At 9PM +0100 on 14/12/12 Andreas Meyer wrote:
Ben Morrow <ben@morrow.me.uk> wrote:
At 5PM +0100 on 14/12/12 Andreas Meyer wrote:
Some month ago I upgraded our dovecot installation from version 1.0.5 to version 2.1.7 without having any trouble. Postfix is delivering email directly per virtual transport to the maildirs and mailboxes of the users in /var/spool/vhosts/domains/....
<snip>
I set soft_bounce = yes in main.cf of postfix and delivery of mail fails with
Dec 14 16:13:34 delta postfix/virtual[14082]: BBC0F1B31294: to=<xyz@anup.de>, relay=virtual, delay=395, delays=395/0.01/0/0.13, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "xyz@anup.de")
What happens if you run
echo "foo" | /usr/libexec/dovecot/dovecot-lda \ -f xyz@anup.de -d xyz@anup.de
in the shell (as the vmail user)? Does it fail with exit code 67? This is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know how to deliver to this user'. Either xyz@anup.de is not a valid address at that domain, or you haven't made the auth-userdb socket available to the vmail user. See http://wiki2.dovecot.org/LDA, under the section 'Virtual users'.
I did this in the shell:
delta:/ # su vmail delta:/ # whoami root
So su didn't work. That's often the case with daemon users, because they often don't have a login shell. Read the manpage for your system's su to find out if you can override that, and how (I can't help you here, since your su is probably different from mine). You may have more luck with sudo, if you've got it installed.
delta:/ # echo "test" | /usr/libexec/dovecot/dovecot-lda -f anmeyer@anup.de -d anmeyer@anup.de
and the mail was delivered to the mailbox without error. Maybe the vmail user is the problem?
That is delivered to 'anmayer@anup.de', which looks a lot more like a real address than 'xyz@anup.de'.
When I send an email from my desktop I get this in the mail.log: Dec 14 21:19:42 delta postfix/virtual[16185]: A6E511B3128A: to=<anmeyer@anup.de>, relay=virtual, delay=0.15, delays=0.08/0.01/0/0.06, dsn=4.1.1, status=SOFTBOUNCE (unknown user: "anmeyer@anup.de")
So it's likely the vmail user can't read the userdb; do you not get any logs from dovecot-lda? (You may not if Dovecot is using custom logs rather than syslog, and vmail doesn't have write access.)
The line of the /etc/shadow for vmail looks like this: vmail::13940:0:99999:7:::
How is that relevant? AFAIK the login shell lives in /etc/passwd on shadow-password systems.
At 11AM +0100 on 15/12/12 Andreas Meyer wrote:
# id vmail uid=5000(vmail) gid=5000(vmail) Gruppen=5000(vmail)
# su vmail echo "foo" | /usr/libexec/dovecot/dovecot-lda -f anmeyer@anup.de -d anmeyer@anup.de an empty email with 0 B gets delivered to the maildir of anmeyer@anup.de
That command-line attempts to run 'echo "foo"' as the vmail user, and dovecot-lda as root (and I don't know if the arguments to su are correct; on my system they wouldn't be). You *really* need to learn how to use your operating system before you try anything relatively complicated like setting up a mail server.
in the shell (as the vmail user)? Does it fail with exit code 67? This is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know how to deliver to this user'. Either xyz@anup.de is not a valid address at that domain, or you haven't made the auth-userdb socket available to the vmail user. See http://wiki2.dovecot.org/LDA, under the section 'Virtual users'.
I already added
service auth { unix_listener auth-userdb { mode = 0600 user = vmail # User running dovecot-lda group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group
You're supposed to understand the comments and then remove them, not copy them blindly without reading them.
}
}
to the dovecot.conf.
Well, that looks OK to me; but the only way to test it is to manually run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot sockets directory? Does it have the right permissions?
How does dovecot know there is a socket in /var/spool/postfix/private/dovecot? And how does dovecot-lda know to look there. Am I missunderstanding something?
Yes, you are misunderstanding something. It works (something) like this:
- A mail comes in to Postfix.
- Postfix decides this mail is local.
- Postfix sends the mail through /var/spool/postfix/private/dovecot
to a Postfix pipe(8) process on the other end.
- That pipe(8) process runs dovecot-lda, as the vmail user.
- dovecot-lda reads dovecot.conf.
- dovecot-lda contacts the Dovecot auth process using the
auth-userdb socket.
- If the user exists, it delivers the mail to their mailbox.
No Dovecot process needs to know anything at all about the Postfix socket, it's just for internal communication between different bits of Postfix. Have you read the Postfix documentation?
I am lost. I don't if the mail is handed over to dovecot-lda and if so why it can't find the passwd-file.
If the mail was handed over to dovecot-lda, it ought to be logging *something*. Find out where those logs should go; if they aren't appearing, you need to fix that. Syslog is IMHO a better bet than custom log files.
Ben