I'm still trying to fix this problem. Hopefully someone can help.
I've upgraded dovecot to 2.3.3 # dovecot --version 2.3.3 (dcead646b)
That didn't help.
Next I switched 10-auth.conf to use a local password file (instead of LDAP)
======================================= # cache all authentication results for one hour auth_cache_size = 10M auth_cache_ttl = 1 hour auth_cache_negative_ttl = 1 hour
# only use plain username/password auth - OK since everything is over TLS auth_mechanisms = plain
passdb { driver = passwd-file args = scheme=ssha username_format=%n /usr/local/etc/dovecot/passwd }
userdb { driver = passwd-file args = username_format=%n /usr/local/etc/dovecot/passwd }
The /usr/local/etc/dovecot/passwd file is in the following format userA:{SSHA}hashhhhhhhhh:1000:1000::/home/userA
Authentication works, and mail gets delivered. But I'm still getting the same intermitted errors.
Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA))
Also tried disabling the cache in 10-auth.conf, at no avail.
I'm a bit at loss :(
Regards, J. de Meijer
Hi,
I'm getting errors with my IMAP setup. Basically, everything seems to work. Mail is delivered nicely from Postfix to Dovecot via LMTP. Dovecot does the authentication to LDAP (also for Postfix). Users are able to send mail via authenticated submission (Postfix) and login into IMAP and POP.
However, IMAP connections are dropped frequently with an "ERROR: Connection dropped by IMAP server.". After pressing reload on the webmail, or refreshing in the client might help for a short period. So it fails intermittently.
The errors in the maillog are below. It seems to be mixing up users kind of randomly. I think when multiple connections are made at the same time. Did a lot of searching, put couldn't find an answer to this problem. All I can find is related to LDA, which I'm not using.
Any help would be appreciated.
Errors from the log: Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009><recJguF2NMpUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Sep 28 00:03:26 mailserver dovecot: imap(userD)<12807><8T0iguF2NspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Sep 28 00:06:59 mailserver dovecot: imap(userD)<15661><UcfOjuF2OcpUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Sep 28 00:07:54 mailserver dovecot: imap(userA)<45614><NVkakuF2xO5UUoaT>: Fatal: setgid(1011(userA) from userdb lookup) failed with euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not permitted (This binary should probably be called with process group set to 1011(userA) instead of 1012(userD)) Sep 28 00:08:08 mailserver dovecot: imap(userF)<45055><AWjtkuF2J/ptSCYM>: Fatal: setgid(1033(userF) from userdb lookup) failed with euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not permitted (This binary should probably be called with process group set to 1033(userF) instead of 1012(userD)) Sep 28 00:08:08 mailserver dovecot: imap(userF)<46412><87ntkuF2JvptSCYM>: Fatal: setgid(1033(userF) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1033(userF) instead of 1011(userA)) Sep 28 00:08:08 mailserver dovecot: imap(userF)<44858><0nXzkuF2KfptSCYM>: Fatal: setgid(1033(userF) from userdb lookup) failed with euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not permitted (This binary should probably be called with process group set to 1033(userF) instead of 1012(userD)) Sep 28 00:08:14 mailserver dovecot: imap(userF)<36517><v/NHk+F2K/ptSCYM>: Fatal: setgid(1033(userF) from userdb lookup) failed with euid=1017(userC), gid=1017(userC), egid=1017(userC): Operation not permitted (This binary should probably be called with process group set to 1033(userF) instead of 1017(userC)) Sep 28 00:08:36 mailserver dovecot: imap(userF)<10531><wpKdlOF2MfptSCYM>: Fatal: setgid(1033(userF) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1033(userF) instead of 1011(userA))
# dovecot --version 2.3.2.1 (0719df592)
# 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.2 (7704de5e) # OS: FreeBSD 11.2-RELEASE amd64 # Hostname: mailserver auth_cache_size = 10 M auth_debug = yes imap_idle_notify_interval = 29 mins mail_debug = yes mail_fsync = never mail_location = maildir:~/Maildir mail_plugins = " fts fts_solr" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = create special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ recipient_delimiter = + sieve = file:~/sieve;active=~/.dovecot.sieve sieve_after = /usr/local/etc/dovecot/sieve-after.d sieve_before = /usr/local/etc/dovecot/sieve-before.d sieve_quota_max_storage = 50M } protocols = imap pop3 lmtp sieve service auth { client_limit = 1600 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { address = 127.0.0.1, ::1 } process_min_avail = 3 service_count = 1 } service imap { process_min_avail = 3 service_count = 256 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { address = 127.0.0.1, ::1 } service_count = 1 } ssl = required ssl_cert = </usr/local/etc/ssl/mail.example.com.dovecot.crt ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext driver = ldap } protocol lda { mail_fsync = optimized mail_plugins = " fts fts_solr sieve" } protocol imap { mail_max_userip_connections = 50 mail_plugins = " fts fts_solr imap_sieve" } protocol lmtp { lmtp_save_to_detail_mailbox = yes mail_fsync = optimized mail_plugins = " fts fts_solr quota sieve" postmaster_address = webmaster@example.com }
In /usr/local/etc/dovecot/dovecot-ldap.conf.ext: hosts = localhost dn = cn=reader,ou=Roles,dc=example,dc=com dnpass = secretpassword auth_bind = yes base = ou=People,dc=example,dc=com deref = never scope = subtree user_attrs = uid=uid,homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%n)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = SSHA
dovecot-ldap-user.conf.ext is the same as dovecot-ldap.conf.ext
# freebsd-version 11.2-RELEASE-p3
Everything is installed from ports.