Problem with master password
Hi,
I have a problem using the master password feature of dovecot.
I'm able to login with the password but then dovecot can't select the INBOX.
IMAP test:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=SCRAM-SHA-1 AUTH=CRAM-MD5] ITronic Mail Store
a login user@itronic.at*admin password
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY QUOTA ACL RIGHTS=texk] Logged in
a list "" "%"
- LIST (\HasNoChildren) "/" INBOX
a OK List completed (0.003 + 0.000 + 0.003 secs).
a select INBOX
a NO [SERVERBUG] Internal error occurred. Refer to server log for more information. [2017-12-28 12:32:41] (0.001 + 0.000 secs).
The log with mail debuging doesn't tell me much:
2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap(user@itronic.at): Debug: INBOX: Mailbox opened because: SELECT 2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap(user@itronic.at): Debug: acl vfile: file /srv/storage1/vmail/itronic/6/mdbox/mailboxes/INBOX/dbox-Mails/dovecot-acl not found 2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap(user@itronic.at): Debug: acl vfile: file /srv/storage1/vmail/itronic/6/mdbox/mailboxes/dovecot-acl not found 2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap(user@itronic.at): Debug: Namespace : Using permissions from /srv/storage1/vmail/itronic/6/mdbox: mode=0700 gid=default 2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap(user@itronic.at): Error: Opening INBOX failed: Mailbox doesn't exist: INBOX
If I use the password of the user it works without problems, I also tested other users, they have the same problem.
dovecot -n
# 2.2.devel (5af0c9f): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (6c95b56) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.10 auth_cache_negative_ttl = 1 secs auth_cache_size = 10 M auth_cache_ttl = 1 secs auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN DIGEST-MD5 SCRAM-SHA-1 CRAM-MD5 APOP auth_verbose = yes default_client_limit = 600 default_vsz_limit = 512 M dict { lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlacl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 1001 first_valid_uid = 1001 hostname = mailstore1@itronic.at imap_hibernate_timeout = 1 mins imap_id_log = * imap_id_send = * imap_idle_notify_interval = 10 mins imap_logout_format = bytes=%i/%o instance_name = mailstore1 last_valid_gid = 1001 last_valid_uid = 1001 lda_original_recipient_header = X-LDA-Original-To lmtp_rcpt_check_quota = yes login_greeting = ITronic Mail Store login_trusted_networks = x.y.z.0/24 mail_attachment_dir = /srv/storage1/vmail_sis mail_attachment_hash = %{sha512} mail_attachment_min_size = 64 k mail_cache_min_mail_count = 5 mail_gid = vmail mail_location = mdbox:~/mdbox mail_plugins = zlib lazy_expunge stats acl quota mail_log notify mail_prefetch_count = 100 mail_server_admin = mailto:postmaster@itronic.at mail_server_comment = ITronic Mail System mail_shared_explicit_inbox = yes mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds mdbox_preallocate_space = yes namespace { hidden = yes list = no location = mdbox:~/mdbox:MAILBOXDIR=expunged:LISTINDEX=expunged.list.index prefix = "#EXPUNGED/" subscriptions = no type = private } namespace { list = children location = mdbox:%%h/mdbox prefix = "#Users/%%u/" separator = / subscriptions = yes type = shared } namespace inbox { hidden = no inbox = yes location = mailbox Archvie { special_use = \Archive } mailbox Drafts { special_use = \Drafts } mailbox Sent { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = proxy::sqlacl last_login_dict = proxy::lastlogin last_login_key = last-login/%u lazy_expunge = "#EXPUNGED/" lazy_expunge_only_last_instance = no mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create mail_log_fields = uid box msgid size flags vsize from subject quota = dict:User quota::proxy::sqlquota quota_grace = 10%% quota_rule = *:storage=1024M quota_rule2 = "#EXPUNGED:storage=+1024M" quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=80%% quota-warning 80 %u recipient_delimiter = + sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = file:/srv/storage1/vmail/%{userdb:accountToken}/ sieve_extensions = +vacation-seconds sieve_global = /etc/dovecot/sieve sieve_max_actions = 64 sieve_max_redirects = 8 sieve_max_script_size = 2M sieve_quota_max_scripts = 0 sieve_quota_max_storage = 64M sieve_vacation_default_period = 1d sieve_vacation_min_period = 1h stats_refresh = 30 secs stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } pop3_uidl_duplicates = rename protocols = imap lmtp sieve pop3 service auth-worker { user = $default_internal_user } service auth { inet_listener { port = 4180 } unix_listener auth-userdb { mode = 0666 } } service dict { unix_listener dict { group = vmail mode = 0666 } } service imap-hibernate { unix_listener imap-hibernate { group = vmail mode = 0666 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 1 service_count = 0 } service imap { process_limit = 1024 unix_listener imap-master { user = dovecot } unix_listener imap { group = vmail mode = 0666 } vsz_limit = 512 M } service lmtp { inet_listener lmtp { address = x.y.z.135 port = 24000 } unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } service managesieve { process_limit = 50 } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } process_min_avail = 20 service_count = 1 vsz_limit = 64 M } service pop3 { process_limit = 1024 } service quota-warning { executable = script /opt/scripts/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } shutdown_clients = no ssl_cert = </etc/dovecot/private/STAR.itronic.at.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_options = no_compression ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 submission_host = x.y.z.198 syslog_facility = local0 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } valid_chroot_dirs = /srv/storage1/vmail verbose_proctitle = yes protocol imap { mail_max_userip_connections = 30 mail_plugins = zlib lazy_expunge stats imap_stats quota imap_quota acl imap_acl last_login mail_log notify } protocol lda { mail_plugins = zlib lazy_expunge stats acl sieve quota mail_log notify } protocol lmtp { mail_plugins = zlib lazy_expunge stats acl sieve quota mail_log notify } protocol sieve { mail_max_userip_connections = 10 managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 } protocol pop3 { mail_max_userip_connections = 10 mail_plugins = zlib lazy_expunge stats acl last_login mail_log notify }
I would be happy for any debugging help.
thx
-- Harald Leithner
ITronic Wiedner Hauptstraße 120/5.1, 1050 Wien, Austria Tel: +43-1-545 0 604 Mobil: +43-699-123 78 4 78 Mail: leithner@itronic.at | itronic.at
On 28 Dec 2017, at 13.46, Harald Leithner <leithner@itronic.at> wrote:
} passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql }
the default behaviour for first passdb is:
result_success = return-ok, so the second passdb is skipped if authentication was successfull. I guess you return some user specific variables from the second passdb which makes INBOX unaccessible with master login as dovecot does not know mailbox location.
maybe you should add result_success = continue-ok to the first passdb so that second passdb is processed even if master authentication was a success.
Sami
Thx for the answer, you are right the userdb query sets the mailbox path but it didn't solve the problem.
logfile says that it tries to open the correct path...
bye
Harald
Am 28.12.2017 um 14:29 schrieb Sami Ketola:
On 28 Dec 2017, at 13.46, Harald Leithner <leithner@itronic.at> wrote:
} passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql }
the default behaviour for first passdb is:
result_success = return-ok, so the second passdb is skipped if authentication was successfull. I guess you return some user specific variables from the second passdb which makes INBOX unaccessible with master login as dovecot does not know mailbox location.
maybe you should add result_success = continue-ok to the first passdb so that second passdb is processed even if master authentication was a success.
Sami
-- Harald Leithner
ITronic Wiedner Hauptstraße 120/5.1, 1050 Wien, Austria Tel: +43-1-545 0 604 Mobil: +43-699-123 78 4 78 Mail: leithner@itronic.at | itronic.at
participants (2)
-
Harald Leithner
-
Sami Ketola