[Dovecot] Master Login using MySQL problem - %{login_domain}

Tue Aug 17 20:02:01 EEST 2010

On 8/17/2010 9:45 AM, Timo Sirainen wrote:
> On Tue, 2010-08-17 at 08:50 -0700, Marc Perkel wrote:
>
>> Been trying to track this problem down further. The problem seems to be
>> related to verifying the master user failing.
> Show the whole dovecot -n output and the whole logs when master user is
> logging in? You've cut away some stuff I'd like to see.
>
>

dovecot -n

# 2.0.0: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-budarin.1 x86_64 Fedora release 12 (Constantine) simfs
auth_debug = yes
auth_master_user_separator = *
disable_plaintext_auth = no
dotlock_use_excl = yes
first_valid_uid = 12
info_log_path = /var/log/dovecot.log
log_path = /var/log/dovecot.log
login_greeting = Computer Tyme Dovecot ready.
mail_fsync = never
mail_gid = mail
mail_location = maildir:/vhome/%d/home/%n:INDEX=/imap-cache/%d-%n
mail_uid = mail
mmap_disable = yes
passdb {
   args = /etc/dovecot/sql.conf
   driver = sql
}
passdb {
   args = /etc/dovecot/domain-owner-sql.conf
   driver = sql
   master = yes
   pass = yes
}
passdb {
   args = /etc/dovecot/masteradmin-sql.conf
   driver = sql
   master = yes
   pass = yes
}
plugin {
   xexec = blacklist:/usr/local/dovecot/blacklist.sh %u
   xexec2 = whitelist:/usr/local/dovecot/whitelist.sh %u
   xexec3 = average:/usr/local/dovecot/average
   xexec4 = smtp:/usr/local/dovecot/smtp
}
protocols = imap pop3
service auth {
   unix_listener auth-client {
     mode = 0666
   }
   unix_listener auth-master {
     mode = 0666
   }
}
service imap-login {
   process_limit = 800
   process_min_avail = 100
   service_count = 0
   vsz_limit = 64
}
service imap {
   process_limit = 400
}
service pop3-login {
   process_limit = 800
   process_min_avail = 40
   service_count = 0
   vsz_limit = 64
}
service pop3 {
   process_limit = 400
}
ssl_cert = </usr/share/ssl/certs/imapd.pem
ssl_key = </usr/share/ssl/certs/imapd.pem
verbose_proctitle = yes
protocol pop3 {
   pop3_uidl_format = %v.%u
}

domain-owner-sql.conf

user_query = SELECT user_name, domain_name FROM users WHERE user_name = 
'%n' AND domain_name = '%d' AND owns_domain='1'

password_query = SELECT user_name, domain_name, password FROM users 
WHERE user_name = '%n' AND domain_name = '%d' AND owns_domain='1' \
AND '%d'='%{login_domain}'

Result:

Aug 17 09:59:17 auth: Debug: sql(tom at plf.net,127.0.0.1): query: SELECT 
user_name, domain_name, password FROM users WHERE user_name = 'tom' AND 
domain_name = 'plf.net' AND owns_domain='1' AND 'plf.net'=''
Aug 17 09:59:17 auth: Info: sql(tom at plf.net,127.0.0.1): unknown user
Aug 17 09:59:17 auth: Debug: sql(tom at plf.net,127.0.0.1): query: SELECT 
user_name, domain_name, password FROM users WHERE user_name = 'tom' AND 
domain_name = 'plf.net' AND masteradmin='1'
Aug 17 09:59:17 auth: Info: sql(tom at plf.net,127.0.0.1): unknown user
Aug 17 09:59:19 auth: Debug: client out: FAIL   10      user=tom at plf.net
Aug 17 09:59:19 imap-login: Info: Aborted login (auth failed, 1 
attempts): user=<tom at plf.net>, method=PLAIN, rip=127.0.0.1, 
lip=127.0.0.1, mpid=0, secured

Note - I have two different kinds of masters here. I have a masteradmin 
who can read anyone's email and I have domain owners who can read 
anyone's email in the same domain. At least that is what I'm hoping to do.