Postfix user@domain splitting

newer
Difference btw. Dovecot Director...

Ricardo Branco

15 Jul 2014 15 Jul '14

1:01 a.m.

I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work. Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

Show replies by date

Nick Edwards

15 Jul 15 Jul

12:19 p.m.

you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...

I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work. Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

Ricardo Branco

2:12 p.m.

Attached files

Nick Edwards wrote, On 15/07/2014 10:19:

...

you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...
I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work. Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

Steffen Kaiser

3:18 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 15 Jul 2014, Ricardo Branco wrote:

...

Attached files

Nick Edwards wrote, On 15/07/2014 10:19:

...
you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...
I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work.

userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...

...
...
Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8UcInz1H7kL/d9rAQKXQAgAmu6NnZOqdQKEgKhk6q/CPtXza+dkUh7f 4Ms2tJFw2krwKNeZOvKGOsEeD7XyFDYpfZFDqEewjffqlABUUytIRPXzD3xFvzXV DuXTW1VseEP26ewR7odHN9J+WL1Unh52HnxFgM63Bo1IwYzF84K09VO3DxqobuF7 S8MqQYj6MPqB73IZUbVzRkCDBM0mv52Gx14LFmmPXbphgZFmtixkUy2CpPOT/l02 0aBSsJZqV/ySKcB2V5UNCj8GoGvwyH3Jh9RFeNIlUKYZYT9s534rfbKu7+T6645I 67daEtZjfAbBOi/foqh41kbSpSaHIMvF970EP/EozFgMBsnghQ+SLg== =6YKs -----END PGP SIGNATURE-----

Ricardo Branco

8:23 p.m.

That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Steffen Kaiser wrote, On 15/07/2014 13:18:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
Attached files

Nick Edwards wrote, On 15/07/2014 10:19:

...
you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...
I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work.

userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8UcInz1H7kL/d9rAQKXQAgAmu6NnZOqdQKEgKhk6q/CPtXza+dkUh7f 4Ms2tJFw2krwKNeZOvKGOsEeD7XyFDYpfZFDqEewjffqlABUUytIRPXzD3xFvzXV DuXTW1VseEP26ewR7odHN9J+WL1Unh52HnxFgM63Bo1IwYzF84K09VO3DxqobuF7 S8MqQYj6MPqB73IZUbVzRkCDBM0mv52Gx14LFmmPXbphgZFmtixkUy2CpPOT/l02 0aBSsJZqV/ySKcB2V5UNCj8GoGvwyH3Jh9RFeNIlUKYZYT9s534rfbKu7+T6645I 67daEtZjfAbBOi/foqh41kbSpSaHIMvF970EP/EozFgMBsnghQ+SLg== =6YKs -----END PGP SIGNATURE-----

Ricardo Branco

16 Jul 16 Jul

4:56 p.m.

Shows that auth is not honouring the %n i have. Does the username_format need to be only in the userdb section or also the passdb part?

http://pastie.org/9396504

Ricardo Branco wrote, On 15/07/2014 18:23:

...

That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Steffen Kaiser wrote, On 15/07/2014 13:18:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
Attached files

Nick Edwards wrote, On 15/07/2014 10:19:

...
you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...
I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work.

userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8UcInz1H7kL/d9rAQKXQAgAmu6NnZOqdQKEgKhk6q/CPtXza+dkUh7f 4Ms2tJFw2krwKNeZOvKGOsEeD7XyFDYpfZFDqEewjffqlABUUytIRPXzD3xFvzXV DuXTW1VseEP26ewR7odHN9J+WL1Unh52HnxFgM63Bo1IwYzF84K09VO3DxqobuF7 S8MqQYj6MPqB73IZUbVzRkCDBM0mv52Gx14LFmmPXbphgZFmtixkUy2CpPOT/l02 0aBSsJZqV/ySKcB2V5UNCj8GoGvwyH3Jh9RFeNIlUKYZYT9s534rfbKu7+T6645I 67daEtZjfAbBOi/foqh41kbSpSaHIMvF970EP/EozFgMBsnghQ+SLg== =6YKs -----END PGP SIGNATURE-----

Ricardo Branco

17 Jul 17 Jul

5:24 p.m.

Latest config

http://pastebin.com/XKNn6W24

Ricardo Branco wrote, On 16/07/2014 14:56:

...

Shows that auth is not honouring the %n i have. Does the username_format need to be only in the userdb section or also the passdb part?

http://pastie.org/9396504

Ricardo Branco wrote, On 15/07/2014 18:23:

...
That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Steffen Kaiser wrote, On 15/07/2014 13:18:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
Attached files

Nick Edwards wrote, On 15/07/2014 10:19:

...
you need to show doveconf -n and what you have in the master.conf for dovecot

On 7/15/14, Ricardo Branco ricardo@wenn.com wrote:

...
I have been trying looking though all the wiki documents to setup LMTP. It now seems to all be connected except that it keeps saying that the user is not recognised when postfix sends to LMTP, it sends the full recipent email address but seems that on the dovecot side it is unable to work with this. I have checked the userdb and made sure its using %n but alas it still does not work.

userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
Currently ive had to revert to using LDA as it works fine with that but i still dont know how as the postfix config variable $RECIPIENT is the full email address and does not seem to matter to LDA.

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8UcInz1H7kL/d9rAQKXQAgAmu6NnZOqdQKEgKhk6q/CPtXza+dkUh7f 4Ms2tJFw2krwKNeZOvKGOsEeD7XyFDYpfZFDqEewjffqlABUUytIRPXzD3xFvzXV DuXTW1VseEP26ewR7odHN9J+WL1Unh52HnxFgM63Bo1IwYzF84K09VO3DxqobuF7 S8MqQYj6MPqB73IZUbVzRkCDBM0mv52Gx14LFmmPXbphgZFmtixkUy2CpPOT/l02 0aBSsJZqV/ySKcB2V5UNCj8GoGvwyH3Jh9RFeNIlUKYZYT9s534rfbKu7+T6645I 67daEtZjfAbBOi/foqh41kbSpSaHIMvF970EP/EozFgMBsnghQ+SLg== =6YKs -----END PGP SIGNATURE-----

Steffen

11:36 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Ricardo Branco wrote:

...

Latest config

http://pastebin.com/XKNn6W24

Ricardo Branco wrote, On 16/07/2014 14:56:

...
Shows that auth is not honouring the %n i have. Does the username_format need to be only in the userdb section or also the passdb part?

http://pastie.org/9396504

Ricardo Branco wrote, On 15/07/2014 18:23:

...
That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Hi Ricardo,

I seem to miss something: You are talking about LMTP and LDA, then present a log of an IMAP login attempt. Neither LDA not LMTP should need any authentification, where should the password come from? And yes, for auth you will need %n in passdb, too. username_format is not documented for passdb { driver = pam}, but you could try.

Could you post a log of a LMTP delivery, when %n is in effect _and_ you are sure have reloaded Dovecot?

...

...
...
Steffen Kaiser wrote, On 15/07/2014 13:18: On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
...
...
...
...
Attached files

Nick Edwards wrote, On 15/07/2014 10:19: > you need to show doveconf -n and what you have in the > master.conf for dovecot > > On 7/15/14, Ricardo Branco ricardo@wenn.com wrote: >> I have been trying looking though all the wiki >> documents to setup LMTP. It now seems to all be >> connected except that it keeps saying that the user >> is not recognised when postfix sends to LMTP, it >> sends the full recipent email address but seems that >> on the dovecot side it is unable to work with this. I >> have checked the userdb and made sure its using %n >> but alas it still does not work.

userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
...
...
>> Currently ive had to revert to using LDA as it works >> fine with that but i still dont know how as the >> postfix config variable $RECIPIENT is the full email >> address and does not seem to matter to LDA. >>

-- Steffen Kaiser

Steffen Kaiser

Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEVAwUBU8gz2HD1/YhP6VMHAQL4GAf/XSv7IGGacR1R/KOWP+DjBiqtiIT33Niw DfZjRykZGYn1S2wb0S0UT9bvp0mxYABxSPuwEHOkAu56qtIJz/l37eneNE/mtyag 2ZxnWa6cJsEngKgkGA9+2OnKKZEeU5fI3RhN6VRDjCxwV0DnI9fpf/vvYli1s3GK LMeZq3cDVzZ+L23B2hBmWAOd1C9JU2mVRAchBF83TiEn+n7vAYGPGD9enFMphVBx PjF24YRquVYMW3Dv+bSrPRgAFo/WCoZ7Lur7kZ6f3jaO6irUw7yMYvu8GdWi8AFB y5CGOUBhCdsgEuZB4i2n1u+otgK+VhnF9+dLWSM5QB8uRTs+WRi5/w== =Gpq3 -----END PGP SIGNATURE-----

Ricardo Branco

18 Jul 18 Jul

12:10 a.m.

We have been using LDA in the past with our old Sendmail system, on our new mail server we were proposing to use LMTP with Postfix. LMTP does not work at all, it just keeps saying that the user is not recognised, LDA on the otherhand does work. I am unable to login via IMAP/POP using the full email address of the user even after the settings below are set. I have set auth_username_format=%n, also put username_format=%n in the userdb, even tried it in PAM but that just breaks it all. I just cant seem to make it all work, if i just use the username then its all fine but that does not resolve where i am planning to do.

On 17/07/2014 21:36, Steffen wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Ricardo Branco wrote:

...
Latest config

http://pastebin.com/XKNn6W24

Ricardo Branco wrote, On 16/07/2014 14:56:

...
Shows that auth is not honouring the %n i have. Does the username_format need to be only in the userdb section or also the passdb part?

http://pastie.org/9396504

Ricardo Branco wrote, On 15/07/2014 18:23:

...
That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Hi Ricardo,

I seem to miss something: You are talking about LMTP and LDA, then present a log of an IMAP login attempt. Neither LDA not LMTP should need any authentification, where should the password come from? And yes, for auth you will need %n in passdb, too. username_format is not documented for passdb { driver = pam}, but you could try.

Could you post a log of a LMTP delivery, when %n is in effect _and_ you are sure have reloaded Dovecot?

...
...
...
Steffen Kaiser wrote, On 15/07/2014 13:18: On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
...
...
...
> Attached files > > Nick Edwards wrote, On 15/07/2014 10:19: >> you need to show doveconf -n and what you have in the >> master.conf for dovecot >> >> On 7/15/14, Ricardo Branco ricardo@wenn.com wrote: >>> I have been trying looking though all the wiki >>> documents to setup LMTP. It now seems to all be >>> connected except that it keeps saying that the user >>> is not recognised when postfix sends to LMTP, it >>> sends the full recipent email address but seems that >>> on the dovecot side it is unable to work with this. I >>> have checked the userdb and made sure its using %n >>> but alas it still does not work. userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
...
>>> Currently ive had to revert to using LDA as it works >>> fine with that but i still dont know how as the >>> postfix config variable $RECIPIENT is the full email >>> address and does not seem to matter to LDA. >>> > -- Steffen Kaiser

Steffen Kaiser

H Bonn-Rhein-Sieg | e-mail: Steffen.Kaiser@H-BRS.DE FB Informatik | Grantham-Allee 20 | phone : +49 2241/865-203 53757 Sankt Augustin | Germany - Deutschland | fax : +49 2241/865-8203

Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEVAwUBU8gz2HD1/YhP6VMHAQL4GAf/XSv7IGGacR1R/KOWP+DjBiqtiIT33Niw DfZjRykZGYn1S2wb0S0UT9bvp0mxYABxSPuwEHOkAu56qtIJz/l37eneNE/mtyag 2ZxnWa6cJsEngKgkGA9+2OnKKZEeU5fI3RhN6VRDjCxwV0DnI9fpf/vvYli1s3GK LMeZq3cDVzZ+L23B2hBmWAOd1C9JU2mVRAchBF83TiEn+n7vAYGPGD9enFMphVBx PjF24YRquVYMW3Dv+bSrPRgAFo/WCoZ7Lur7kZ6f3jaO6irUw7yMYvu8GdWi8AFB y5CGOUBhCdsgEuZB4i2n1u+otgK+VhnF9+dLWSM5QB8uRTs+WRi5/w== =Gpq3 -----END PGP SIGNATURE-----

Ricardo Branco

12:20 a.m.

New subject: user@domain splitting not working

Also just to note that Postfix is not the problem here, that has now been ruled out

Ive been trying the LMTP protocol directly and still confirm the problem.. 220 localhost I am ready. LHLO wenn.com 250-localhost 250-8BITMIME 250-ENHANCEDSTATUSCODES 250 PIPELINING mail from:it@wenn.com 250 2.1.0 OK rcpt to:it@wenn.com 550 5.1.1 it@wenn.com User doesn't exist: it@wenn.com quit 221 2.0.0 OK

All I get in the LMTP log is.. Jul 17 22:13:57 lmtp(23016): Info: Connect from 127.0.0.1 Jul 17 22:14:16 lmtp(23016): Info: Disconnect from 127.0.0.1: Successful quit

The Auth log.. Jul 17 22:19:47 auth: Debug: master in: USER 1 it@wenn.com
service=lmtp lip=127.0.0.1 lport=24 rip=127.0.0.1 rport=41872 Jul 17 22:19:47 auth: Debug: userdb out: NOTFOUND 1

On 17/07/2014 22:10, Ricardo Branco wrote:

...

We have been using LDA in the past with our old Sendmail system, on our new mail server we were proposing to use LMTP with Postfix. LMTP does not work at all, it just keeps saying that the user is not recognised, LDA on the otherhand does work. I am unable to login via IMAP/POP using the full email address of the user even after the settings below are set. I have set auth_username_format=%n, also put username_format=%n in the userdb, even tried it in PAM but that just breaks it all. I just cant seem to make it all work, if i just use the username then its all fine but that does not resolve where i am planning to do.

On 17/07/2014 21:36, Steffen wrote:

...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Ricardo Branco wrote:

...
Latest config

http://pastebin.com/XKNn6W24

Ricardo Branco wrote, On 16/07/2014 14:56:

...
Shows that auth is not honouring the %n i have. Does the username_format need to be only in the userdb section or also the passdb part?

http://pastie.org/9396504

Ricardo Branco wrote, On 15/07/2014 18:23:

...
That was done for testing to see if it made any difference when I moved to LDA, in LDA mode it seems to not care if that is %n or %u, it always takes the first part of the email address which is weird. Ive just tested again to confirm on %n and its not working so ive reverted again back to LDA which does. Seems to not matter how that variable is set it does not do anything.

When using %n ive tried to see if I can login via IMAP with the whole username but again no, this is the error, note the difference between the 'user' field on each line.

Jul 15 18:22:17 imap-login: Info: Login: user=, method=PLAIN, rip=10.0.0.180, lip=10.100.0.198, mpid=9493, session= Jul 15 18:22:20 imap-login: Info: Disconnected: Shutting down (auth failed, 4 attempts in 37 secs): user=mark.whittaker@Wenn.com, method=PLAIN, rip=10.0.0.3, lip=10.100.0.198, TLS, session=

Hi Ricardo,

I seem to miss something: You are talking about LMTP and LDA, then present a log of an IMAP login attempt. Neither LDA not LMTP should need any authentification, where should the password come from? And yes, for auth you will need %n in passdb, too. username_format is not documented for passdb { driver = pam}, but you could try.

Could you post a log of a LMTP delivery, when %n is in effect _and_ you are sure have reloaded Dovecot?

...
...
...
Steffen Kaiser wrote, On 15/07/2014 13:18: On Tue, 15 Jul 2014, Ricardo Branco wrote:

...
...
...
>> Attached files >> >> Nick Edwards wrote, On 15/07/2014 10:19: >>> you need to show doveconf -n and what you have in the >>> master.conf for dovecot >>> >>> On 7/15/14, Ricardo Branco ricardo@wenn.com wrote: >>>> I have been trying looking though all the wiki >>>> documents to setup LMTP. It now seems to all be >>>> connected except that it keeps saying that the user >>>> is not recognised when postfix sends to LMTP, it >>>> sends the full recipent email address but seems that >>>> on the dovecot side it is unable to work with this. I >>>> have checked the userdb and made sure its using %n >>>> but alas it still does not work. userdb { args = username_format=%u /etc/passwd driver = passwd-file name = passwd-file }

In opposite to your sentence I see a %u there.

...
...
...
>>>> Currently ive had to revert to using LDA as it works >>>> fine with that but i still dont know how as the >>>> postfix config variable $RECIPIENT is the full email >>>> address and does not seem to matter to LDA. >>>> >> -- Steffen Kaiser

Steffen Kaiser

H Bonn-Rhein-Sieg | e-mail: Steffen.Kaiser@H-BRS.DE FB Informatik | Grantham-Allee 20 | phone : +49 2241/865-203 53757 Sankt Augustin | Germany - Deutschland | fax : +49 2241/865-8203

-- Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEVAwUBU8gz2HD1/YhP6VMHAQL4GAf/XSv7IGGacR1R/KOWP+DjBiqtiIT33Niw DfZjRykZGYn1S2wb0S0UT9bvp0mxYABxSPuwEHOkAu56qtIJz/l37eneNE/mtyag 2ZxnWa6cJsEngKgkGA9+2OnKKZEeU5fI3RhN6VRDjCxwV0DnI9fpf/vvYli1s3GK LMeZq3cDVzZ+L23B2hBmWAOd1C9JU2mVRAchBF83TiEn+n7vAYGPGD9enFMphVBx PjF24YRquVYMW3Dv+bSrPRgAFo/WCoZ7Lur7kZ6f3jaO6irUw7yMYvu8GdWi8AFB y5CGOUBhCdsgEuZB4i2n1u+otgK+VhnF9+dLWSM5QB8uRTs+WRi5/w== =Gpq3 -----END PGP SIGNATURE-----

Steffen Kaiser

10:31 a.m.

New subject: user@domain splitting not working

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Thu, 17 Jul 2014, Ricardo Branco wrote:

...

Also just to note that Postfix is not the problem here, that has now been ruled out

I compiled to current hg version of Dovecot:

changeset: 17627:fd0616d553b0 tag: tip user: Timo Sirainen tss@iki.fi date: Fri Jul 11 16:49:35 2014 +0300 summary: mailbox_list_index=yes: Don't update INBOX's STATUS information to index.

I created a new user

adduser --gecos 'DV test' --disabled-password dvtest

I have setup a Dovecot config with: http://pastebin.com/XKNn6W24

Because sieve did not compile, I removed sieve from your config.

Then I added "@" to auth_username_chars, because of this error:

Info: userdb(?): Username character disallowed by auth_username_chars: 0x40 (username: dvtest@example.com)

Then I ran:

(echo LHLO loc; echo 'mail from:skdovecot@example.net'; echo 'rcpt to:dvtest@example.com'; echo data; sleep 1; echo "To: dvtest@example.com From: ska@mail.inf.h-brs.de Subject: Test

Test .")|socat - UNIX:/var/spool/postfix/private/dovecot-lmtp

250-8BITMIME 250-ENHANCEDSTATUSCODES 250 PIPELINING 250 2.1.0 OK 250 2.1.5 OK 354 OK 250 2.0.0 dvtest@example.com GjcYKafIyFPPdwAAbZ2bpg Saved

==============================

Enabled password for user

# passwd dvtest

Connect to IMAP

# telnet localhost 143

OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL SPECIAL-USE STARTTLS AUTH=PLAIN AUTH=LOGIN] I am ready. 1 login dvtest@example.com pwd

Jul 18 09:20:12 auth-worker(31129): Error: passwd-file /etc/passwd: User root has invalid UID '0' Jul 18 09:20:12 auth-worker(31129): Debug: passwd-file /etc/passwd: Read 41 users in 0 secs Jul 18 09:20:12 auth-worker(31129): Debug: pam(dvtest,127.0.0.1): lookup service=dovecot Jul 18 09:20:12 auth-worker(31129): Debug: pam(dvtest,127.0.0.1): #1/1 style=1 msg=Password: Jul 18 09:20:12 auth: Debug: client passdb out: OK 1 user=dvtest original_user=dvtest@example.com Jul 18 09:20:12 auth: Debug: master in: REQUEST 3026321409 31071 1 1fd6a55253e45ae1eda745081b58bccc session_pid=31130 request_auth_token Jul 18 09:20:12 auth: Debug: passwd-file(dvtest,127.0.0.1,): lookup: user=dvtest file=/etc/passwd Jul 18 09:20:12 auth: Debug: master userdb out: USER 3026321409 dvtest uid=1000 gid=30007 home=/home/dvtest auth_token=df55b42a58c6f34fac16dc677e8f5c5b518a3bbc auth_user=dvtest@example.com Jul 18 09:20:12 imap-login: Info: Login: user=<dvtest>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=31130, secured, session= Jul 18 09:20:13 imap(dvtest): Error: net_connect_unix(/tmp/dovecot/imap-postlogin) failed: Connection refused

Although the login did not succeed completely, I do assume that the last error means that original_user=dvtest@example.com had been authentificated as user=dvtest via PAM successfully as master userdb out has all relevant information.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8jNUHz1H7kL/d9rAQKcsQf/bTKmToYgZ7/2Yie1Kg0+IsggZMAumEMP 3Jkraj3OkESmXG7xzQK27PDjtB1ipzyDTgVWvzV7u2HMsY5hM68gph/q3TrBfh5O p0N+jCFHUACNQGnPi8yXrt1spVyMovfUmk/rHaWqr87HDSndnR/bsWh1yVoyDUXg 7ZZ+DcDbb8E3lb12eeuZwAnupk5w064h4lLHiGvL0gurbxlCMmaiRPh7NuuaY7YS aqR/o+P4DwU0XS1FCkV59djEkT6K7JyDV3oYdIGn0dEH3m4Lf4gM/wmmncg7QLok qE0kikY9DbOl61mwGV6BE5OI4iM01giMiFsoQpNFLHbi/808lYOGnQ== =4xeB -----END PGP SIGNATURE-----

Ricardo Branco

12:44 p.m.

New subject: user@domain splitting not working

Thanks, your test has cracked the problem.

You noticed that there was no @ added to the auth_username_chars. Bit of a wild goose chase as I would have thought that as the username had an @ but was not specified in the auth_username_chars it would not even go as far as authdb or passdb checks. The one log I did not check was my standard log file for the error that was noticed by you, I was looking at the debug logs and that message was not posted out to there.

Personally and I dont know if its possible to get a fix inplace is that if the username has an invalid character it quits far earlier before getting though to authdb.

Steffen Kaiser wrote, On 18/07/2014 08:31:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Thu, 17 Jul 2014, Ricardo Branco wrote:

...
Also just to note that Postfix is not the problem here, that has now been ruled out

I compiled to current hg version of Dovecot:

changeset: 17627:fd0616d553b0 tag: tip user: Timo Sirainen tss@iki.fi date: Fri Jul 11 16:49:35 2014 +0300 summary: mailbox_list_index=yes: Don't update INBOX's STATUS information to index.

I created a new user

adduser --gecos 'DV test' --disabled-password dvtest

I have setup a Dovecot config with: http://pastebin.com/XKNn6W24

Because sieve did not compile, I removed sieve from your config.

Then I added "@" to auth_username_chars, because of this error:

Info: userdb(?): Username character disallowed by auth_username_chars: 0x40 (username: dvtest@example.com)

Then I ran:

(echo LHLO loc; echo 'mail from:skdovecot@example.net'; echo 'rcpt to:dvtest@example.com'; echo data; sleep 1; echo "To: dvtest@example.com From: ska@mail.inf.h-brs.de Subject: Test

Test .")|socat - UNIX:/var/spool/postfix/private/dovecot-lmtp

250-8BITMIME 250-ENHANCEDSTATUSCODES 250 PIPELINING 250 2.1.0 OK 250 2.1.5 OK 354 OK 250 2.0.0 dvtest@example.com GjcYKafIyFPPdwAAbZ2bpg Saved

==============================

Enabled password for user

# passwd dvtest

Connect to IMAP

# telnet localhost 143

OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL SPECIAL-USE STARTTLS AUTH=PLAIN AUTH=LOGIN] I am ready. 1 login dvtest@example.com pwd

Jul 18 09:20:12 auth-worker(31129): Error: passwd-file /etc/passwd: User root has invalid UID '0' Jul 18 09:20:12 auth-worker(31129): Debug: passwd-file /etc/passwd: Read 41 users in 0 secs Jul 18 09:20:12 auth-worker(31129): Debug: pam(dvtest,127.0.0.1): lookup service=dovecot Jul 18 09:20:12 auth-worker(31129): Debug: pam(dvtest,127.0.0.1): #1/1 style=1 msg=Password: Jul 18 09:20:12 auth: Debug: client passdb out: OK 1 user=dvtest original_user=dvtest@example.com Jul 18 09:20:12 auth: Debug: master in: REQUEST 3026321409 31071 1 1fd6a55253e45ae1eda745081b58bccc session_pid=31130 request_auth_token Jul 18 09:20:12 auth: Debug: passwd-file(dvtest,127.0.0.1,): lookup: user=dvtest file=/etc/passwd Jul 18 09:20:12 auth: Debug: master userdb out: USER 3026321409 dvtest uid=1000 gid=30007 home=/home/dvtest auth_token=df55b42a58c6f34fac16dc677e8f5c5b518a3bbc auth_user=dvtest@example.com Jul 18 09:20:12 imap-login: Info: Login: user=<dvtest>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=31130, secured, session= Jul 18 09:20:13 imap(dvtest): Error: net_connect_unix(/tmp/dovecot/imap-postlogin) failed: Connection refused

Although the login did not succeed completely, I do assume that the last error means that original_user=dvtest@example.com had been authentificated as user=dvtest via PAM successfully as master userdb out has all relevant information.

-- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU8jNUHz1H7kL/d9rAQKcsQf/bTKmToYgZ7/2Yie1Kg0+IsggZMAumEMP 3Jkraj3OkESmXG7xzQK27PDjtB1ipzyDTgVWvzV7u2HMsY5hM68gph/q3TrBfh5O p0N+jCFHUACNQGnPi8yXrt1spVyMovfUmk/rHaWqr87HDSndnR/bsWh1yVoyDUXg 7ZZ+DcDbb8E3lb12eeuZwAnupk5w064h4lLHiGvL0gurbxlCMmaiRPh7NuuaY7YS aqR/o+P4DwU0XS1FCkV59djEkT6K7JyDV3oYdIGn0dEH3m4Lf4gM/wmmncg7QLok qE0kikY9DbOl61mwGV6BE5OI4iM01giMiFsoQpNFLHbi/808lYOGnQ== =4xeB -----END PGP SIGNATURE-----

3741

Age (days ago)

3745

Last active (days ago)

List overview

11 comments

4 participants

participants (4)

Nick Edwards
Ricardo Branco
Steffen
Steffen Kaiser