[Dovecot] unknown users

Firma Averlon info at averlon.net
Thu Jan 10 06:53:37 EET 2013 

Hi,
I know that the ldap query does not return the result I expected.

Question is why.
Question is why does doevcot look at ldap with the recipients e-Mail
address. What does dovecot look for?
Yes, I know, it is a password request. But why look for a password for
the recipients e-Mail address user?

Since I have static userdb the mailbox to deliver to is defined.
I agree, since the delivery mailbox has "%n" as part of the path, the
"uid" must get looked up somewhere, probably via ldap. But how to
configure this.

+++
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-35-generic x86_64 Ubuntu 12.04.1 LTS
auth_debug = yes
auth_mechanisms = plain login cram-md5
auth_username_format = %Lu
hostname = mail.av.loc
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = imap pop3 sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = </etc/ssl/private/dovecot.pem
syslog_facility = avdove
userdb {
  args = uid=vmail gid=vmail home=/home/vmail/%n
  driver = static
}
protocol lda {
  mail_plugins = " sieve"
  sendmail_path = /usr/sbin/sendmail
}
+++

In addition to my info before, here is my ldap file.

+++
hosts = localhost

dn = cn=aadmin,dc=averlon,dc=loc

#dnpass =

sasl_bind = no

auth_bind = no

ldap_version = 3

base = ou=user,dc=averlon,dc=loc

scope = onelevel

user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,
=mail=/home/vmail/%n/Maildir/

user_filter = (&(objectClass=posixAccount)(uid=%u))

pass_attrs = uid=user,userPassword=password

pass_filter = (&(objectClass=posixAccount)(uid=%u))

default_pass_scheme = MD5-CRYPT

+++

 I have switched off
"smtpd_tls_loglevel = 2"

Be ensured I have looked at the ldap page - but I am currently lost
where to configure what.


Regards
Karl-Heinz Fischbach


Am 08.01.2013 01:11, schrieb /dev/rob0:
> On Mon, Jan 07, 2013 at 08:00:37PM +0100, Averlon wrote:
>> can anyone tell me where these "unknown users" come from.
>> Jan 7 19:43:11 f42252se postfix/pipe[14632]: 9A86C30007C: 
>> to=<redmine at averlon.loc>, relay=spamassassin, delay=2.2, 
>> delays=0.05/0/0/2.1, dsn=2.0.0, status=sent (delivered via 
>> spamassassin service)
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: 9A86C30007C: removed
> The original message is successfully delivered to your content 
> filter.
>
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>> USER#0111#011redmine at averlon.loc#011service=lda
>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: 
>> ldap(redmine at averlon.loc): pass search: 
>> base=ou=user,dc=averlon,dc=loc scope=onelevel 
>> filter=(&(objectClass=posixAccount)(uid=redmine at averlon.loc)) 
>> fields=uid,userPassword
> Here's one of your LDAP queries.
>
>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(redmine at averlon.loc):
>> *unknown user*
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: BE0AC30007F:
>> to=<redmine at averlon.loc>, relay=dovecot, delay=0.02, delays=0/0/0/0.01,
>> dsn=5.1.1, status=bounced (user unknown)
> The content filter reinjects via sendmail(1), and the pipe(8) to the 
> Dovecot LDA fails. Your LDAP query is not returning what you expect, 
> or you're not querying for the right thing.
>
>> Jan  7 19:43:11 f42252se postfix/cleanup[14631]: C279030007E:
>> message-id=<20130107184311.C279030007E at mail.av.loc>
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: from=<>,
>> size=3182, nrcpt=1 (queue active)
>> Jan  7 19:43:11 f42252se postfix/bounce[14639]: BE0AC30007F: sender
>> non-delivery notification: C279030007E
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: BE0AC30007F: removed
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>> USER#0111#011avadmin at av.loc#011service=lda
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: ldap(avadmin at av.loc):
>> pass search: base=ou=user,dc=averlon,dc=loc scope=onelevel
>> filter=(&(objectClass=posixAccount)(uid=avadmin at av.loc))
>> fields=uid,userPassword
> There's another one of your queries, looking up the sender address 
> for delivery of the bounce.
>
>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(avadmin at av.loc): *unknown user*
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: C279030007E:
>> to=<avadmin at av.loc>, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
>> dsn=5.1.1, status=bounced (user unknown)
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: removed
> Same thing happens to the bounce. Being undeliverable, your mail is 
> gone.
>
>> +++
>> Tell me what you need as additional info.
> Turn off verbose logging in Postfix, as Charles pointed out. I guess 
> it's only the TLS logging that you have made verbose.
>
> Review the Dovecot wiki / wiki2 (you didn't say what version you are
> using?) page on LDAP.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130110/99d7cd46/attachment-0004.bin>

More information about the dovecot mailing list