Problem switching from LDA to LMTP (with Postfix)
Hello,
I am trying to switch from LDA to LMTP on a Postfix/Dovecot setup, but something is going wrong.
I have followed the directions at: https://wiki.dovecot.org/HowTo/PostfixDovecotLMTP
Here is a session from dovecot.log:
Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Connect from local Aug 4 12:19:42 vmail2 dovecot: auth: ldap(imaptester@noa.gr): unknown user Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Disconnect from local: Successful quit Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Connect from local Aug 4 12:19:42 vmail2 dovecot: auth: ldap(nmilas@noa.gr): unknown user Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Disconnect from local: Successful quit Aug 4 12:19:42 vmail2 dovecot: imap(nmilas): save: box=Sent, uid=31, msgid=<c84ae059-854d-12bc-6aa2-9099cc2977b2@noa.gr>, size=445, vsize=459, from=Nikolaos Milas <nmilas@noa.gr>, subject=Test (12) - vmail2, flags=(\Seen)
What is going wrong?
It seems authentication is not working correctly with this setup. If understand right, dovecot is querying ldap with the whole mail address and not with the local part only (which is the username), as I would expect.
What is the suggested course of action?
With LDA it was working fine; here is a sample log entry:
Aug 4 12:02:51 vmail2 dovecot: lda(imaptester): sieve: msgid=<768b056c-1d12-c9bd-0864-c3fc6a6dbeda@noa.gr>: stored mail into mailbox 'INBOX' Aug 4 12:02:51 vmail2 dovecot: imap(nmilas): save: box=Sent, uid=30, msgid=<768b056c-1d12-c9bd-0864-c3fc6a6dbeda@noa.gr>, size=445, vsize=459, from=Nikolaos Milas <nmilas@noa.gr>, subject=Test (11) - vmail2, flags=(\Seen) Aug 4 12:02:51 vmail2 dovecot: imap(nmilas): Connection closed (noop finished 0.372 secs ago) in=628 out=2145
Please help me to figure out how things should be.
The config file follows:
----------------------------- CONFIG START --------------------------------
protocols = imap pop3 sieve lmtp
login_greeting = NOA POP/IMAP Srv XAPITI XPICTOY
mail_location = maildir:~/Maildir/ mail_gid = 500 mail_uid = 500
auth_mechanisms = plain login auth_username_format = %Lu
auth_verbose = yes auth_debug = no mail_debug = no
disable_plaintext_auth = no
mail_plugins = quota mail_log notify
protocol imap {
imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota mail_log notify mail_max_userip_connections = 400
}
protocol pop3 { mail_max_userip_connections = 3 mail_plugins = quota notify pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = log_path = mail_plugins = quota notify sieve postmaster_address = sysadmin@noa.gr sendmail_path = /usr/lib/sendmail }
protocol lmtp { auth_socket_path = /var/run/dovecot/auth-master postmaster_address = sysadmin@noa.gr mail_plugins = quota notify sieve sendmail_path = /usr/lib/sendmail }
protocol sieve { managesieve_max_line_length = 65536 mail_max_userip_connections = 10 managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 10 }
userdb { args = /etc/dovecot/dovecot-usrdb-ldap.conf driver = ldap }
passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap }
plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change save mailbox_create mail_log_fields = uid box msgid size flags vsize from subject }
plugin { quota = maildir:User quota quota_rule = *:storage=5G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u }
plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_max_script_size = 0 sieve_max_actions = 0 sieve_max_redirects = 1 }
service quota-warning { executable = script /opt/mail1.sh user = vmail unix_listener quota-warning { user = vmail } }
service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root }
service imap-login { service_count = 1 vsz_limit = 64 M process_limit = 500 process_min_avail = 2 }
service pop3-login { service_count = 1 vsz_limit = 64 M }
service managesieve-login { inet_listener sieve { port = 4190 }
service_count = 1 process_min_avail = 0 vsz_limit = 64M }
service managesieve { process_limit = 1024 }
service imap { executable = imap postlogin process_limit = 2048 }
service pop3 { executable = pop3 postlogin }
service postlogin { executable = script-login -d rawlog unix_listener postlogin { } }
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } }
ssl_ca = </etc/pki/tls/certs/DigiCertCA.crt ssl_cert = </etc/pki/tls/certs/star_noa_gr-1243437.crt ssl_key = </etc/pki/tls/private/star_noa_gr-1243437.key
ssl_protocols = !SSLv2 !SSLv3
syslog_facility = local1
----------------------------- CONFIG END --------------------------------
FILE: /etc/dovecot/dovecot-usrdb-ldap.conf
hosts = localhost tls = no base = ou=people, dc=noa, dc=gr scope = onelevel ldap_version = 3 dn = uid=auth,ou=Sys,dc=noa,dc=gr dnpass = secret auth_bind = yes user_filter = (uid=%u) pass_filter = (uid=%u) pass_attrs = uid=user,userPassword=password auth_bind_userdn = uid=%u,ou=people,dc=noa,dc=gr user_attrs = roomNumber=quota_rule=*:bytes=%$,uid=home=/home/vmail/%u iterate_filter = (objectClass=*)
Thanks in advance, Nick
Am 04.08.2017 um 12:06 schrieb Nikolaos Milas:
Hello,
I am trying to switch from LDA to LMTP on a Postfix/Dovecot setup, but something is going wrong.
I have followed the directions at: https://wiki.dovecot.org/HowTo/PostfixDovecotLMTP
Here is a session from dovecot.log:
Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Connect from local Aug 4 12:19:42 vmail2 dovecot: auth: ldap(imaptester@noa.gr): unknown user Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Disconnect from local: Successful quit Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Connect from local Aug 4 12:19:42 vmail2 dovecot: auth: ldap(nmilas@noa.gr): unknown user Aug 4 12:19:42 vmail2 dovecot: lmtp(3152): Disconnect from local: Successful quit Aug 4 12:19:42 vmail2 dovecot: imap(nmilas): save: box=Sent, uid=31, msgid=<c84ae059-854d-12bc-6aa2-9099cc2977b2@noa.gr>, size=445, vsize=459, from=Nikolaos Milas <nmilas@noa.gr>, subject=Test (12) - vmail2, flags=(\Seen)
What is going wrong?
It seems authentication is not working correctly with this setup. If understand right, dovecot is querying ldap with the whole mail address and not with the local part only (which is the username), as I would expect.
FILE: /etc/dovecot/dovecot-usrdb-ldap.conf
hosts = localhost tls = no base = ou=people, dc=noa, dc=gr scope = onelevel ldap_version = 3 dn = uid=auth,ou=Sys,dc=noa,dc=gr dnpass = secret auth_bind = yes user_filter = (uid=%u) pass_filter = (uid=%u) pass_attrs = uid=user,userPassword=password auth_bind_userdn = uid=%u,ou=people,dc=noa,dc=gr user_attrs = roomNumber=quota_rule=*:bytes=%$,uid=home=/home/vmail/%u iterate_filter = (objectClass=*)
You are searching for the complete username (%u = user@domain) but it sounds like you only want the localpart (%n). See:
https://wiki.dovecot.org/Variables
-- Alex JOST
On 4/8/2017 2:07 μμ, Alex JOST wrote:
You are searching for the complete username (%u = user@domain) but it sounds like you only want the localpart (%n). See:
Thank you Alex,
You are right. After switching to LMTP, Dovecot receives from Postfix a fully qualified username, whereas with LDA it was receiving a 'naked' username.
Thus, although I had %u (instead of %n, see below) in my dovecot ldap component, it was working right with LDA.
So, I had to change my dovecot ldap component so that it uses only the username, i.e.:
hosts = localhost
tls = no
base = ou=people, dc=noa, dc=gr
scope = onelevel
ldap_version = 3
dn = uid=auth,ou=Sys,dc=noa,dc=gr
dnpass = secret
auth_bind = yes
user_filter = (uid=%n)
pass_filter = (uid=%n)
pass_attrs = uid=user,userPassword=password
auth_bind_userdn = uid=%n,ou=people,dc=noa,dc=gr
user_attrs = roomNumber=quota_rule=*:bytes=%$,uid=home=/home/vmail/%n
iterate_filter = (objectClass=*)
Cheers, Nick
participants (2)
-
Alex JOST
-
Nikolaos Milas