Re: Authentication Error with Dovecot

18 Apr 2015

      Hi Christian,
I tried to amend the acl the last time but it kept giving me error
stating "=" was needed. Could you please just help me amend the file
below with where you have the acl plugin appended .
Thanks
Kevin
# Listen addresses.
#   - '*' means all available IPv4 addresses.
#   - '[::]' means all available IPv6 addresses.
# Listen on all available addresses by default
listen = * [::]
#base_dir = /var/run/dovecot
mail_plugins = quota
# Enable fts fts_solr plugin globally for Solr Full Text Search Indexing
mail_plugins = $mail_plugins fts fts_solr
plugin {
fts = solr
#break-imap-search will use solr for indexing TEXT and BODY searches.
fts_solr = break-imap-search url=http://127.0.0.1:8983/solr/
fts_autoindex = yes
}
# Enabled mail protocols.
protocols = pop3 imap sieve lmtp
# User/group who owns the message files:
mail_uid = 2000
mail_gid = 2000
# Assign uid to virtual users.
first_valid_uid = 2000
last_valid_uid = 2000
# Logging. Reference: http://wiki2.dovecot.org/Logging
log_path = /var/log/dovecot.log
mail_debug = no
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
# Possible values: no, plain, sha1.
auth_verbose_passwords = no
# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
#ssl_ca =
# With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
# Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted
# insecurely.
disable_plaintext_auth = yes
# Allow plain text password per IP address/net
#remote 192.168.0.0/24 {
#   disable_plaintext_auth = no
#}
# Mail location and mailbox format.
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
# Authentication related settings.
# Append this domain name if client gives empty realm.
auth_default_realm =
# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN
# Limits the number of users that can be logging in at the same time.
# Default is 100.
# Note: this value can be overrided by "process_limit =" in service protocol.
# e.g.
#       protocol imap-login {
#           ...
#           process_limit = 500
#       }
#default_process_limit = 100
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
user = postfix
group = postfix
mode = 0666
}
unix_listener auth-master {
user = vmail
group = vmail
mode = 0666
}
unix_listener auth-userdb {
user = vmail
group = vmail
mode = 0660
}
}
# LMTP server (Local Mail Transfer Protocol).
# Reference: http://wiki2.dovecot.org/LMTP
service lmtp {
user = vmail
# For higher volume sites, it may be desirable to increase the number of
# active listener processes. A range of 5 to 20 is probably good for most
# sites.
process_min_avail = 5

# Logging.
# Require 'info_log_path =' in 'protocol lmtp {}' block.
executable = lmtp -L

# Listening on socket file and TCP
unix_listener /var/spool/postfix/private/dovecot-lmtp {
    user = postfix
    group = postfix
    mode = 0600
}

inet_listener lmtp {
    #address = 192.168.0.24 127.0.0.1 ::1
    port = 24
}
}
# Virtual mail accounts.
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master-users
master = yes
}
plugin {
auth_socket_path = /var/run/dovecot/auth-master
quota = dict:user::proxy::quotadict
quota_rule = *:storage=1G
#quota_rule2 = *:messages=0
#quota_rule3 = Trash:storage=1G
#quota_rule4 = Junk:ignore

# Quota warning.
# If user suddenly receives a huge mail and the quota jumps from
# 85% to 95%, only the 95% script is executed.
quota_warning = storage=85%% quota-warning 85 %u
quota_warning2 = storage=90%% quota-warning 90 %u
quota_warning3 = storage=95%% quota-warning 95 %u

# Plugin: autocreate. Create and subscribe to default IMAP folders.
autocreate = INBOX
autocreate2 = Sent
autocreate3 = Trash
autocreate4 = Drafts
autocreate5 = Junk
autosubscribe = INBOX
autosubscribe2 = Sent
autosubscribe3 = Trash
autosubscribe4 = Drafts
autosubscribe5 = Junk

# Plugin: expire.
#expire = Trash 7 Trash/* 7 Junk 30
#expire_dict = proxy::expire

# ACL and share folder
acl = vfile
acl_shared_dict = proxy::acl

# By default Dovecot doesn't allow using the IMAP "anyone" or
# "authenticated" identifier, because it would be an easy way to spam
# other users in the system. If you wish to allow it,
#acl_anyone = allow

# Pigeonhole managesieve service.
# Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
# Per-user sieve settings.
sieve_dir = /%Lh/sieve
sieve = /%Lh/sieve/dovecot.sieve

# Global sieve settings.
sieve_global_dir = /var/vmail/sieve
# Note: if user has personal sieve script, global sieve rules defined in
#       sieve_default will be ignored. Please use sieve_before or
#       sieve_after instead.
#sieve_default =

sieve_before = /var/vmail/sieve/dovecot.sieve
#sieve_after =

# The maximum number of redirect actions that can be performed during a
# single script execution. The meaning of 0 differs based on your version.
# For versions v0.3.0 and beyond this means that redirect is prohibited.
# For older versions, however, this means that the number of redirects is
# unlimited, so be careful.
#sieve_max_redirects = 4
}
service quota-warning {
executable = script /usr/local/bin/dovecot-quota-warning.sh
unix_listener quota-warning {
user = vmail
group = vmail
mode = 0660
}
}
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
dict {
#expire = db:/var/lib/dovecot/expire/expire.db
quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}
protocol lda {
# Reference: http://wiki2.dovecot.org/LDA
mail_plugins = $mail_plugins sieve autocreate
auth_socket_path = /var/run/dovecot/auth-master
log_path = /var/log/dovecot-sieve.log
lda_mailbox_autocreate = yes
postmaster_address = root
}
protocol lmtp {
# Log file
info_log_path = /var/log/dovecot-lmtp.log
# Plugins
mail_plugins = quota
# Enable fts fts_solr plugin globally for Solr Full Text Search Indexing
mail_plugins = $mail_plugins fts fts_solr
plugin {
  fts = solr
#break-imap-search will use solr for indexing TEXT and BODY searches.
fts_solr = break-imap-search url=http://127.0.0.1:8983/solr/
fts_autoindex = yes
}
postmaster_address = postmaster
lmtp_save_to_detail_mailbox = yes
recipient_delimiter = +
}
protocol imap {
mail_plugins = $mail_plugins imap_quota autocreate imap_acl
imap_client_workarounds = tb-extra-mailbox-sep
# Maximum number of IMAP connections allowed for a user from each
IP address.
# NOTE: The username is compared case-sensitively.
# Default is 10.
# Increase it to avoid issue like below:
# "Maximum number of concurrent IMAP connections exceeded"
mail_max_userip_connections = 20
}
protocol pop3 {
mail_plugins = $mail_plugins
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
# Maximum number of IMAP connections allowed for a user from each
IP address.
# NOTE: The username is compared case-sensitively.
# Default is 10.
mail_max_userip_connections = 20
}
# Login processes. Refer to Dovecot wiki for more details:
# http://wiki2.dovecot.org/LoginProcess
service imap-login {
service_count = 1
# To avoid startup latency for new client connections, set process_min_avail
# to higher than zero. That many idling processes are always kept around
# waiting for new connections.
#process_min_avail = 0

# number of simultaneous IMAP connections
#process_limit = $default_process_limit
process_limit = 500

# vsz_limit should be fine at its default 64MB value
#vsz_limit = 64M
}
service pop3-login {
service_count = 1
# number of simultaneous POP3 connections
#process_limit = 500
}
namespace {
type = private
separator = /
prefix =
#location defaults to mail_location.
inbox = yes
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
# this namespace should handle its own subscriptions or not.
subscriptions = yes
list = children
}
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
#    type = public
#    separator = /
#    prefix = Public/
#
#    # CONTROL=: Mark this public folder as read-only mailbox
#    # INDEX=: Per-user \Seen flag
#    location =
maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
#    # Allow users to subscribe to the public folders.
#    subscriptions = yes
#}
On Sun, Apr 19, 2015 at 3:11 AM, Christian Kivalo ml+dovecot@valo.at wrote:
...
Am 18. April 2015 22:05:01 MESZ, schrieb Kevin Laurie superinterstellar@gmail.com:
...
Hello,
I have some email authentication error with dovecot.
Could someone tell me what is the problem that is indicated below?
Is it due to some plugin?
yes as the log says
...
Apr 18 21:56:35 auth-worker(2057): Info: mysql(127.0.0.1): Connected
to database vmail
Apr 18 21:56:35 imap-login: Info: Login: user=user@mydomain.net,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2058, secured,
session=
Apr 18 21:56:35 imap: Error: Can't load plugin imap_acl_plugin: Plugin
acl must be loaded also (you must set: mail_plugins=$mail_plugins acl)
you should load the acl plugin... seems the "acl" entry from your last mail is now missing.
-c