[Dovecot] Couldn't drop privileges
attempts to login result in:
dovecot: imap-login: Login: user=<lists@*munged*>, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, session=<cBjCqf/jdwAXGJaN> dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information.
Local (shell) user authentication works fine. It looks to me like the authentication is working based on the first line, so I don't think the issue is in the dovecot-sql.conf.ext
$ cat dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password=dovecot default_pass_scheme = MD5-CRYPT password_query = select password from mailbox where username ='%u' user_query = select maildir from mailbox where username = '%u'
# home is set in userdb static, kept for history #user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u' #user_query = select concat('/usr/local/virtual/', maildir), 'vpopmail' as uid, 'postfix' as gid, from mailbox where username = '%u'
#iterate_query = SELECT username AS user FROM users
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox NotJunk {
auto = subscribe
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u
driver = static
}
I have also tried:
userdb { args = uid=vpopmail gid=postfix driver = static }
sql users all have their mail in
/usr/local/virtual/lists@*munged*
$ ls -lsd /usr/local/virtual/lists\@*munged* 8 drwxr-xr-x 12 vpopmail postfix 512 Aug 14 21:40 /usr/local/virtual/lists\@*munged*
[New thread because the old one's original issue is solved]
-- BUGS: There is no conversion specification for the phase of the moon." strftime(3) man page
On 15 Aug 2013, at 11:29 , LuKreme <kremels@kreme.com> wrote:
attempts to login result in:
dovecot: imap-login: Login: user=<lists@*munged*>, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, session=<cBjCqf/jdwAXGJaN> dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information.
Turned on the debug and this is what I see:
Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): query: select password from mailbox where username ='lists@*munged*' Aug 15 13:16:45 auth: Debug: client passdb out: OK 1 user=lists@*munged* Aug 15 13:16:45 auth: Debug: master in: REQUEST 2891186177 77374 1 a2bde9e07ec4034dff654566596e062f session_pid=77375 Aug 15 13:16:45 auth-worker(77340): Debug: passwd(lists@*munged*,ip.xx.yy.zz): lookup Aug 15 13:16:45 auth-worker(77340): Info: passwd(lists@*munged*,ip.xx.yy.zz): unknown user Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): select maildir from mailbox where username = 'lists@*munged*' Aug 15 13:16:45 auth: Debug: master userdb out: USER 2891186177 lists@*munged* maildir=lists@*munged*/ auth_token=8016448b78ce6682d24f056ad695b2158bac7ee2 Aug 15 13:16:45 imap-login: Info: Login: user=<lists@*munged*>, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77375, TLS, session=<1hadUAHk7AAXGJaN> Aug 15 13:16:45 imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 15 13:16:45 imap(lists@*munged*): Error: Internal error occurred. Refer to server log for more information.
a successful userdb for a local user looks like this:
Aug 15 13:16:44 auth: Debug: client passdb out: OK 1 user=kremels Aug 15 13:16:44 auth: Debug: master in: REQUEST 3532521473 77365 1 4ebb0de2b83c3e2603bc3e3ffca59d73 session_pid=77370 Aug 15 13:16:44 auth-worker(77340): Debug: passwd(kremels,ip.xx.yy.zz): lookup Aug 15 13:16:44 auth: Debug: master userdb out: USER 3532521473 kremels system_groups_user=kremels uid=1004 gid=1004 home=/home/kremels auth_token=60c1bb537e93229108f3aeceff78bfad811f5b62 Aug 15 13:16:44 imap-login: Info: Login: user=<kremels>, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77370, TLS, session=<Pp6LUAHk6QAXGJaN> Aug 15 13:16:44 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=VLKQUAHk6gAXGJaN lip=75.148.117.91 rip=ip.xx.yy.zz lport=993 rport=55018 resp=<hidden>
What is not shown is the full path to the maildir, just the maildir value returned from the sql query. It really really looks like this should be working and like the
userdb { driver = static args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u }
block is just not having the desired effect.
I've been at this for the better part of two days now, and have read hundreds (if not thousands) of web pages. I don't know what I am missing.
-- Belief is one of the most powerful organic forces in the multiverse. It may not be able to move mountains, exactly. But it can create someone who can.
On 15 Aug 2013, at 13:26 , LuKreme <kremels@kreme.com> wrote:
What is not shown is the full path to the maildir, just the maildir value returned from the sql query. It really really looks like this should be working and like the
userdb { driver = static args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u }
block is just not having the desired effect.
Progress (I know you are all reading this with bated breath in eager anticipation of my next missive).
I changed the user_query to
select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
and got a new error, which I think reveals the source of the problem:
Error: user lists@*munged*: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup).
So, I set first_valid_uid = 89 and I get a NEW error.
Aug 15 13:34:05 auth: Debug: master userdb out: USER 4078043137 lists@*munged* uid=89 gid=125 concat('/usr/local/virtual/', maildir)=/usr/local/virtual/lists@*munged*/ auth_token=2cb95ca06efdab697854015a93d7c3b0001b417b Aug 15 13:34:05 imap-login: Info: Login: user=<lists@*munged*>, method=PLAIN, rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77996, TLS, session=<mhyXjgHkdAAXGJaN> Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Aug 15 13:34:05 imap(lists@*munged*): Error: Invalid user settings. Refer to server log for more information.
So, the uid and gid are now correct, the maildir path is correct, and it is STILL not happy.
-- Stupid men are often capable of things the clever would not dare to contemplate... --Feet of Clay
On 15.8.2013, at 22.38, LuKreme <kremels@kreme.com> wrote:
select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
concat('/usr/local/virtual/', maildir) as home from ..
Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
On 15 Aug 2013, at 13:38 , LuKreme <kremels@kreme.com> wrote:
select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
and it has stopped complaining.
However, when I login to any virtual account, there is no mail shown.
Any other debug flags I can turn on?
do I have to build home to match maildir? And if so, how?
-- If you must choose between two evils, pick the one you've never tried before.
On 15 Aug 2013, at 14:18 , LuKreme <kremels@kreme.com> wrote:
user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
user_query = select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) as home from mailbox where username = '%u'
doesn't complain either (thanks Timo, that makes more sense) but still having issues with blank mailboxes on the virtual users.
-- I don't have a solution but I admire the problem.
On 15 Aug 2013, at 14:28 , LuKreme <kremels@kreme.com> wrote:
but still having issues with blank mailboxes on the virtual users.
OK, I am having blank mailboxes because dovecot is adding Maildir to the home for the virtual users:
Debug: maildir++: root=/usr/local/virtual/lists@*munged*//Maildir,
The correct directory should be without the Maildir
(and yes, the double slash is there in the log)
/home/user/Maildir, otoh, is correct.
Should I simply mkdir a Maildir for every user and move everything into it?
-- They all have husbands and wives and children and houses and dogs, and you know, they've all made themselves a part of something and they can talk about what they do. What am I gonna say? "I killed the president of Paraguay with a fork. How've you been?"
On 15 Aug 2013, at 14:37 , LuKreme <kremels@kreme.com> wrote:
/home/user/Maildir, otoh, is correct.
Should I simply mkdir a Maildir for every user and move everything into it?
While that works, of course new mail uses the path from the sql database and puts mail into
/usr/local/virtual/user@example.com/new
-- "Alas, earwax."
participants (2)
-
LuKreme
-
Timo Sirainen