Dovecot 2.4.0
- Thread starter Tntdruid
- Start date
- Joined
- Aug 30, 2021
- Messages
- 1,135
We are still waiting for the official Dovecot developers position regarding the wildcard SNI feature support. It might turn out that this feature was removed intentionally 
.
We would like users to test out Dovecot 2.4.0 and collect feedback before we switch to this version as a default. It brings quite a lot of changes and improvements. However, without the wildcard SNI support, it is not really useful for bigger servers.
To help users try out Dovecot 2.4.0, we have added our own patch to the Dovecot 2.4.0 sources that restores the wildcard SNI functionality. An update with the patch is released.
.We would like users to test out Dovecot 2.4.0 and collect feedback before we switch to this version as a default. It brings quite a lot of changes and improvements. However, without the wildcard SNI support, it is not really useful for bigger servers.
To help users try out Dovecot 2.4.0, we have added our own patch to the Dovecot 2.4.0 sources that restores the wildcard SNI functionality. An update with the patch is released.
- Joined
- Aug 30, 2021
- Messages
- 1,135
@Tntdruid, things to check:
The Dovecot 2.4.0 SNI config have slightly different structure than old Dovecot.
Example from Dovecot 2.3.x
Example from Dovecot 2.4.0
Quick way to test SNI from the server CLI:
If the problem is present please open a support ticket so we could check it out on your server.
- DA version, patch is included in DirectAdmin 1.674
a5f0c3034ac3c5f9a5ef6b5fdae60c02eda403fa - Disable local Dovecot customizations in (remove or rename the
/usr/local/directadmin/custombuild/custom/dovecotdirectory) - Disable custom SNI config template (remove or rename the
/usr/local/directadmin/data/templates/custom/dovecot_sni_2.4.conffile)
The Dovecot 2.4.0 SNI config have slightly different structure than old Dovecot.
Example from Dovecot 2.3.x
/etc/dovecot/conf/sni/example.com.conf:
Code:
local_name "*.example.com example.com" {
ssl_cert = </usr/local/directadmin/data/users/jonas/domains/example.com.combined
ssl_key = </usr/local/directadmin/data/users/jonas/domains/example.com.key
}Example from Dovecot 2.4.0
/etc/dovecot/conf/sni/example.com.conf:
Code:
local_name "*.example.com" {
ssl_server_cert_file = /usr/local/directadmin/data/users/jonas/domains/example.com.cert.combined
ssl_server_key_file = /usr/local/directadmin/data/users/jonas/domains/example.com.key
}
local_name "example.com" {
ssl_server_cert_file = /usr/local/directadmin/data/users/jonas/domains/example.com.combined
ssl_server_key_file = /usr/local/directadmin/data/users/jonas/domains/example.com.key
}Quick way to test SNI from the server CLI:
Code:
# echo QUIT | openssl s_client -connect localhost:993 -servername example.com 2>&1 | grep 'subject='
subject=CN = *.example.com
# echo QUIT | openssl s_client -connect localhost:993 -servername mail.example.com 2>&1 | grep 'subject='
subject=CN = *.example.com
root@julius:~# echo QUIT | openssl s_client -connect localhost:993 -servername does.not.exist 2>&1 | grep 'subject='
subject=CN = server.hostname.comIf the problem is present please open a support ticket so we could check it out on your server.
Last edited:
zomebodi
Verified User
- Joined
- Sep 3, 2023
- Messages
- 56
I have a question. Dovecot 2.4 require dovecot_fts for full text search?
Will this continue to use that huge amount of gigabytes on Xapian's indexes?
After install Dovecot 2.4, i can see commands like doveadm fts rescan -u USER doesnt work (with dovecot_fts installed)
Will this continue to use that huge amount of gigabytes on Xapian's indexes?
After install Dovecot 2.4, i can see commands like doveadm fts rescan -u USER doesnt work (with dovecot_fts installed)
Last edited:
petersconsult
Verified User
- Joined
- Sep 10, 2021
- Messages
- 79
as per Dovecot's own docs, the command
to actually delete them, and then rebuild them, you must run these 2 commands:
has never worked fully; it just deletes the indexes..
to actually delete them, and then rebuild them, you must run these 2 commands:
that should do the trick for you..
F.Y.I. - It seems the dovecot POP3 logging changed.
2.3:
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
--
2.4:
pop3_logout_format = top=%{top_count}/%{top_bytes}, retr=%{retr_count}/%{retr_bytes}, del=%{deleted_count}/%{deleted_bytes}, size=%{message_bytes}, bytes=%{input}/%{output}
The main difference is - "del=%d/%m" changed to "%{deleted_count}/%{deleted_bytes}"
when user is using POP3 with keep server copy, I do not know how many emails still inside Inbox kept on server.
2.3:
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
--
2.4:
pop3_logout_format = top=%{top_count}/%{top_bytes}, retr=%{retr_count}/%{retr_bytes}, del=%{deleted_count}/%{deleted_bytes}, size=%{message_bytes}, bytes=%{input}/%{output}
The main difference is - "del=%d/%m" changed to "%{deleted_count}/%{deleted_bytes}"
when user is using POP3 with keep server copy, I do not know how many emails still inside Inbox kept on server.
petersconsult
Verified User
- Joined
- Sep 10, 2021
- Messages
- 79
Hi All,
Does anyone have feedback on upgrading to Dovecot 2.4?
any issues to watch out for?
Thank You!
Does anyone have feedback on upgrading to Dovecot 2.4?
any issues to watch out for?
Thank You!
Richard G
Verified User
Yes. Normally it should give no issues but there are some important changes.
1.) Port 25 gets blocked for SMTP traffic
2.) All authentication now needs to be ssl/tls now
3.) Some custom made Dovecot scripts might cause Dovecot not to start.
They can be easily found by looking at error logs or requesting Dovecot'ss status:
systemctl status dovecotnormally you see the error pointing to the cause.
One can make a choice if one want's to keep it this way or use non-ssl/tls as before totally or keep port 25 working etc..
This requires certain small custom changes, all options can be found here:
petersconsult
Verified User
- Joined
- Sep 10, 2021
- Messages
- 79
Thank you for the info @Richard G !
Say, do you think i can run the
i just want to make sure some of my custom settings won't get discarded (like the namespace, for one..)
Say, do you think i can run the
dovecot.conf update without yet running the Dovecot update itself?i just want to make sure some of my custom settings won't get discarded (like the namespace, for one..)
Richard G
Verified User
Sorry @petersconsult I don't know about Dovecot updates without Dovecot update itself.
Maybe @zEitEr has an idea about that, but I would be sure to have a backup to start with, so if required you can go back to the previous version (but I don't know how).
Maybe @zEitEr has an idea about that, but I would be sure to have a backup to start with, so if required you can go back to the previous version (but I don't know how).
petersconsult
Verified User
- Joined
- Sep 10, 2021
- Messages
- 79
Thank You so much for all your help!
May i ask 1 more question:
i'd really like to enable sending email through each domain's assigned IP rather than the server's IP (as described here in the docs)
Has anyone had experience with this?
the docs say 'dedicated IP', but these domains use a separate 'shared IP', is that not ok?
i know it's kind of off-topic for this discussion..
May i ask 1 more question:
i'd really like to enable sending email through each domain's assigned IP rather than the server's IP (as described here in the docs)
Has anyone had experience with this?
the docs say 'dedicated IP', but these domains use a separate 'shared IP', is that not ok?
i know it's kind of off-topic for this discussion..
Richard G
Verified User
and
Which one is it. It's either an assigned ip for each domain (or rather account) which is in fact a dedicated ip for each account, or it's a seperate shared ip, so 1 ip which is shared amongst a lot of acounts.
Looks to me you are talking about 2 seperate shared ip'.s
Like for example your business has 1 ip and an another admin or a reseller account has another shared ip which should send mail?
If you don't want to use the server's IP at all, then you can create the accounts on another ip and adjust Exim.
But I'm not sure if both things are possible, so 2 shared ip's which both send mail. Maybe, but I don't know.
zEitEr
Super Moderator
The first command from the output will update binaries with configs, the latest one will update only configs:
Bash:
# da build | grep dovecot
da build dovecot
da build dovecot_conf # Update Dovecot configuration filespetersconsult
Verified User
- Joined
- Sep 10, 2021
- Messages
- 79
Sorry @Richard G , i didn't express myself correctly:
i have several domains & users on the main IP
but there are also 2 other shared IPs, each used by 2~3 users, each with 1~6 domains..
What i would love to do, is for each domain to use its primary IP as the sender IP in Exim..
several of these domains use phpList, not super often, and not for very large lists, but i'd still like to keep each of them sending on their own IP, rather tan everything going out through the server's primary IP..
Thank you both so much for the help!
i have several domains & users on the main IP
but there are also 2 other shared IPs, each used by 2~3 users, each with 1~6 domains..
What i would love to do, is for each domain to use its primary IP as the sender IP in Exim..
several of these domains use phpList, not super often, and not for very large lists, but i'd still like to keep each of them sending on their own IP, rather tan everything going out through the server's primary IP..
Thank you both so much for the help!