[Dovecot] LMTP auth problem
hey all, im getting the following error:
Apr 14 14:29:44 lmtpdirector1 dovecot: auth: Error: passdb(scorpio,127.0.0.1): Auth client doesn't have permissions to do a PASS lookup: /var/run/dovecot/auth-userdb mode=0666, but not owned by UID 112(dovecot) Apr 14 14:29:44 lmtpdirector1 dovecot: lmtp(18298): Error: user scorpio: Auth PASS lookup failed
My config. Director servers running both imap and lmtp with a matching set of real servers accepting imap/lmtp. Imap is working fine, and has been working fine for a while. Im trying to add lmtp to the director, but i cant seem to get that working. We're passing passdb on to the real servers. How does this work with lmtp?
protocols = imap lmtp
protocol lmtp { auth_socket_path = director-userdb }
lmtp_proxy = yes
# passdb check on real servers passdb { driver = static args = proxy=y nopassword=y }
Cor
Of course the moment I post I seem to have figured it out..
service auth { unix_listener auth-userdb { mode = 0777 } }
Is this safe if your servers are secure?
Cor
Am 14.04.2012 um 18:24 schrieb Cor Bosman:
Apr 14 14:29:44 lmtpdirector1 dovecot: auth: Error: passdb(scorpio,127.0.0.1): Auth client doesn't have permissions to do a PASS lookup: /var/run/dovecot/auth-userdb mode=0666, but not owned by UID 112(dovecot) Apr 14 14:29:44 lmtpdirector1 dovecot: lmtp(18298): Error: user scorpio: Auth PASS lookup failed
I'd just try 'user = dovecot' rather than making it wide open because that's what the log basically says.
$ doveconf -d | grep 'unix_listener auth-userdb' -A 4
unix_listener auth-userdb {
group =
mode = 0666
user =
}
Regards Thomas
Apr 14 14:29:44 lmtpdirector1 dovecot: auth: Error: passdb(scorpio,127.0.0.1): Auth client doesn't have permissions to do a PASS lookup: /var/run/dovecot/auth-userdb mode=0666, but not owned by UID 112(dovecot) Apr 14 14:29:44 lmtpdirector1 dovecot: lmtp(18298): Error: user scorpio: Auth PASS lookup failed
I'd just try 'user = dovecot' rather than making it wide open because that's what the log basically says.
$ doveconf -d | grep 'unix_listener auth-userdb' -A 4 unix_listener auth-userdb { group = mode = 0666 user =
}
My config was the same as yours. That didnt work for me. But if I add
user = dovecot mode = 0666
That does work. Of course, the difference between 777 and 666 is minimal. I think 666 is handled as a special case in the code?
Cor
On 14.4.2012, at 20.21, Cor Bosman wrote:
My config was the same as yours. That didnt work for me. But if I add
user = dovecot mode = 0666
Hmm. Perhaps I should make this the default.
That does work. Of course, the difference between 777 and 666 is minimal. I think 666 is handled as a special case in the code?
Yes, it's handled specially. 0666 is now a safe default for multi-user systems, since it returns data for a user only if the calling process's UID matches the returned "uid". 0777 makes it truly world-accessible.
participants (3)
-
Cor Bosman
-
Thomas Leuxner
-
Timo Sirainen