[Dovecot] dovecot is working, sort of
I have dovecot setup and authenticating away for local users, but when I try to add MySQL users from postfix admin, not only does that fail, but all authentication fails.
This configuration does not work:
doveconf -n
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
and I get the following errors for *ALL* attempts to connect, not just sql ones: mail dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=10591, input bytes=0 Aug 14 22:56:36 mail dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=10592, input bytes=0 mail dovecot: auth: Fatal: mysql: Missing value in connect string: password-dovecot mail dovecot: master: Error: service(auth): command startup failed, throttling for 60 secs mail dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 1 secs): user=<>, rip=67.176.106.217, lip=75.148.117.91, TLS, session=<U82VTPXjvQBDsGrZ>
This configuration works, but only for local users obviously:
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passed
}
The dovecot-sql.conf.ext file is: $ cat /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password-dovecot default_pass_scheme = CRYPT password_query = select password from mailbox where username ='%u' user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u;
#iterate_query = SELECT username AS user FROM users
Both to the password_query and user_query lines return the right results when I do them manually in MySQL.
The one thing I am very unsure of is the default_pass_scheme (the postfixdb is a postfixadmin db), but even if that were completely wrong, it seems like the local users should still be able to authenticate even if the MySQL ones cannot?
-- And east is east and west is west and if you take cranberries and stew them like applesauce they taste much more like prunes than rhubarb does.
On 08/15/2013 07:13 AM, LuKreme wrote:
I have dovecot setup and authenticating away for local users, but when I try to add MySQL users from postfix admin, not only does that fail, but all authentication fails.
<snip>
and I get the following errors for *ALL* attempts to connect, not just sql ones: <snip> mail dovecot: auth: Fatal: mysql: Missing value in connect string: password-dovecot mail dovecot: master: Error: service(auth): command startup failed, throttling for 60 secs <snip>
The dovecot-sql.conf.ext file is: $ cat /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password-dovecot
I see a typo there, and the error message is referring to it. Maybe try password=dovecot?
The reason that all authentications fail (also the non sql ones), is because the auth process (that handles all authentications) dies because of the typo.
Tom
On 15 Aug 2013, at 01:14 , Tom Hendrikx <tom@whyscream.net> wrote:
I see a typo there, and the error message is referring to it. Maybe try password=dovecot?
You'll never believe this, but I *just* saw this less than a minute ago and came over to my mail to post my 'doh' message.
Sigh.
I think I'll wait on my next stupid question until morning.
:)
-- This is our music from the bachelor's den, the sound of loneliness turned up to ten. A harsh soundtrack from a stagnant waterbed and it sounds just like this. This is the sound of someone losing the plot making out that they're OK when they're not. You're gonna like it, but not a lot. And the chorus goes like this...
On 15 Aug 2013, at 02:05 , LuKreme <kremels@kreme.com> wrote:
I think I'll wait on my next stupid question until morning.
Or not.
"Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting)"
These are all virtual users with a hid of 89. How do I tell dovecot that?
$ cat /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password=dovecot default_pass_scheme = MD5-CRYPT password_query = select password from mailbox where username ='%u' user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
$ doveconf -n
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386
auth_debug_passwords = yes
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox NotJunk {
auto = subscribe
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
-- '(...) And the Patrician has been ironical at me,' said Mr. Clete. 'I'm not having that again.'
On 08/15/2013 10:50 AM, LuKreme wrote:
"Error: user lists@*munged*: Couldn't drop privileges: User is missing UID (see mail_uid setting)"
These are all virtual users with a hid of 89. How do I tell dovecot that?
$ cat /etc/dovecot/dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=postfix user=dovecot password=dovecot default_pass_scheme = MD5-CRYPT password_query = select password from mailbox where username ='%u' user_query = select concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'
In my SQL configuration I have something like this:
user_query =
SELECT _home AS home, _uid AS uid, _gid AS gid
FROM virtual_mailboxes
WHERE _recipient='%u' AND _active=1
Using this I can give certain users a different UID/GID, should I want to. But if I'm not mistaken you can also statically configure the uid and gid. On page http://wiki2.dovecot.org/VirtualUsers, the last example says:
userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n }
I guess you should be able to adapt this to your SQL config.
-- Rob
On 15 Aug 2013, at 04:32 , Rob Sterenborg (lists) <lists@sterenborg.info> wrote:
userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n }
I guess you should be able to adapt this to your SQL config.
Him. I did put
userdb { driver = static args = uid=vpopmail gid=postfix }
into dovecot.conf, but that's made no difference
-- MY MOM IS NOT DATING JERRY SIENFELD Bart chalkboard Ep. AABF06
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 15 Aug 2013, LuKreme wrote:
Him. I did put
userdb { driver = static args = uid=vpopmail gid=postfix }
into dovecot.conf, but that's made no difference
er, what do you want to do? first you write:
userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql }
Now you add yet another userdb. If you want to get the user from SQL, the static userdb is never reached, see http://wiki2.dovecot.org/UserDatabase
There is default_fields, that should do it, e.g. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields = uid=vpopmail gid=postfix }
Or extent your SQL user_query to return static values for uid / gid.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUg3L3F3r2wJMiz2NAQKOnQf+P/S4MYExrDRWkODKkKaHQQWf2KNY6HNW rqut1SHF946TUBicOfyEtEeGjPTTq652hPtvtCs7b0mst5zN/M382vpU002CqMp8 tEXfhTwBeXKQsN4zaBLJL+6wN6UHd20pKr7npwuzrjgx0AudE9kMccVoJ6MtCtLE ejbQ9+UJyz4xWsMsMI8Hycef+xhjHAFDG6WqZMLcFZZ2xgWmaTlUKUKTZWSDPmCA wEuKOcjsnxmiUrhtcFWjgOqQwQkd76X9fztoU51PlS47wB7cQsl572wy4d02/wA+ 1c9pmuw0vUXzqe9XXklutixP0uMXFV9VdF6dRgKA/8Uof9hQ5y8Ytg== =fDw5 -----END PGP SIGNATURE-----
On 16 Aug 2013, at 00:51 , Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 15 Aug 2013, LuKreme wrote:
Him. I did put
userdb { driver = static args = uid=vpopmail gid=postfix }
into dovecot.conf, but that's made no difference
er, what do you want to do? first you write:
userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql }
Now you add yet another userdb. If you want to get the user from SQL, the static userdb is never reached, see http://wiki2.dovecot.org/UserDatabase
I have two kinds of accounts on the machine, local (shell) accounts in /home/ and virtual (MySQL) accounts in /usr/local/virtual. I tried to add the hid/gid args in the sql block, but the syntax was incorrect.
There is default_fields, that should do it, e.g. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields = uid=vpopmail gid=postfix }
I did not see anything about default_fields, so that is news to me. It seems better, structurally, to do this wo when I next gt int there to fix stuff, I will probably do that instead of...
Or extent your SQL user_query to return static values for uid / gid.
That is what I did, though I still have a problem with it all (see "Disagreement on where mail goes." thread).
-- 'What ho, b'zugda-hiara.' (Footnote: A killing insult in Dwarfish. It means 'Lawn ornament'.) --Wyrd Sisters
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 16 Aug 2013, LuKreme wrote:
I have two kinds of accounts on the machine, local (shell) accounts in /home/ and virtual (MySQL) accounts in /usr/local/virtual. I tried to add the hid/gid args in the sql block, but the syntax was incorrect.
There is default_fields, that should do it, e.g. userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql default_fields = uid=vpopmail gid=postfix }
I did not see anything about default_fields, so that is news to me. It seems better, structurally, to do this wo when I next gt int there to fix stuff, I will probably do that instead of...
http://wiki2.dovecot.org/UserDatabase?highlight=(default_fields)
Or extent your SQL user_query to return static values for uid / gid.
That is what I did, though I still have a problem with it all (see "Disagreement on where mail goes." thread).
With both mechanisms you can solve the mail_location problem as well, by defining mail= in default_fields or returing a field "mail". Actually, you can use both: use "default_fields = mail=/path/%u" for most SQL users and return the field "mail" with some content, in order to override even the that default.
The system users would then use the mail_location setting from the conf files.
BTW: Your users have a home directory and Dovecot knows about it? Use "home" with default_fields. It should differ from the mail location. http://wiki2.dovecot.org/VirtualUsers/Home Therefore, to use "%h/Maildir" is not a bad decision for virtual users, too.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUhHAVl3r2wJMiz2NAQKYEAgAmCLPax/Fk2pyckFVFF9CCh0cG1WESw5H dbEbgoRsCu/dC3BzUHYwAq3SKTGkpfl7ztiqzhzhdMYldaQYbFq6IreABB/URz15 7/wmBf46ouadREHZ7vElkOPEpxPCjg98np0SbkE+DBt83mgWFqkUACJVA3m6uVnN EpwKJnusIVIdx3Kef41pS8Qf1UpUjFKb1rvz9j3BhHlVKAODENrlZzt5ZU3liUMO W4uvM1NtG8SoUW+KQZNf9fdvnq0skEGAFP81bUZtgySZxSvyKeUXcBQUvL98ab9Q 7P6Gvz7R7gd2izPUgyex8xFNuFlsEM4SZ6qUMuKApgQsVJvqM0qduQ== =fkM0 -----END PGP SIGNATURE-----
participants (4)
-
LuKreme
-
Rob Sterenborg (lists)
-
Steffen Kaiser
-
Tom Hendrikx