[Dovecot] %d in configuration file does not work
I am trying to set up dovecot in a postfix virtual account/domains setting. In the configuration file I would like to use %d in two places, for:
mail_location = /var/mail/vhosts/%d/%n
and to specify the location of the respective passwd file:
passdb passwd-file { args = /etc/auth/%d/shadow }
Looking at the logs, %d is empty while %n works, so dovecot is looking for something in /var/mail/vhosts//myname and /etc/auth//shadow which don't exist. Replacing %d in dovecot.conf with the actual domain name works.
So, the quesiton is, why is %d empty, and from where does it take its value?
- Jens Tobiska jtobiska@gmail.com 2013.01.19 18:04:
passdb passwd-file { args = /etc/auth/%d/shadow }
This looks like a pre-2.x Version, best to share that detail.
Looking at the logs, %d is empty while %n works, so dovecot is looking for something in /var/mail/vhosts//myname and /etc/auth//shadow which don't exist. Replacing %d in dovecot.conf with the actual domain name works.
So, the quesiton is, why is %d empty, and from where does it take its value?
Hard to tell without seeing the actual logs. My guess is the login is not in user@domain format:
http://wiki1.dovecot.org/VirtualUsers
Regards Thomas
Thank you for the reply. Please see below for some more details.
On Sat, Jan 19, 2013 at 6:34 PM, Thomas Leuxner tlx@leuxner.net wrote:
- Jens Tobiska jtobiska@gmail.com 2013.01.19 18:04:
passdb passwd-file { args = /etc/auth/%d/shadow }
This looks like a pre-2.x Version, best to share that detail.
Indeed, this is the output of "dovecot -n":
# 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 3.2.13-grsec-xxxx-grs-ipv6-64 x86_64 Debian 6.0.6 ext4 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log log_timestamp: %Y-%m-%d %H:%M:%S ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: /var/mail/vhosts/%d/%n mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes passdb: driver: passwd-file args: /etc/auth/%d/shadow userdb: driver: static args: uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
Looking at the logs, %d is empty while %n works, so dovecot is looking
for
something in /var/mail/vhosts//myname and /etc/auth//shadow which don't exist. Replacing %d in dovecot.conf with the actual domain name works.
So, the quesiton is, why is %d empty, and from where does it take its value?
Hard to tell without seeing the actual logs. My guess is the login is not in user@domain format:
This is the log (MYLOCALIP is the ip on the server which is running dovecot and MYREMOTEIP is the ip of the computer from which I try to connect). I used "mutt -f imap://jens@mydomain.com/INBOX" to connect.
2013-01-19 20:42:01 auth(default): Info: client in: AUTH 1 PLAIN service=imap lip=MYLOCALIP rip=MYREMOTEIP lport=143 rport=49509 resp=<hidden> 2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow 2013-01-19 20:42:01 auth(default): Info: new auth connection: pid=6613 2013-01-19 20:42:03 auth(default): Info: client out: FAIL 1 user=jens 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
How can I get the login in the user@domain format?
Jens
- Jens Tobiska jtobiska@gmail.com 2013.01.19 20:50:
dovecot and MYREMOTEIP is the ip of the computer from which I try to connect). I used "mutt -f imap://jens@mydomain.com/INBOX" to connect.
2013-01-19 20:42:01 auth(default): Info: client in: AUTH 1 PLAIN service=imap lip=MYLOCALIP rip=MYREMOTEIP lport=143 rport=49509 resp=<hidden> 2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow 2013-01-19 20:42:01 auth(default): Info: new auth connection: pid=6613 2013-01-19 20:42:03 auth(default): Info: client out: FAIL 1 user=jens 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
Seems the stab in the dark was correct :)
How can I get the login in the user@domain format?
Add it to your passwd file:
$ cat /etc/auth/mydomain.com/passwd jens@mydomain.com:{SSHA}...
On Sat, Jan 19, 2013 at 8:57 PM, Thomas Leuxner tlx@leuxner.net wrote:
- Jens Tobiska jtobiska@gmail.com 2013.01.19 20:50:
dovecot and MYREMOTEIP is the ip of the computer from which I try to connect). I used "mutt -f imap://jens@mydomain.com/INBOX" to connect.
2013-01-19 20:42:01 auth(default): Info: client in: AUTH 1 PLAIN service=imap lip=MYLOCALIP rip=MYREMOTEIP lport=143 rport=49509 resp=<hidden> 2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow 2013-01-19 20:42:01 auth(default): Info: new auth connection: pid=6613 2013-01-19 20:42:03 auth(default): Info: client out: FAIL 1 user=jens 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
Seems the stab in the dark was correct :)
How can I get the login in the user@domain format?
Add it to your passwd file:
$ cat /etc/auth/mydomain.com/passwd jens@mydomain.com:{SSHA}...
Unfortunately this did not fix it. The log is still the same.
- Jens Tobiska jtobiska@gmail.com 2013.01.19 21:15:
Unfortunately this did not fix it. The log is still the same.
Hmm. Shouldn't the login be something like?
mutt -f imap://jens@mydomain.com@host.mydomain.com/INBOX
What does it say in logs now? Interesting part is this:
2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow [...] 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
Figured it out. I had to add my domain to
auth_realms and auth_default_realm in dovecot.conf
Thanks again.
On Sat, Jan 19, 2013 at 9:22 PM, Thomas Leuxner tlx@leuxner.net wrote:
- Jens Tobiska jtobiska@gmail.com 2013.01.19 21:15:
Unfortunately this did not fix it. The log is still the same.
Hmm. Shouldn't the login be something like?
mutt -f imap://jens@mydomain.com@host.mydomain.com/INBOX
What does it say in logs now? Interesting part is this:
2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow [...] 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
But indeed, your solution also works. I did not realize that in "mutt -f imap://jens@mydomain.com", the login is "jens" and the rest is the name of the server, while the login itself needs to be jens@domain.
Thank you.
On Sat, Jan 19, 2013 at 9:31 PM, Jens Tobiska jtobiska@gmail.com wrote:
Figured it out. I had to add my domain to
auth_realms and auth_default_realm in dovecot.conf
Thanks again.
On Sat, Jan 19, 2013 at 9:22 PM, Thomas Leuxner tlx@leuxner.net wrote:
- Jens Tobiska jtobiska@gmail.com 2013.01.19 21:15:
Unfortunately this did not fix it. The log is still the same.
Hmm. Shouldn't the login be something like?
mutt -f imap://jens@mydomain.com@host.mydomain.com/INBOX
What does it say in logs now? Interesting part is this:
2013-01-19 20:42:01 auth(default): Info: passwd-file(jens,MYREMOTEIP): no passwd file: /etc/auth//shadow [...] 2013-01-19 20:42:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<jens>, method=PLAIN, rip=MYREMOTEIP, lip=MYLOCALIP
- Jens Tobiska jtobiska@gmail.com 2013.01.19 21:37:
But indeed, your solution also works. I did not realize that in "mutt -f imap://jens@mydomain.com", the login is "jens" and the rest is the name of the server, while the login itself needs to be jens@domain.
Thank you.
Glad I could help. I think the (auth_realms|auth_default_realm) may produce undesirable results with multiple domains served. It appends the parameter all the time - which did the trick in your scenario but seems to have corrected the incomplete mutt login string mainly...
http://wiki1.dovecot.org/MainConfig?highlight=%28auth_realms%29
participants (2)
-
Jens Tobiska
-
Thomas Leuxner