Problem with authentication in dovecot
I have the following dovecot.conf, striped from comment:
dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.0 protocols = imap auth_allow_cleartext = yes auth_mechanisms = plain auth_verbose = yes mail_plugin_dir = /usr/lib64/dovecot/modules namespace inbox { inbox = yes mail_driver = maildir mail_path = ~/Maildir prefix = INBOX. mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } } passdb pam { service_name = dovecot } userdb passwd { use_worker = yes } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl = yes ssl_server { cert_file = /etc/letsencrypt/live/<mydomain>/fullchain.pem dh_file = /etc/dovecot/dh.pem key_file = /etc/letsencrypt/live/<mydomain>/privkey.pem } sieve_script personal { active_path = ~/.dovecot.sieve driver = file path = ~/sieve }
When connecting my email client to dovecot, the connection succeeds, but after awhile it disconnects.
In /var/log/dovecot I get:
May 18 17:36:15 imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=192.168.178.6, lip=192.168.178.15, session=<2IMbUhlS8K3AqLIG> May 18 17:36:45 imap-login: Info: Login aborted: Connection closed (disconnected before auth was ready, waited 40 secs) (auth_process_not_ready): user=<>, rip=192.168.178.6, lip=192.168.178.15, session=<2IMbUhlS8K3AqLIG> May 18 17:36:45 imap-login: Error: auth-client: conn unix:login: connect(login) in directory / failed: Permission denied (euid=473(<getpwuid() error>) egid=473(<getgrgid() error>) missing +x perm: /, we're not in group 474, dir owned by 0:474 mode=0750) May 18 17:36:45 imap-login: Error: auth-client: conn unix:login: connect(login) in directory / failed: Permission denied (euid=473(<getpwuid() error>) egid=473(<getgrgid() error>) missing +x perm: /, we're not in group 474, dir owned by 0:474 mode=0750)
473 is connected with account/group dovenull an 474 is connected with account/group dovecot
I can't find a solution when searching the internet.
fr.gr.
member openSUSE Freek de Kruijf
I have the following dovecot.conf, striped from comment:
dovecot_config_version = 2.4.2
dovecot_storage_version = 2.4.0
protocols = imap
auth_allow_cleartext = yes
auth_mechanisms = plain
auth_verbose = yes
mail_plugin_dir = /usr/lib64/dovecot/modules
namespace inbox {
inbox = yes
mail_driver = maildir
mail_path = ~/Maildir
prefix = INBOX.
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}}
passdb pam {
service_name = dovecot}
userdb passwd {
use_worker = yes}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}}
ssl = yes
ssl_server {
cert_file = /etc/letsencrypt/live/<mydomain>/fullchain.pem
dh_file = /etc/dovecot/dh.pem
key_file = /etc/letsencrypt/live/<mydomain>/privkey.pem}
sieve_script personal {
active_path = ~/.dovecot.sieve
driver = file
path = ~/sieve}
When connecting my email client to dovecot, the connection succeeds, but after awhile it disconnects.
In /var/log/dovecot I get:
May 18 17:36:15 imap-login: Warning: Auth process not responding, delayed sending initial response (greeting): user=<>, rip=192.168.178.6, lip=192.168.178.15, session=<2IMbUhlS8K3AqLIG>
May 18 17:36:45 imap-login: Info: Login aborted: Connection closed (disconnected before auth was ready, waited 40 secs) (auth_process_not_ready): user=<>, rip=192.168.178.6, lip=192.168.178.15, session=<2IMbUhlS8K3AqLIG>
May 18 17:36:45 imap-login: Error: auth-client: conn unix:login: connect(login) in directory / failed: Permission denied (euid=473(<getpwuid() error>) egid=473(<getgrgid() error>) missing +x perm: /, we're not in group 474, dir owned by 0:474 mode=0750)
May 18 17:36:45 imap-login: Error: auth-client: conn unix:login: connect(login) in directory / failed: Permission denied (euid=473(<getpwuid() error>) egid=473(<getgrgid() error>) missing +x perm: /, we're not in group 474, dir owned by 0:474 mode=0750)
473 is connected with account/group dovenull an 474 is connected with account/group dovecot
I can't find a solution when searching the internet.
--
fr.gr.
member openSUSE
Freek de Kruijf
On 5/18/26 10:44 AM, Freek de Kruijf via dovecot wrote:
I can't find a solution when searching the internet.
All is well,
Freek found a solution on the openSUSE list.
openSUSE Bug - AppArmor....
Originating thread on openSUSE list:
"Problem starting dovecot after today's upgrade"
-- David C. Rankin, J.D.,P.E.
"David" == David C Rankin via dovecot <dovecot@dovecot.org> writes:
On 5/18/26 10:44 AM, Freek de Kruijf via dovecot wrote:
I can't find a solution when searching the internet.
All is well,
Freek found a solution on the openSUSE list.
openSUSE Bug - AppArmor....
Originating thread on openSUSE list:
"Problem starting dovecot after today's upgrade"
Can you just post the link to the discussion and or just cross post the solution? It's something to do with apparmor, but how was it fixed?
Cheers, John
On 5/21/26 1:05 PM, John Stoffel wrote:
Can you just post the link to the discussion and or just cross post the solution? It's something to do with apparmor, but how was it fixed?
Sure, Happy to:
https://lists.opensuse.org/archives/list/users@lists.opensuse.org/thread/4WJ...
<quote>
See reply by Andrei Borzenkov 20 May 14:38
On Wed, May 20, 2026 at 3:37 PM Freek de Kruijf <freek@opensuse.org> wrote: ...
It is part of <abstractions/base> which is not included by the usr.lib.dovecot.log ...
type=AVC msg=audit(1779273828.644:3175): apparmor="DENIED" operation="sendmsg" class="file" profile="dovecot" name="/systemd/notify" pid=17422 comm="dovecot" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
That explains the service timeout. AFAICT this is set on a case by case basis for service processes that need it. ...
I did put profiles dovecot-log and dovecot in complain mode. Hope that helps.
Even more helpful would be the bug report.
</quote>
-- David C. Rankin, J.D.,P.E.
"David" == David C Rankin via dovecot <dovecot@dovecot.org> writes:
On 5/21/26 1:05 PM, John Stoffel wrote:
Can you just post the link to the discussion and or just cross post the solution? It's something to do with apparmor, but how was it fixed?
Thanks for doing this!
Sure, Happy to:
https://lists.opensuse.org/archives/list/users@lists.opensuse.org/thread/4WJ...
<quote>
See reply by Andrei Borzenkov 20 May 14:38
On Wed, May 20, 2026 at 3:37 PM Freek de Kruijf <freek@opensuse.org> wrote: ...
It is part of <abstractions/base> which is not included by the usr.lib.dovecot.log ...
type=AVC msg=audit(1779273828.644:3175): apparmor="DENIED"operation="sendmsg" class="file" profile="dovecot" name="/systemd/notify" pid=17422 comm="dovecot" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
That explains the service timeout. AFAICT this is set on a case by case basis for service processes that need it. ...
I did put profiles dovecot-log and dovecot in complain mode. Hopethat helps.
Even more helpful would be the bug report.
</quote>
-- David C. Rankin, J.D.,P.E.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (3)
-
David C Rankin
-
Freek de Kruijf
-
John Stoffel