Issue with exim and auth protocol [Solution found]

Thu Jul 31 07:33:10 UTC 2014

On 30/07/2014 23:32, Gedalya wrote:
> Could it be related to something in your dovecot configuration (which
> you didn't post)?
> Despite the fact that an interesting conversation is developing in the
> exim bug report, this setup does usually work, including on one of
> your servers as you have indicated. On my end, I never had issues
> between dovecot 2.1.7 and 2.2.13, using the exact same authenticator
> config in exim.

See at the end of the e-mail my dovecot configuration (my
/etc/dovecot/local.conf). This configuration is included by the default
dovecot configuration (as packaged by Debian, but I think there are not
so many changes made by Debian).

I agree that it could be related to my configuration, but I don't see
how the changes I made could have altered how the auth server is working.

I'm looking at the dovecot sources and found two different
implementation for the auth protocol. One in auth-master-connection.c
and one in auth-client-connection.c. One seems to send SPID and VERSION
and wait for further commands before continuing. The other send the
complete handshake.

I think I'm connecting to a socket speaking the wrong protocol.

exim is configured to use socket /var/run/dovecot/auth-userdb
dovecot has the following configuration in 10-master.conf:

service auth {
  # ... some comments removed ...
  unix_listener auth-userdb {
    #mode = 0666
    #user =
    #group =
  }
}

I think I completely misunderstood how dovecot sockets were configured ...
If I set up exim to connect to auth-client instead of auth-userdb, it
fixes the problem (I get a meaningful error message, probably because
things are not configured properly elsewhere).

What I don't understand is that the socket auth-client is nowhere to be
found in the configuration. Where is it specified?

Also, I don't understand because the production server I have currently
running have the following configuration in 10-master.conf:

service auth {
  unix_listener auth-userdb {
    mode = 0660
    user = vmail
    group = vmail
  }

  #SASL
  unix_listener auth-client {
    mode = 0660
    user = vmail
    group = vmail
  }
}

And exim is configured to use auth-client socket, and everything works.
I naively thought that I could remove auth-client and use auth+userdb
instead when I was looking at this configuration.

Could someone enlighten me how sockets are configured in dovecot?

Thanks,

Mildred

##### /etc/dovecot/local.conf #####

!include conf.d/auth-passwdfile.conf.ext

log_path = /dev/stderr
# FIXME: remove debug log
auth_verbose = yes
auth_verbose_passwords = plain
auth_debug = yes
auth_debug_passwords = yes

mail_location = maildir:~/Maildir
first_valid_uid = 1

ssl_cert = </var/mail/ssl.crt
ssl_key  = </var/mail/ssl.key

recipient_delimiter = -
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
  mail_plugins = $mail_plugins sieve
}

protocol imap {
  mail_max_userip_connections = 100
}

protocol lmtp {
  mail_plugins = $mail_plugins sieve
}

service managesieve-login {
}
service managesieve {
}
protocol sieve {
}

plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  recipient_delimiter = -
}

!include /var/mail/dovecot.user.conf
# Note that /var/mail/dovecot.user.conf is empty. It is for further user
customisation in a docker container.