1,4 +1,4 @@ --- - include: imap.yml tags=imap,dovecot - include: mda.yml tags=mda,mail,postfix -- include: spam.yml tags=spam,spamassassin +#- include: spam.yml tags=spam,spamassassin # TODO spam filter diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index c775a73..ef2f0d6 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -91,13 +91,14 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender -smtpd_recipient_restrictions = - # RFC requirements - reject_non_fqdn_recipient +smtpd_relay_restrictions = permit_mynetworks permit_tls_clientcerts reject +smtpd_recipient_restrictions = + reject_non_fqdn_recipient + smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local index d6826a1..b27e736 100644 --- a/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local +++ b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local @@ -6,9 +6,10 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Connection closed(: Connection reset by peer)?( in=[[:digit:]]+ out=[[:digit:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, mpid=[0-9]+(, (TLS|secured), session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[^>]+>$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts in [[:digit:]]+ secs\):( user=<>,)?|\(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|SSL)( handshaking)?(: SSL_(accept|read)\(\) (syscall failed: Connection reset by peer|failed: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure: SSL alert number 10|failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46|failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48|failed: error:[[:xdigit:]]+:SSL routines:SSL2?3_GET_CLIENT_HELLO:(unknown protocol|http request|no shared cipher))|: Disconnected)?|, secured)?, session=<[^>]+>$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts in [[:digit:]]+ secs\):( user=<>,)?|\(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|SSL)( handshaking)?(: SSL_(accept|read)\(\) (syscall failed: Connection reset by peer|failed: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure: SSL alert number 10|failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42|failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46|failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48|failed: error:[[:xdigit:]]+:SSL routines:SSL2?3_GET_CLIENT_HELLO:(unknown protocol|http request|no shared cipher))|: Disconnected)?|, secured)?, session=<[^>]+>$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth: Warning: auth client [[:digit:]]+ disconnected with [[:digit:]]+ pending requests: EOF$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Warning: Auth connection closed with [[:digit:]]+ pending requests \(max [[:digit:]]+ secs, pid=[[:digit:]]+, EOF\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected \((auth process communication failure|client didn't finish SASL auth, waited [[:digit:]]+ secs)\): user=<>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: SSL_read\(\) syscall failed: Connection reset by peer)?, session=<[^>]+>)?$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected \((auth process communication failure|client didn't finish SASL auth, waited [[:digit:]]+ secs)\): user=<>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: SSL_read\(\) syscall failed: Connection reset by peer|: Disconnected)?, session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL alert number 10$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap-login: (Disconnected: Inactivity during authentication|Aborted login) \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]*>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: Disconnected)?, session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected \(tried to use unsupported auth mechanism\): user=<>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured), session=<[^>]+>)?$ @@ -16,7 +17,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Maximum number of connections from user\+IP exceeded \(mail_max_userip_connections=[[:digit:]]+\): user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured), session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+\): Connect from local$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+\): Disconnect from local: (Client quit|Connection closed) \(in reset\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): [+/[:alnum:]]{22}: sieve: msgid=(<[^>]+>|unspecified): (stored mail into mailbox '|marked message to be discarded if not explicitly delivered \(discard action\)$) +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): [+/[:alnum:]]{22}: sieve: msgid=(\S+ )?|<[^>]*>( \(added by \S+\))?: (stored mail into mailbox '|marked message to be discarded if not explicitly delivered \(discard action\)$|forwarded to ) ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): Error: [+/[:alnum:]]{22}: sieve: execution of script \S+ failed, but implicit keep was successful \(user logfile \S+ may reveal additional details\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([0-9]+\): Disconnect from local: Successful quit$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, mpid=[0-9]+(, TLS, session=<[^>]+>)?$ |