Imap-login bind errors after upgrading dovecot from 2.3 to 2.4
Greetings
I updated the OS in a VPS blindly and broke the mail service. I had set up this service over four years ago and never had issues with upgrades until recently. I realized the gravity of my mistake after dovecot refused to start. Version 2.4.1 had arrived and I am in so much trouble.
So far, I have adapted the configuraton files to 2.4 standards. "doveadm auth test user" tells me that the authentication is working fine. I am able to view old mails via doveadm. However, I get nothing new from mail clients. The maillog tells me that mails are getting queued (why?). I see status=sent (250.2.0.0) in some transactions, but that is the extent of success. However, I still get a nagging error message (see the end of this mail).
dovecot -n
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.17.11-300.fc43.x86_64 x86_64 Fedora release 43 (Forty Three)
dovecot_config_version = 2.4.1 auth_debug = yes auth_mechanisms = plain login dovecot_storage_version = 2.4.1 first_valid_uid = xxxx mail_driver = maildir mail_home = /home/mails/%{user | domain}/%{user | username} mail_path = %{home}/Maildir mail_privileged_group = mail passdb_default_password_scheme = BLF-CRYPT protocols { imap = yes lmtp = yes sieve = yes } sql_driver = pgsql ssl = required ssl_cipher_list = PROFILE=SYSTEM pgsql localhost { parameters { dbname = postfix password = xxxxxxx user = postfix } } passdb sql {n query = SELECT username AS user, password FROM mailbox WHERE username = '%{user}' AND active='1' } userdb sql { query = SELECT '/home/mails/' || maildir AS home, xxxx as uid, xxxx as gid FROM mailbox WHERE username = '%{user}' AND active = '1' } namespace inbox { inbox = yes mailbox Drafts { auto = create special_use = "\\Drafts" } mailbox Junk { auto = create special_use = "\\Junk" } mailbox Trash { auto = create special_use = "\\Trash" } mailbox Sent { auto = create special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service lmtp { executable = lmtp -L process_min_avail = 5 user = vmail unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_server { cert_file = /etc/letsencrypt/live/xxxxxxx.com/fullchain.pem dh_file = /etc/dovecot/dh.pem key_file = /etc/letsencrypt/live/xxxxxxx.com/privkey.pem prefer_ciphers = server } protocol lmtp { info_log_path = /var/log/lmtp/dovecot-lmtp.log mail_plugins { sieve = yes } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } protocol sieve { managesieve_implementation_string = Dovecot Pigeonhole } sieve_script personal { active_path = ~/.dovecot.sieve path = ~/sieve}
I did adjust an entry in postfix (master.cf). I switched from dovecot-lda to dovecot-lmtp. LDA was throwing permission errors when accessing the cert file. Most reference materials recommended LMTP because its processes already have the required privileges. So ...
master.cf (postfix)dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}#
maillog errors Dec 16 22:16:29 xxxxxxx.com dovecot[139456]: master: Error: bind(/run/dovecot/srv.imap-login/139456) failed: No such file or directory Dec 16 22:16:29 xxxxxxx.com dovecot[139456]: master: Fatal: Failed to create per-PID unix_listener %{pid}: net_listen_unix(/run/dovecot/srv.imap-login/139456) failed: No such file or directory Dec 16 22:16:29 xxxxxxx.com dovecot[809]: master: Error: service(imap-login): command startup failed, throttling for 2.000 secsDec 16 22:16:29 xxxxxxx.com dovecot[139216]: imap-login: Fatal: master: service(imap-login): child 139456 returned error 89 (Fatal failure) What am I missing?
Regards Onyeibo
Greetings
I updated the OS in a VPS blindly and broke the mail service. I had set up this service over four years ago and never had issues with upgrades until recently. I realized the gravity of my mistake after dovecot refused to start. Version 2.4.1 had arrived and I am in so much trouble.
So far, I have adapted the configuraton files to 2.4 standards. "doveadm auth test user" tells me that the authentication is working fine. I am able to view old mails via doveadm. However, I get nothing new from mail clients. The maillog tells me that mails are getting queued (why?). I see status=sent (250.2.0.0) in some transactions, but that is the extent of success. However, I still get a nagging error message (see the end of this mail).
dovecot -n
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.17.11-300.fc43.x86_64 x86_64 Fedora release 43 (Forty Three)
dovecot_config_version = 2.4.1 auth_debug = yes auth_mechanisms = plain login dovecot_storage_version = 2.4.1 first_valid_uid = xxxx mail_driver = maildir mail_home = /home/mails/%{user | domain}/%{user | username} mail_path = %{home}/Maildir mail_privileged_group = mail passdb_default_password_scheme = BLF-CRYPT protocols { imap = yes lmtp = yes sieve = yes } sql_driver = pgsql ssl = required ssl_cipher_list = PROFILE=SYSTEM pgsql localhost { parameters { dbname = postfix password = xxxxxxx user = postfix } } passdb sql {n query = SELECT username AS user, password FROM mailbox WHERE username = '%{user}' AND active='1' } userdb sql { query = SELECT '/home/mails/' || maildir AS home, xxxx as uid, xxxx as gid FROM mailbox WHERE username = '%{user}' AND active = '1' } namespace inbox { inbox = yes mailbox Drafts { auto = create special_use = "\\Drafts" } mailbox Junk { auto = create special_use = "\\Junk" } mailbox Trash { auto = create special_use = "\\Trash" } mailbox Sent { auto = create special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service lmtp { executable = lmtp -L process_min_avail = 5 user = vmail unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_server { cert_file = /etc/letsencrypt/live/xxxxxxx.com/fullchain.pem dh_file = /etc/dovecot/dh.pem key_file = /etc/letsencrypt/live/xxxxxxx.com/privkey.pem prefer_ciphers = server } protocol lmtp { info_log_path = /var/log/lmtp/dovecot-lmtp.log mail_plugins { sieve = yes } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } protocol sieve { managesieve_implementation_string = Dovecot Pigeonhole } sieve_script personal { active_path = ~/.dovecot.sieve path = ~/sieve } I did adjust an entry in postfix (master.cf). I switched from dovecot-lda to dovecot-lmtp. LDA was throwing permission errors when accessing the cert file. Most reference materials recommended LMTP because its processes already have the required privileges. So ...
master.cf (postfix) dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}# maillog errors Dec 16 22:16:29 [1]xxxxxxx.com dovecot[139456]: master: Error: bind(/run/dovecot/srv.imap-login/139456) failed: No such file or directory Dec 16 22:16:29 [2]xxxxxxx.com dovecot[139456]: master: Fatal: Failed to create per-PID unix_listener %{pid}: net_listen_unix(/run/dovecot/srv.imap-login/139456) failed: No such file or directory Dec 16 22:16:29 [3]xxxxxxx.com dovecot[809]: master: Error: service(imap-login): command startup failed, throttling for 2.000 secs Dec 16 22:16:29 [4]xxxxxxx.com dovecot[139216]: imap-login: Fatal: master: service(imap-login): child 139456 returned error 89 (Fatal failure) What am I missing?
Regards Onyeibo
References
Visible links
On 17/12/2025 11:43 EET onyeibo via dovecot <dovecot@dovecot.org> wrote:
Greetings
I updated the OS in a VPS blindly and broke the mail service. I had set up this service over four years ago and never had issues with upgrades until recently. I realized the gravity of my mistake after dovecot refused to start. Version 2.4.1 had arrived and I am in so much trouble.
This sounds like /run/dovecot does not exist, are you using systemd? If yes, are you overriding the entire unit file?
If you are not using systemd, ensure you create /run/dovecot with appropriate permissions, which i think should be 1777.
Aki
On Wednesday, 12/17/25 at 10:53 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
This sounds like /run/dovecot does not exist, are you using systemd? If yes, are you overriding the entire unit file?
/run/dovecot/srv.imap-login/ exists with the permissions in the bracket (drwx------). There is nothing inside the folder. I am not sure I understand the question.about systemd.
- Onyeibo
I have covered some mileage. Well, It is not yet delivering but I ihink I am close. If only I can figure out a few things like:
Dec 17 18:15:00 mail postfix/error[1551]: 157091F46D: to=<me@xxxxxxx.com>, relay=none, delay=84972883, delays=84972883/0.07/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
The above message is recurring ... a lot. Why are my mails getting deferred? Now when I reactivate dovecot-lda, the above message changes to a permission error, because LDA doesn't have the privileges to access certs. At the moment I have no entry for dovecot in /etc/postfix/master.cf (I read somewhere that it is not necessary while using lmtp). Yet somehow, dovecot appears to be absent for mail delivery.
What should I do?
dovecot -n
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.17.11-300.fc43.x86_64 x86_64 Fedora release 43 (Forty Three)
dovecot_config_version = 2.4.1 auth_debug = yes auth_mechanisms = plain login dovecot_storage_version = 2.4.1 first_valid_uid = xxxx mail_driver = maildir mail_home = /home/mails/%{user | domain}/%{user | username} mail_path = %{home}/Maildir mail_privileged_group = mail passdb_default_password_scheme = BLF-CRYPT protocols { imap = yes lmtp = yes sieve = yes } sql_driver = pgsql ssl = required ssl_cipher_list = PROFILE=SYSTEM pgsql localhost { parameters { dbname = postfix password = xxxxxxx user = postfix } } passdb sql {n query = SELECT username AS user, password FROM mailbox WHERE username = '%{user}' AND active='1' } userdb sql { query = SELECT '/home/mails/' || maildir AS home, xxxx as uid, xxxx as gid FROM mailbox WHERE username = '%{user}' AND active = '1' } namespace inbox { inbox = yes mailbox Drafts { auto = create special_use = "\\Drafts" } mailbox Junk { auto = create special_use = "\\Junk" } mailbox Trash { auto = create special_use = "\\Trash" } mailbox Sent { auto = create special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service lmtp { executable = lmtp -L process_min_avail = 5 user = vmail unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_server { cert_file = /etc/letsencrypt/live/xxxxxxx.com/fullchain.pem dh_file = /etc/dovecot/dh.pem key_file = /etc/letsencrypt/live/xxxxxxx.com/privkey.pem prefer_ciphers = server } protocol lmtp { info_log_path = /var/log/lmtp/dovecot-lmtp.log mail_plugins { sieve = yes } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } protocol sieve { managesieve_implementation_string = Dovecot Pigeonhole } sieve_script personal { active_path = ~/.dovecot.sieve path = ~/sieve}
Regards Onyeibo
This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
and put ssl_server certificate settings to that file, and finish by chmod 0600 /etc/dovecot/ssl.conf
Aki
On 17/12/2025 19:30 EET onyeibo via dovecot <dovecot@dovecot.org> wrote:
I have covered some mileage. Well, It is not yet delivering but I ihink I am close. If only I can figure out a few things like:
Dec 17 18:15:00 mail postfix/error[1551]: 157091F46D: to=<me@xxxxxxx.com>, relay=none, delay=84972883, delays=84972883/0.07/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
The above message is recurring ... a lot. Why are my mails getting deferred? Now when I reactivate dovecot-lda, the above message changes to a permission error, because LDA doesn't have the privileges to access certs. At the moment I have no entry for dovecot in /etc/postfix/master.cf (I read somewhere that it is not necessary while using lmtp). Yet somehow, dovecot appears to be absent for mail delivery.
What should I do?
dovecot -n
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.17.11-300.fc43.x86_64 x86_64 Fedora release 43 (Forty Three)
dovecot_config_version = 2.4.1 auth_debug = yes auth_mechanisms = plain login dovecot_storage_version = 2.4.1 first_valid_uid = xxxx mail_driver = maildir mail_home = /home/mails/%{user | domain}/%{user | username} mail_path = %{home}/Maildir mail_privileged_group = mail passdb_default_password_scheme = BLF-CRYPT protocols { imap = yes lmtp = yes sieve = yes } sql_driver = pgsql ssl = required ssl_cipher_list = PROFILE=SYSTEM pgsql localhost { parameters { dbname = postfix password = xxxxxxx user = postfix } } passdb sql {n query = SELECT username AS user, password FROM mailbox WHERE username = '%{user}' AND active='1' } userdb sql { query = SELECT '/home/mails/' || maildir AS home, xxxx as uid, xxxx as gid FROM mailbox WHERE username = '%{user}' AND active = '1' } namespace inbox { inbox = yes mailbox Drafts { auto = create special_use = "\\Drafts" } mailbox Junk { auto = create special_use = "\\Junk" } mailbox Trash { auto = create special_use = "\\Trash" } mailbox Sent { auto = create special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service lmtp { executable = lmtp -L process_min_avail = 5 user = vmail unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_server { cert_file = /etc/letsencrypt/live/xxxxxxx.com/fullchain.pem dh_file = /etc/dovecot/dh.pem key_file = /etc/letsencrypt/live/xxxxxxx.com/privkey.pem prefer_ciphers = server } protocol lmtp { info_log_path = /var/log/lmtp/dovecot-lmtp.log mail_plugins { sieve = yes } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } protocol sieve { managesieve_implementation_string = Dovecot Pigeonhole } sieve_script personal { active_path = ~/.dovecot.sieve path = ~/sieve}
Regards Onyeibo
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)?
-- Onyeibo
On 17/12/2025 20:22 EET onyeibo via dovecot <dovecot@dovecot.org> wrote:
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)?
-- Onyeibo
Hard to say without more infromation...
usually you setup lmtp like:
service lmtp { inet_listener lmtp { port = 24 } }
and put in postfix
virtual_transport = lmtp:inet:127.0.0.1:24
or
relay_transport = lmtp:inet:127.0.0.1:24
or you can unix socket, but i prefer tcp to keep them separate.
Aki
On 17/12/2025 18:22, onyeibo via dovecot wrote:
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try !try_include /etc/dovecot/ssl.conf I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)? In my postfix naster.cf I have: #local_transport = lmtp:[127.0.0.1]:24 local_transport = lmtp:unix:private/dovecot-lmtp
The first line, if uncommented, is how to configure postfix via loopback. The second line is how to configure it using a socket, which is what I use. It depends on how you configure dovecot-lmtp. As I am still on 2.3.x, I can't help you to configure that side of it.
Nick
On 17/12/2025 18:22, onyeibo via dovecot wrote:
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)?
In my postfix naster.cf I have: #local_transport = lmtp:[127.0.0.1]:24 local_transport = lmtp:unix:private/dovecot-lmtp
The first line, if uncommented, is how to configure postfix via loopback. The second line is how to configure it using a socket, which is what I use. It depends on how you configure dovecot-lmtp. As I am still on 2.3.x, I can't help you to configure that side of it.
Nick
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)?
-- Onyeibo
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
in my experience this is enough:
Enable LMTP :
protocols = imap lmtp
Create the LMTP Unix socket:
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { user = postfix group = postfix mode = 0600 } }
Enable required plugins for LMTP delivery:
protocol lmtp { postmaster_address = postmaster@domainname mail_plugins { quota = yes sieve = yes } }
Postfix configuration: main.cf
virtual users: virtual_transport = lmtp:unix:private/dovecot-lmtp
system users: mailbox_transport = lmtp:unix:private/dovecot-lmtp
Greetings
My Email Service is back!
I am particularly grateful for the contributions of Aki, Nick and n4ch0. They provided clarity. I am also noticing better performance with this new approach when compared to the old/previous approach (LDA).
It is amazing how the reputation of one's email server can drop within days of failed queries. I had to adjist Spamassassin's rules too.
Thanks a lot
Regards Onyeibo
Sent with Proton Mail secure email.
On Wednesday, December 17th, 2025 at 7:59 PM, n4ch0 via dovecot <dovecot@dovecot.org> wrote:
Thanks Aki,
I really appreciate your suggestions towards resolving the anomaly.
Aki wrote: This is unfortunate known issue, can at the moment I can recommend either using LMTP (which is greatly preferred over lda), or you can try
!try_include /etc/dovecot/ssl.conf
I have settled for the highly recommended LMTP already. It remains to pursue its setup to a logical conclusion. Do you have any idea what I omitted or misconfigured? What is preventing the handover from postfix to dovecot? Should I restore the entry for dovecot in /etc/postfix/master.cf (perhaps with an executable pointing to lmtp instead)?
-- Onyeibo
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
in my experience this is enough:
Enable LMTP :
protocols = imap lmtp
Create the LMTP Unix socket:
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { user = postfix group = postfix mode = 0600 } }
Enable required plugins for LMTP delivery:
protocol lmtp { postmaster_address = postmaster@domainname mail_plugins { quota = yes sieve = yes } }
Postfix configuration: main.cf
virtual users: virtual_transport = lmtp:unix:private/dovecot-lmtp
system users: mailbox_transport = lmtp:unix:private/dovecot-lmtp
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (4)
-
Aki Tuomi
-
n4ch0
-
Nick Howitt
-
onyeibo