Just discovered the the config which was working for a while is not working now. (we are constantly upgrading dovecot).
we have smtp/imap/pop3/sieveEnabled field in our LDAP directory to control which user is able to use witch services.
The pass filter was used for control the usage for years now with %LsEnabled filter (see below at config dump)
We just discovered that this filter is not working anymore! We not even see any pass_filter queries in LDAP.
We see user_filter queries but no pass_filter queries.
dovecot -n
# 2.3.9.3 (9f41b88fa): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.9 (db4e9a2f)
# OS: Linux 4.19.87-1.ph3-esx x86_64 xfs
# Hostname: 26feef366ef9
auth_cache_negative_ttl = 1 mins
auth_cache_size = 10 M
auth_cache_ttl = 1 mins
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = login plain
auth_verbose = yes
default_vsz_limit = 512 M
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
first_valid_gid = 901
first_valid_uid = 901
hostname = mail.****.**
imap_client_workarounds = tb-extra-mailbox-sep
imapc_features = rfc822.size fetch-headers
imapc_host = x.x.x.x
imapc_master_user = masteruser
imapc_password = # hidden, use -P to show it
imapc_user = %u
last_valid_gid = 901
last_valid_uid = 901
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_gid = 901
mail_home = /vmail/%d/%n/
mail_location = maildir:/vmail/%d/%n/
mail_plugins = " quota zlib trash fts fts_solr"
mail_prefetch_count = 20
mail_privileged_group = mail
mail_uid = 901
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=
http://hostname:8983/solr/dovecot/ quota = dict:user::file:/vmail/%d/%n/dovecot.quota
quota_exceeded_message = The quota of the recipient is full, please try it again later
sieve = /vmail/%d/%n/dovecot.sieve
sieve_dir = /vmail/.sieve/%u
sieve_max_redirects = 20
trash = /etc/dovecot/dovecot-trash.conf.ext
zlib_save = gz
zlib_save_level = 6
}
pop3_client_workarounds = outlook-no-nuls
postmaster_address =
postmaster@hostname.comprotocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service doveadm {
inet_listener http {
port = 8099
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 4
service_count = 0
vsz_limit = 2 G
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service stats {
unix_listener stats-reader {
group = mail
mode = 0666
user =
}
unix_listener stats-writer {
group = mail
mode = 0666
user =
}
}
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </ssl/cert.pem
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
mail_plugins = " quota zlib trash fts fts_solr sieve quota zlib"
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = " quota zlib trash fts fts_solr imap_quota zlib"
}
protocol pop3 {
mail_plugins = " quota zlib trash fts fts_solr quota"
}