I have a new Dovecot v2.2.9 installation and am having trouble getting virtual users recognized.
Also, the example configuration listed on the Wiki generates config errors.
Note that I haven't tried running dovecot yet, I wanted to verify that the config looked good first.
First, my configuration. I'm trying to use /etc/dovecot/users as my combined userdb and passdb file, with all users having a UID/GID of vmail, and a home directory of /local/mnt/home/<user>
$ sudo doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_verbose = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = mdbox:/local/mnt/mail/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%n /etc/dovecot/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = randy@qti.qualcomm.com protocols = " imap sieve pop3" ssl_cert =
Next, my /etc/dovecot/users file:
$ cat /etc/dovecot/users fred:x test:{SSHA}amehbJZYxKWuIbywINVNWxKcPrWi27a+ poptest2:x poptest3:x
If I ask dovecot what it knows about user 'test' it says the user doesn't exist:
$ sudo doveadm user test field valueuserdb lookup: user test doesn't exist
If I ask about a user in /etc/passwd, it finds it:
$ sudo doveadm user nobody field value uid 65534 gid 65534 home /nonexistent mail mdbox:/local/mnt/mail/nobody system_groups_user nobody
As an aside, when I copied the sample config entries from http://wiki2.dovecot.org/UserDatabase it got config errors:
userdb { driver = passwd-file args = username_format=%n /etc/dovecot/users
default_fields = uid=vmail gid=vmail override_fields =
skip = never
result_failure = continue result_internalfail = continue result_success = return-ok }
The 'skip', 'result_failure', etc. entries all generated config errors as being unknown. Since these were just explicitly setting config variables to their default values, I deleted them. It does seem odd that the config sample from the Wiki generated errors though.
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- The difference between stupidity and genius is that genius has its limits. --Albert Einstein
On 21 Nov 2014, at 09:44, Randall Gellens dovecot@randy.pensive.org wrote:
I have a new Dovecot v2.2.9 installation and am having trouble getting virtual users recognized.
I don't see anything obviously wrong in your config. Set auth_debug=yes and see what the logs say. Also while testing try also disabling pam+passwd before you get the passwd-file working, just in case that makes debugging easier.
As an aside, when I copied the sample config entries from http://wiki2.dovecot.org/UserDatabase it got config errors:
userdb { driver = passwd-file args = username_format=%n /etc/dovecot/users
default_fields = uid=vmail gid=vmail override_fields =
skip = never
result_failure = continue result_internalfail = continue result_success = return-ok }
The 'skip', 'result_failure', etc. entries all generated config errors as being unknown. Since these were just explicitly setting config variables to their default values, I deleted them. It does seem odd that the config sample from the Wiki generated errors though.
The wiki mentions also a bit below that they exist only in v2.2.10 and newer versions. I added now a comment line about that also.
I'm still having trouble getting users accepted by postfix + dovecot.
I have a few (<10) virtual users configured in a passwd-style file in /etc/dovecot/users. I can verify that dovecot sees those users and can authenticate them using 'doveadm' as well as IMAP.
I also have one system user configured via PAM. I can verify that dovecot sees this user and can authenticate using 'doveadm' as well as IMAP.
I configured the 'dovecot' service in /etc/postfix/master.cf and set /etc/postfix/main.cf to use it to deliver virtual mail, per the dovecot wiki. I also set the postfix local delivery command to dovecot-lda per the dovecot wiki.
I first tried telling postfix to not check local users by setting in /etc/postfix/main.cf:
local_recipient_maps =With this setup, mail is received and delivered for the system user, but mail to virtual users is bounced with 'unknown user':
postfix/local ... relay=local ... status=bounced (unknown user: "test")So then I tried to tell postfix that it had virtual users by configuring them in /etc/postfix/virtual_users and creating a hash using 'postmap' and then in /etc/postfix/main.cf setting
local_recipient_maps = proxy:unix:passwd.byname hash:/etc/postfix/virtual_users $alias_maps
This made no difference at all. Mail to virtual users still bounces with 'unknown user' while mail to the system user is delivered.
So then I set 'mydestination' to an empty string in /etc/postfix/main.cf and set 'virtual_mailbox_domains' to the string that had been in 'mydestination', and set 'mydestination' to an empty string.
With this setup, mail to virtual users is delivered, but mail to the system user bounces with 'unknown user':
dovecot: auth: passwd-file(randy): unknown user
dovecot: auth: passwd-file(randy@domain): unknown user
dovecot: auth-worker(12538): passwd(randy@domain): unknown user
postfix/pipe[12548]: ... to=<randy@domain>, relay=dovecot ... status=bounced (user unknown)
My dovecot config:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_verbose = yes first_valid_gid = 120 first_valid_uid = 112 log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = mdbox:/local/mnt/mail/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%n /etc/dovecot/passwd driver = passwd-file } passdb { args = username_format=%n driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = randy@domain protocols = " imap sieve pop3" ssl_cert =
My postfix config:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix dovecot_destination_recipient_limit = 1 local_recipient_maps = proxy:unix:passwd.byname hash:/etc/postfix/virtual_users $alias_maps mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER" mailbox_size_limit = 0 mydestination = myhostname = ocean.qualcomm.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 readme_directory = no recipient_delimiter = + relayhost = mailhost.qualcomm.com smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = domain, ocean, localhost virtual_transport = dovecot
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Attaccabottonai (ah-TAHKA-bo-TONE-eye; Italian; noun): a doleful bore who buttonholes people and tells sad, pointless tales.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 27 Nov 2014, Randall Gellens wrote:
I'm still having trouble getting users accepted by postfix + dovecot.
I suppose in your system + virtual user mix, you should use LMTP: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP So Dovecot handles the difference itself.
userdb { args = uid=vmail gid=vmail home=/local/mnt/home/%n driver = static } userdb { driver = passwd }
The static userdb does hide the passwd userdb, because it hits for all users. You should change the order.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHgiznz1H7kL/d9rAQLiYggAmpHjMckaMLks8kYcxZ0/WSAsamIwO5G9 VnlKVClnQuE7XDZXYYpXYp5aspfUMPy4sOO22tXkFFG5lcrm9B25t24xbEzhiuG0 TB35PbAMO5It69V5VjGrqZciSoB36Oys0/Zy+SXEUJRgPrruvyp/V7N5/ht1BzZ2 7ee+h7xTzLHaHBsQXJ6cHfXIrh3ljKyE8EbrV6xuIVf1fmGPAscVKjgcj9wCuawE 0qRMOCFLlUjd2STcCFF18s/IpWRx9jkEht4adnq2JFvRdk6GTCCVHnH5xl8X2jTf 7c3GbVHxjxrpQsqePxnK/bJznh0WcA5SYNV9kVfKtbMLK7ftdPxaQw== =C8Y0 -----END PGP SIGNATURE-----
Thanks very much; please see in-line for clarification questions.
At 8:22 AM +0100 11/28/14, Steffen Kaiser wrote:
On Thu, 27 Nov 2014, Randall Gellens wrote:
I'm still having trouble getting users accepted by postfix + dovecot.
I suppose in your system + virtual user mix, you should use LMTP: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP So Dovecot handles the difference itself.
I have postfix set to use dovecot-lda as the delivery agent, which I thought would make postfix let dovecot handle the differences. I also thought if I used LMTP then I can't also use dovecot-lda and Sieve. Can you help me understand?
userdb { args = uid=vmail gid=vmail home=/local/mnt/home/%n driver = static } userdb { driver = passwd }
The static userdb does hide the passwd userdb, because it hits for all users. You should change the order.
What I have in /etc/dovecot/conf.d/10-auth.conf is:
passdb { driver = passwd-file # args = scheme=SHA1 /etc/dovecot/passwd # args = username_format=%n /etc/dovecot/users args = username_format=%n /etc/dovecot/passwd }
userdb { driver = static args = uid=vmail gid=vmail home=/local/mnt/home/%n }
!include auth-system.conf.ext
What I have in /etc/dovecot/conf.d/auth-system.conf.ext is:
passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot args = username_format=%n }
userdb {
#
# Override fields from passwd #override_fields = home=/home/virtual/%u }
So, in /etc/dovecot/conf.d/10-auth.conf the passwd-file userdb is before the static one, yet 'doveconf -n' reports them the other way around. I think the system user is not in the system /etc/passwd file anyway, the sytem user is verified using PAM.
Sorry for being so confused.
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- Algol was a great improvement on most of its successors. --C.A.R Hoare
I'm still very confused, but I have finally gotten it to recognize all users. What changed from my previous message is that I deleted the static userdb, and added the system user to the /etc/dovecot/users file (but not to the passdb /etc/dovecot/passwd). Oddly, I had to set uid:gid and homedir for each entry in /etc/dovecot/users even though I have these set to default values ("default_fields = uid=vmail gid=vmail home=/local/mnt/home/%n").
I'm still confused about the static userdb, as well as if I need to configure in /etc/postfix/main.cf both the mailbox_command to use dovecot-lda and the virtual_transport = dovecot service.
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- (If you can't hear me, it's because I'm in parentheses)
One more piece of the puzzle: the explanatory comment text in /etc/dovecot/conf.d/auth-system.conf.ext:
# LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do # the user verification another way, you can add allow_all_users=yes to # the args in which case the passdb lookup is skipped.
This explains why the static userdb prevented the system user from being recognized, since it was in PAM not /etc/passwd.
-- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly selected tag: --------------- The first ninety percent of the task takes ninety percent of the time, and the last ten percent takes the other ninety percent.
participants (3)
-
Randall Gellens
-
Steffen Kaiser
-
Timo Sirainen