[Dovecot] Just trying to make dovecot work.
Hi,
I have to say that Dovecot is certainly the most challenging piece of software I've ever had the pleasure of setting up (due mainly to the reams of largely unhelpful documentation). After 36 almost non-stop hours reading and trying, I finally end up here. :-)
I really would appreciate your help - and many thanks in advance!
/var/log/dovecot.info.log (showing unsuccessful login)
Aug 04 21:32:36 auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth
Aug 04 21:32:36 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 04 21:32:36 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Aug 04 21:32:36 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libmech_gssapi.so
Aug 04 21:32:36 auth: Debug: passwd-file /usr/local/etc/dovecot.passdb:
Read 1 users
Aug 04 21:32:36 auth: Debug: auth client connected (pid=24769)
Aug 04 21:32:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap securedlip=::1 rip=::1 lport=143 rport=52551
resp=AHBldGVyAGZ1YXNpbjU0MTRz
Aug 04 21:32:41 auth: Debug: passwd-file(peter,::1): lookup: user=peter
file=/usr/local/etc/dovecot.passdb
Aug 04 21:32:41 auth: Debug: client out: OK 1 user=peter
Aug 04 21:32:41 auth: Debug: master in: REQUEST 1417805825 24769
1 44a3aec60ec6eaec6eff0efb99971eee
Aug 04 21:32:41 auth: Debug: master out: USER 1417805825 peter
Aug 04 21:32:41 imap-login: Info: Login: user=<peter>, method=PLAIN,
rip=::1, lip=::1, mpid=24772, secured
END
/var/log/dovecot.log (showing unsuccessful login)
Aug 04 21:32:41 IMAP(peter): Error: user peter: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 04 21:32:41 IMAP(peter): Error: Internal error occurred. Refer to server log for more information.
END
dovecot -n
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) ext4 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes disable_plaintext_auth = no first_valid_uid = 1000 info_log_path = /var/log/dovecot.info.log last_valid_uid = 5000 log_path = /var/log/dovecot.log login_trusted_networks = 127.0.0.1 mail_debug = yes mail_location = maildir:/var/mail/%u/Maildir mail_log_prefix = "%Us(%u): " passdb { args = /usr/local/etc/dovecot.passdb driver = passwd-file } protocols = imap ssl = no verbose_proctitle = yes
END
/usr/local/etc/dovecot.passdb
peter:{CRYPT}BrtgyyOEX33w6:1000:500:Peter Snow:/var/mail/peter::
END
cat /etc/passwd | grep peter
peter:x:1000:500::/home/peter:/sbin/nologin
END
Notes: 'peter' does not yet have a system password, since I'm testing this for users which will only be virtual users. I made the password for 'peter' in the dovecot.passdb using "doveadm pw -s crypt" although once I've got it working I'd like to change the encryption to something as strong as possible - any suggestions please?
Hope you can help and many thanks.
Kind regards,
Peter
On 05/08/2012 06:22, Peter Snow wrote:
Hi,
I have to say that Dovecot is certainly the most challenging piece of software I've ever had the pleasure of setting up (due mainly to the reams of largely unhelpful documentation). After 36 almost non-stop hours reading and trying, I finally end up here. :-)
I really would appreciate your help - and many thanks in advance!
Phew, haven't you set yourself up for a hostile response..?
It's only an opinion, but I would say that the Dovecot docs are rather helpful and thorough? Also dovecot ships with an almost working config out of the box, really you only need to adjust a couple of settings to achieve most setups.
OK, reading your log files, I think this is probably the clue?
/var/log/dovecot.log (showing unsuccessful login)
Aug 04 21:32:41 IMAP(peter): Error: user peter: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 04 21:32:41 IMAP(peter): Error: Internal error occurred. Refer to server log for more information.
I don't use that auth method so I don't want to give you a definitive suggestion, but we can certainly use google to get some ideas: http://lmgtfy.com/?q=dovecot+mail_uid+
Third link down seems to cover your question. Basically says you need to define the setting listed above, but also why.
Note, I think it's easy to level critique against dovecot auth, but if you look for a few moments longer you will see that you are probably just criticising flexibility. You can use a very wide array of database types to store your auth information and with that flexibility comes the requirement to actually define your specific choice.
Some people run a multi-tennanted system and like to be able to run each user under their own uid, hence that being flexible. Others want to use LDAP or a database to store auth info (I think you can even use both at the same time). It's even possible to use both at the same time I believe, or to lookup users in one db, and passwords in another.
Note, I don't know your requirements, but you might want to look at some kind of database for your user storage if you have more than a fairly simple installation? Either LDAP or sql is likely to give you more flexibility than a flat file pwdb, but I don't know your requirements, so just a thought
Finally note that there are literally dozens of "how to install dovecot" guides on the internet that will help you get a working setup with various auth db choices. Once you understand the big picture using one of those guides you will be able to customise things to a very specific situation
Good luck
Ed W
Well you can continue to kid yourselves that the documentation is good if you like. The facts say differently. For example, I visit http://wiki.dovecot.org/MainConfig for help with the main config and at the top of the page it tells me that this page is for version 1.x, so I click the link to view the page for 2.x, which takes me to a page saying that the page I want has yet to be created. I therefore have no option but to refer to the version 1.x documentation. I copy "mechanisms = plain" from it but when I restart dovecot, it fails, telling me that it is not recognized!
Finally note that there are literally dozens of "how to install dovecot" guides on the internet
I noticed that also and did indeed follow many of them. Many of them though are for version 1.x but don't say so. Other's just leave you hanging. I could and probably will carry on digging on Google and probably will find a bunch of erroneous documents among the good ones and will have no easy way to tell the difference, but one might expect the official website to have the right information to save me this hassle.
By the way, I've now got it running. It wasn't failing due to the user being used to run the processes. It was due to misconfiguration of the way that the virtual users were setup, which in the end I managed to fix by interrogating a server with a working implementation (albeit ver 1.x) which was similar to what I needed and copying parts of it's config.
Although mutt now connects to it fine, roundcube doesn't, but don't worry. I'm not planning to bother you further.
Kind regards,
Peter
On 08/05/2012 05:38 PM, Ed W wrote:
On 05/08/2012 06:22, Peter Snow wrote:
Hi,
I have to say that Dovecot is certainly the most challenging piece of software I've ever had the pleasure of setting up (due mainly to the reams of largely unhelpful documentation). After 36 almost non-stop hours reading and trying, I finally end up here. :-)
I really would appreciate your help - and many thanks in advance!
Phew, haven't you set yourself up for a hostile response..?
It's only an opinion, but I would say that the Dovecot docs are rather helpful and thorough? Also dovecot ships with an almost working config out of the box, really you only need to adjust a couple of settings to achieve most setups.
OK, reading your log files, I think this is probably the clue?
/var/log/dovecot.log (showing unsuccessful login)
Aug 04 21:32:41 IMAP(peter): Error: user peter: Couldn't drop privileges: User is missing UID (see mail_uid setting) Aug 04 21:32:41 IMAP(peter): Error: Internal error occurred. Refer to server log for more information.
I don't use that auth method so I don't want to give you a definitive suggestion, but we can certainly use google to get some ideas: http://lmgtfy.com/?q=dovecot+mail_uid+
Third link down seems to cover your question. Basically says you need to define the setting listed above, but also why.
Note, I think it's easy to level critique against dovecot auth, but if you look for a few moments longer you will see that you are probably just criticising flexibility. You can use a very wide array of database types to store your auth information and with that flexibility comes the requirement to actually define your specific choice.
Some people run a multi-tennanted system and like to be able to run each user under their own uid, hence that being flexible. Others want to use LDAP or a database to store auth info (I think you can even use both at the same time). It's even possible to use both at the same time I believe, or to lookup users in one db, and passwords in another.
Note, I don't know your requirements, but you might want to look at some kind of database for your user storage if you have more than a fairly simple installation? Either LDAP or sql is likely to give you more flexibility than a flat file pwdb, but I don't know your requirements, so just a thought
Finally note that there are literally dozens of "how to install dovecot" guides on the internet that will help you get a working setup with various auth db choices. Once you understand the big picture using one of those guides you will be able to customise things to a very specific situation
Good luck
Ed W
On 06/08/12 02:35, Peter Snow wrote:
Well you can continue to kid yourselves that the documentation is good if you like. The facts say differently.
It would be easier if you started at the correct wiki for the version you have:
http://wiki2.dovecot.org/FrontPage
I have always found the documentation superb. I think you must have standards to which most other can merely aspire.
Alex
On 06/08/2012 02:35, Peter Snow wrote:
Well you can continue to kid yourselves that the documentation is good if you like. The facts say differently. For example, I visit http://wiki.dovecot.org/MainConfig for help with the main config and at the top of the page it tells me that this page is for version 1.x, so I click the link to view the page for 2.x, which takes me to a page saying that the page I want has yet to be created. I therefore have no option but to refer to the version 1.x documentation. I copy "mechanisms = plain" from it
Google is *such* a useful tool.. http://lmgtfy.com/?q=dovecot+%22mechanisms+plain%22
but when I restart dovecot, it fails, telling me that it is not recognized!
No, probably it says something different. Please quote the error message, not your interpretation of the error message?
I noticed that also and did indeed follow many of them. Many of them though are for version 1.x but don't say so.
There are many useful differences between 1.x and 2.x, but its a gradual evolution, not a big change. As such the configuration changed a "large amount" between 1.x and 2.x, in that it's now stored in multiple files rather than a few big files, but for your concern such a change is relatively minor and the configuration options are largely the same.
By the way, I've now got it running. It wasn't failing due to the user being used to run the processes. It was due to misconfiguration of the way that the virtual users were setup, which in the end I managed to fix by interrogating a server with a working implementation (albeit ver 1.x) which was similar to what I needed and copying parts of it's config.
Please always post details of your problem and solution - us technical folks learn from people's mistakes, but it's not possible to learn and make things better without knowing what your problem and eventual solution were?
Additionally note that this is an opensource project and the documentation is written by people like yourself. Please consider clarifying whatever original document put you on the wrong track?
Although mutt now connects to it fine, roundcube doesn't, but don't worry. I'm not planning to bother you further.
Well, IMAP is just IMAP no matter which server you are using, so don't
treat this as some big black box that you can't open up and inspect.
IMAP is a plain text protocol and it shouldn't scare a technical person
to debug things. roundcube is also an extremely flexible beast and you
will need to get certain key settings correct before it connects
correctly, it likely also feels very "brittle" in that there aren't that
many settings to get right, but if any are wrong you will get major breakage
Good luck
Ed W
P.S. You came here with all guns blazing and seems like you are going to leave the same way? Why not try a more softly softly approach?
On Mon, Aug 6, 2012 at 3:48 PM, Ed W lists@wildgooses.com wrote:
P.S. You came here with all guns blazing and seems like you are going to leave the same way? Why not try a more softly softly approach?
Because the 'customer' has right to throw his weight around =). Especially after paying such a large amount of money for the product.....
On 06/08/2012 08:57, Oon-Ee Ng wrote:
P.S. You came here with all guns blazing and seems like you are going to leave the same way? Why not try a more softly softly approach? Because the 'customer' has right to throw his weight around =). Especially after paying such a large amount of money for the
On Mon, Aug 6, 2012 at 3:48 PM, Ed W lists@wildgooses.com wrote: product.....
Lets and avoid chasing folks away.
Ed
participants (4)
-
Alex Crow
-
Ed W
-
Oon-Ee Ng
-
Peter Snow