Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot is v2.4.1. I have thus far been able to successfully configure the server for smtp and imap support for my primary domain (we'll say user@example.com who is a linux user with a home folder). I have been even been able to configure postfix to have virtual mailboxes and aliases, and from ssh I can can even see that the mail gets delivered to the correct place. However, I am struggling to set up dovecot to authenticate a virtual mailbox user (we'll say user@example.net who only has a virtual mailbox).
This documentation page describes the process to configure multiple authentication databases. It describes being able to use multiple passdb and userdb sections in order to authenticate dovecot users. Based upon what it suggested, I tried this configuration:
Snippet from /etc/dovecot/dovecot.conf
passdb passwd-file {
So example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to PAM for unix users
passdb pam { }
userdb passwd-file { passwd_file_path = /etc/dovecot/passwd/%{user | domain} }
Fall thru to /etc/passwd for unix users
userdb passwd { }
Snippet from /etc/dovecot/passwd/example.net
support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::
This is the configuration I landed on that hypothetically checks multiple databases for authentication that allows at least user@example.com to still login with Thunderbird and do email stuff. However it does not authenticate user@example.net. The biggest difference between my config and the example is that they use a sql database while I am trying the passwd-file database. In principle this seems like it should work, unless I am understanding the dovecot docs or have made my passwd file incorrectly. I even tried reversing the order of userdb and passdb sections to see if it would help to no avail.
This thread seems to address a similar issue, and more or less has the same configuration setup suggested as the one in the snippet above. It's also from 2006 so the API looks kinda different from the current docs.
This thread is from 2013 addressing a similar issue, but despite again different API it translates to more or less what the snippet above shows.
Here is the journalctl output from when I tried to login as user@example.net:
journalctl -xeu dovecot | tail
Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): check pass; user unknown Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user@example.net rhost=10.0.0.1 Dec 29 11:41:19 example.com dovecot[4700]: imap-login: Login aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): user=<user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, TLS, session=<z8Tj3hlHkLxJMmuL>
The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting.
I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong?
Thanks for reading, ~ Ethan Merrill
Hello, I hope this is the right mailing list to send questions to. Please direct me where to go if it is not. Thanks.
I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot
is v2.4.1. I have thus far been able to successfully configure the server
for smtp and imap support for my primary domain (we'll say
user@example.com who is a linux user with a home folder). I have been
even been able to configure postfix to have virtual mailboxes and aliases,
and from ssh I can can even see that the mail gets delivered to the
correct place. However, I am struggling to set up dovecot to authenticate
a virtual mailbox user (we'll say user@example.net who only has a
virtual mailbox).
[1]This documentation page describes the process to configure multiple
authentication databases. It describes being able to use multiple passdb
and userdb sections in order to authenticate dovecot users. Based upon
what it suggested, I tried this configuration:
## Snippet from /etc/dovecot/dovecot.conf ##
passdb passwd-file {
# So [2]example.net => /etc/dovecot/passwd/example.net
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
# Fall thru to PAM for unix users
passdb pam {
}
userdb passwd-file {
passwd_file_path = /etc/dovecot/passwd/%{user | domain}
}
# Fall thru to /etc/passwd for unix users
userdb passwd {
}
## Snippet from /etc/dovecot/passwd/example.net ##
[3]support@example.net:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support::This is the configuration I landed on that hypothetically checks multiple
databases for authentication that allows at least user@example.com to
still login with Thunderbird and do email stuff. However it does not
authenticate user@example.net. The biggest difference between my config
and the example is that they use a sql database while I am trying the
passwd-file database. In principle this seems like it should work,
unless I am understanding the dovecot docs or have made my passwd file
incorrectly. I even tried reversing the order of userdb and passdb
sections to see if it would help to no avail.
[4]This thread seems to address a similar issue, and more or less has the
same configuration setup suggested as the one in the snippet above. It's
also from 2006 so the API looks kinda different from the current docs.
[5]This thread is from 2013 addressing a similar issue, but despite again
different API it translates to more or less what the snippet above shows.
Here is the journalctl output from when I tried to login as
user@example.net:
# journalctl -xeu dovecot | tail
Dec 29 11:38:19 [6]example.com auth[4719]: pam_unix(dovecot:auth): check
pass; user unknown
Dec 29 11:38:19 [7]example.com auth[4719]: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
[8]ruser=user@example.net rhost=10.0.0.1
Dec 29 11:38:28 [9]example.com auth[4719]: pam_unix(dovecot:auth): check
pass; user unknown
Dec 29 11:38:28 [10]example.com auth[4719]: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot
[11]ruser=user@example.net rhost=10.0.0.1
Dec 29 11:41:19 [12]example.com dovecot[4700]: imap-login: Login
aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed):
user=<[13]user@example.net>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2,
TLS, session=<z8Tj3hlHkLxJMmuL>The last message referring to "Inactivity" is because at that point fail2ban blocked my IP, but before that it was consistent with results I have been getting. I'm at an absolute loss. I feel like I've trawled every doc I could find, every config file involved in the setup process, all the Stack Exchange answers that seem to exist. Honestly it baffles me to see that even what looks like the same setup as official documentation, it just doesn't... work? Can anybody point to me what is going wrong? Thanks for reading, ~ Ethan Merrill
References
Visible links
- This documentation page https://doc.dovecot.org/2.4.2/core/config/auth/mutltiple.html
- http://example.net/
- mailto:support@example.net
- This thread https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/VMXU2Q...
- This thread https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/YO3DFD...
- http://example.com/
- http://example.com/
- mailto:ruser=user@example.net
- http://example.com/
- http://example.com/
- mailto:ruser=user@example.net
- http://example.com/
- mailto:user@example.net