On 2/18/2024 1:36 AM, Christian Kivalo wrote
What's the value of first_valid_uid and last_valid_uid in 10-mail.conf? Also including the output of doveconf -n with your question helps others help you.
first_valid_uid is 500, last_valid_uid is unset. doveconf -n output below. Sorry, I had stopped looking at the config after I found how that error message was produced (not related to the first_valid/last_valid check), but hadn't tracked down the exact cause yet last night.
The error I'm getting originates from (in the case of uid) https://github.com/dovecot/core/blob/main/src/lib-auth-client/auth-master.c#..., which would produce it if the result of str_to_uid() is negative. That function would return -1 if str_to_uintmax() or verify_xid() are negative. This is where my rusty C shows but take a look at verify_xid()...
static int verify_xid(uintmax_t l, unsigned int result_size) { unsigned int result_bits;
/* we assume that result is a signed type,
but that it can never be negative */
result_bits = result_size*CHAR_BIT - 1;
if ((l >> result_bits) != 0)
return -1;
return 0;
}
(result_size will be sizeof a uid_t)
the -1 here gives me the feeling that this might reject UIDs in the upper range of my system's uid_t, which is uint32 (e.g. it would reject UIDs greater than max int 32 but less than max uint 32).
Assuming I'm interpreting this correctly (a plenty big if, check my bitwise arithmetic), I would hesitate to call this a bug as it seems rather intentional? I do know that some systems have historically used int32 for UIDs but I think uint32 has been the case under Linux for time immemorial. Perhaps this check is necessary to avoid problems on platforms that do use a signed int for UIDs?
And just to check my work, I tried a user account that incidentally has a lower uid. That account works fine. I could potentially renumber or remap my UIDs but I am not too excited about doing that, on the other hand I don't know how feasible it is to change this behavior in Dovecot.
doveconf -n:
# 2.3.21 (47349e2482): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.20 (149edcf2) # OS: Linux 6.5.6-300.fc39.x86_64 x86_64 Fedora release 39 (Thirty Nine) xfs # Hostname: mx.waffle.tech auth_default_realm = waffle.tech auth_username_format = %n hostname = mx.waffle.tech mail_home = mbox:/var/mail/%n mail_location = mbox:/var/mail/%n/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = dovecot driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve.d/rejectspam.sieve } protocols = imap pop3 lmtp submission sieve service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 0 vsz_limit = 256 M } service managesieve { process_limit = 1024 } ssl = required ssl_cert = </etc/dovecot/ssl/chain.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it submission_relay_host = mx.infra.waffle.tech submission_relay_trusted = yes userdb { driver = passwd } protocol lmtp { mail_plugins = " sieve" } protocol lda { mail_plugins = " sieve" }