Help regarding Postfix and Dovecot SASL
Hello, Please excuse my naive question. I am trying to understand how "service auth" is supposed to work between Postfix and Dovecot. (https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)
Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener /var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener /var/spool/postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd
Now, postrfix receive (by smtp) an email From: bob@my_domain.org To: alice@my_domain.org Postfix validate the domain according to its config (main.cf: virtual_mailbox_domains=my_domain.org) Then, it queries dovecot about these users via sasl: and that's where it fails!
Here are logs from postfix:
2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: CA20D880486: from=<bob@my_domain.org>, size=9988, nrcpt=1 (queue active) 2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: CA20D880486: to=<alice@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (host pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 <alice@my_domain.org> User doesn't exist: alice@my_domain.org (in reply to RCPT TO command))
Here are logs from dovecot:
Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=25081,uid=118): Server accepted connection (fd=24) Jan 16 14:28:55 auth: Debug: master in: USER 1 bob@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 1 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY) Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: master in: USER 2 alice@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 2 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY)
So, what's wrong? It seems to me that Dovecot receives a SASL request for the user "bob@my_domain.org", but only does a lookup for "bob", without the domain. Isn't it? So, why? What can I do?
Best regards, Christophe
Hello, Please excuse my naive question. I am trying to understand how "service auth" is supposed to work between Postfix and Dovecot. (https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)
Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener /var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener /var/spool/postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd
Now, postrfix receive (by smtp) an email From: bob@my_domain.org To: alice@my_domain.org Postfix validate the domain according to its config (main.cf: virtual_mailbox_domains=my_domain.org) Then, it queries dovecot about these users via sasl: and that's where it fails!
Here are logs from postfix:
2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: CA20D880486: from=<bob@my_domain.org>, size=9988, nrcpt=1 (queue active) 2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: CA20D880486: to=<alice@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (host pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 <alice@my_domain.org> User doesn't exist: alice@my_domain.org (in reply to RCPT TO command))
Here are logs from dovecot:
Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=25081,uid=118): Server accepted connection (fd=24) Jan 16 14:28:55 auth: Debug: master in: USER 1 bob@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 1 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY) Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: master in: USER 2 alice@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 2 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY)
So, what's wrong? It seems to me that Dovecot receives a SASL request for the user "bob@my_domain.org", but only does a lookup for "bob", without the domain. Isn't it? So, why? What can I do?
Best regards, Christophe
On 16/01/2026 15:09, Christophe Lohr via dovecot wrote:
Hello, Please excuse my naive question. I am trying to understand how "service auth" is supposed to work between Postfix and Dovecot. (https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)
Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener /var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener /var/spool/postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd
Now, postrfix receive (by smtp) an email From: bob@my_domain.org To: alice@my_domain.org Postfix validate the domain according to its config (main.cf: virtual_mailbox_domains=my_domain.org) Then, it queries dovecot about these users via sasl: and that's where it fails!
Here are logs from postfix:
2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: CA20D880486: from=<bob@my_domain.org>, size=9988, nrcpt=1 (queue active) 2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: CA20D880486: to=<alice@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (host pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 <alice@my_domain.org> User doesn't exist: alice@my_domain.org (in reply to RCPT TO command)) That does not look like a sasl request. This is postfix lmtp delivery agent connecting to dovecot to deliver the message to dovecot, but dovecot rejecting the email due to user not found.
Here are logs from dovecot:
Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=25081,uid=118): Server accepted connection (fd=24) Jan 16 14:28:55 auth: Debug: master in: USER 1 bob@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 1 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY) Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: master in: USER 2 alice@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 2 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY)
So, what's wrong? It seems to me that Dovecot receives a SASL request for the user "bob@my_domain.org", but only does a lookup for "bob", without the domain. Isn't it? So, why? What can I do?
Best regards, Christophe
Have you configured users on dovecot and are you able to login to imap ok? Before integrating postfix and dovecot, is dovecot configured and working?
John
Le 16/01/2026 à 17:22, John Fawcett via dovecot a écrit :
Have you configured users on dovecot and are you able to login to imap ok? Before integrating postfix and dovecot, is dovecot configured and working?
Yes, Bob and Alice are configured on Dovecot and can connect to it. (Tested with Thunderbird.) According to the log file, Dovecot accepts connections from bob@my_domain.org and alice@my_domain.org
Le 16/01/2026 `a 17:22, John Fawcett via dovecot a ecrit :
Have you configured users on dovecot and are you able to login to imap
ok? Before integrating postfix and dovecot, is dovecot configured and
working?Yes, Bob and Alice are configured on Dovecot and can connect to it. (Tested with Thunderbird.) According to the log file, Dovecot accepts connections from bob@my_domain.org and alice@my_domain.org
On 16/01/2026 17:48, Christophe Lohr via dovecot wrote:
Le 16/01/2026 `a 17:22, John Fawcett via dovecot a ecrit : Have you configured users on dovecot and are you able to login to imap ok? Before integrating postfix and dovecot, is dovecot configured and working? Yes, Bob and Alice are configured on Dovecot and can connect to it. (Tested with Thunderbird.) According to the log file, Dovecot accepts connections from bob@my_domain.org and alice@my_domain.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hi
where are the dovecot users configured? Maybe it would help if you post your configuration (doveconf -n).
John
Le 16/01/2026 à 21:17, Christophe Lohr via dovecot a écrit :
Le 16/01/2026 à 20:50, John Fawcett via dovecot a écrit :
where are the dovecot users configured?
in /etc/dovecot/passwd
Maybe it would help if you post your configuration (doveconf -n).
Thankyou for your help. See attached file
hum, I think the mailing list removed the attached file... well, here is the content:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user} mail_inbox_path = /var/spool/vmail/%{user}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { auto = subscribe special_use = "\\Drafts" } mailbox Junk { auto = subscribe special_use = "\\Junk" } mailbox Trash { auto = subscribe special_use = "\\Trash" } mailbox Sent { auto = subscribe special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user | username | lower} } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user} uid = vmail } }
Le 16/01/2026 `a 21:17, Christophe Lohr via dovecot a ecrit :
Le 16/01/2026 `a 20:50, John Fawcett via dovecot a ecrit :
where are the dovecot users configured?
in /etc/dovecot/passwd
Maybe it would help if you post your configuration (doveconf -n).
Thankyou for your help. See attached filehum, I think the mailing list removed the attached file... well, here is the content:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user} mail_inbox_path = /var/spool/vmail/%{user}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { auto = subscribe special_use = "\\Drafts" } mailbox Junk { auto = subscribe special_use = "\\Junk" } mailbox Trash { auto = subscribe special_use = "\\Trash" } mailbox Sent { auto = subscribe special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user | username | lower} } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user} uid = vmail } }
Hello,
I'm currently testing a new setup for my internal mail server with a similar configuration (I'm authenticating users against a Samba4 AD-DC) and I encountered the same error. I was starting to get desperate trying to troubleshoot it.
Am 16.01.2026 um 21:56 schrieb John Fawcett via dovecot:
Maybe this should be
protocol lmtp { auth_username_format = %{user | lower} }
That was the solution! Sometimes it's so simple when you think about it calmly and know where to look.
Thanks, John. You're my hero. And thanks, Christophe, for asking at just the right time. 😉
Best regards, Mike
Le 16/01/2026 à 21:56, John Fawcett via dovecot a écrit :
Maybe this should be
protocol lmtp { auth_username_format = %{user | lower} }
Great, thankyouverymuch! Authenticationseemstobeworkingfinenow.
Thingsareprogressingwell... but... Istillhaveoneproblem: thereisnodelivery.
WhichdirectionshouldIlook?
postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 7496C880028 7846 Mon Jan 19 08:48:06 bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) alice7@my_domain.org
1F8D38800E7 7846 Mon Jan 19 08:21:42 bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) alice7@my_domain.org
-- 15 Kbytes in 2 Requests.
Postfix logs:
2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect from linux7.my_domain.org[192.168.100.17] 2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]: 7496C880028: client=linux7.my_domain.org[192.168.100.17], sasl_method=PLAIN, sasl_username=bob7@my_domain.org 2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]: 7496C880028: message-id=<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org> 2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]: 7496C880028: from=<bob7@my_domain.org>, size=7846, nrcpt=1 (queue active) 2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]: 7496C880028: to=<alice7@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04, delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) 2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]: disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Dovecot logs:
Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Server accepted connection (fd=22) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth client connected (pid=0) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client in: AUTH 1 PLAIN service=smtp nologin lip=192.168.100.1 rip=192.168.100.17 resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous base64 data may contain sensitive data) Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Performing passdb lookup Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: lookup: user=bob7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Finished passdb lookup Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: Auth request finished Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client passdb out: OK 1 user=bob7@my_domain.org Jan 19 08:48:06 lmtp(2482): Info: Connect from local Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): Server accepted connection (fd=24) Jan 19 08:48:06 auth: Debug: master in: USER 1 alice7@my_domain.org protocol=lmtp Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: Performing userdb lookup Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: lookup: user=alice7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: Finished userdb lookup Jan 19 08:48:06 auth: Debug: userdb out: USER 1 alice7@my_domain.org uid=2222 gid=2222 home=/var/spool/vmail/alice7@my_domain.org Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): auth-master client: Disconnected: Connection closed (fd=24) (created 2 msecs ago, handshake 2 msecs ago) Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Disconnected: Connection closed (fd=22)
Many thanks ! Regards, Christophe
Le 16/01/2026 `a 21:56, John Fawcett via dovecot a ecrit :
Maybe this should be
protocol lmtp {
auth_username_format = %{user | lower}
}Great, thank you very much! Authentication seems to be working fine now. Things are progressing well... but... I still have one problem: there is no delivery.
Which direction should I look?
postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 7496C880028 7846 Mon Jan 19 08:48:06 [1]bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) [2]alice7@my_domain.org
1F8D38800E7 7846 Mon Jan 19 08:21:42 [3]bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) [4]alice7@my_domain.org
-- 15 Kbytes in 2 Requests.
Postfix logs:
2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect from linux7.my_domain.org[192.168.100.17] 2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]: 7496C880028: client=linux7.my_domain.org[192.168.100.17], sasl_method=PLAIN, [5]sasl_username=bob7@my_domain.org 2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]: 7496C880028: message-id=[6]<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org> 2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]: 7496C880028: from=[7]<bob7@my_domain.org>, size=7846, nrcpt=1 (queue active) 2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]: 7496C880028: to=[8]<alice7@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04, delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) 2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]: disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Dovecot logs:
Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Server accepted connection (fd=22) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth client connected (pid=0) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client in: AUTH 1 PLAIN service=smtp nologin lip=192.168.100.1 rip=192.168.100.17 resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous base64 data may contain sensitive data) Jan 19 08:48:06 auth([9]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Performing passdb lookup Jan 19 08:48:06 auth([10]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: lookup: [11]user=bob7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth([12]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Finished passdb lookup Jan 19 08:48:06 auth([13]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: Auth request finished Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client passdb out: OK 1 [14]user=bob7@my_domain.org Jan 19 08:48:06 lmtp(2482): Info: Connect from local Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): Server accepted connection (fd=24) Jan 19 08:48:06 auth: Debug: master in: USER 1 [15]alice7@my_domain.org protocol=lmtp Jan 19 08:48:06 auth([16]alice7@my_domain.org): Debug: passwd-file: Performing userdb lookup Jan 19 08:48:06 auth([17]alice7@my_domain.org): Debug: passwd-file: lookup: [18]user=alice7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth([19]alice7@my_domain.org): Debug: passwd-file: Finished userdb lookup Jan 19 08:48:06 auth: Debug: userdb out: USER 1 [20]alice7@my_domain.org uid=2222 gid=2222 [21]home=/var/spool/vmail/alice7@my_domain.org Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): auth-master client: Disconnected: Connection closed (fd=24) (created 2 msecs ago, handshake 2 msecs ago) Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Disconnected: Connection closed (fd=22)
Many thanks ! Regards, Christophe
References
Visible links
- mailto:bob7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:bob7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:sasl_username=bob7@my_domain.org
- mailto:89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org
- mailto:bob7@my_domain.org
- mailto:alice7@my_domain.org
- file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sasl:plain
- file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sasl:plain
- mailto:user=bob7@my_domain.org
- file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sasl:plain
- file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sasl:plain
- mailto:user=bob7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:user=alice7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:alice7@my_domain.org
- mailto:home=/var/spool/vmail/alice7@my_domain.org
On 19/01/2026 10:02 EET Christophe Lohr via dovecot <dovecot@dovecot.org> wrote:
Le 16/01/2026 à 21:56, John Fawcett via dovecot a écrit :
Maybe this should be
protocol lmtp { auth_username_format = %{user | lower} }
Great, thankyouverymuch! Authenticationseemstobeworkingfinenow.
Thingsareprogressingwell... but... Istillhaveoneproblem: thereisnodelivery.
WhichdirectionshouldIlook?
postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 7496C880028 7846 Mon Jan 19 08:48:06 bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) alice7@my_domain.org
1F8D38800E7 7846 Mon Jan 19 08:21:42 bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) alice7@my_domain.org
-- 15 Kbytes in 2 Requests.
Postfix logs:
2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect from linux7.my_domain.org[192.168.100.17] 2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]: 7496C880028: client=linux7.my_domain.org[192.168.100.17], sasl_method=PLAIN, sasl_username=bob7@my_domain.org 2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]: 7496C880028: message-id=<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org> 2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]: 7496C880028: from=<bob7@my_domain.org>, size=7846, nrcpt=1 (queue active) 2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]: 7496C880028: to=<alice7@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04, delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) 2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]: disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Dovecot logs:
Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Server accepted connection (fd=22) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth client connected (pid=0) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client in: AUTH 1 PLAIN service=smtp nologin lip=192.168.100.1 rip=192.168.100.17 resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous base64 data may contain sensitive data) Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Performing passdb lookup Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: lookup: user=bob7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Finished passdb lookup Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: Auth request finished Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client passdb out: OK 1 user=bob7@my_domain.org Jan 19 08:48:06 lmtp(2482): Info: Connect from local Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): Server accepted connection (fd=24) Jan 19 08:48:06 auth: Debug: master in: USER 1 alice7@my_domain.org protocol=lmtp Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: Performing userdb lookup Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: lookup: user=alice7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: Finished userdb lookup Jan 19 08:48:06 auth: Debug: userdb out: USER 1 alice7@my_domain.org uid=2222 gid=2222 home=/var/spool/vmail/alice7@my_domain.org Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): auth-master client: Disconnected: Connection closed (fd=24) (created 2 msecs ago, handshake 2 msecs ago) Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Disconnected: Connection closed (fd=22)
Many thanks ! Regards, Christophe
Le 16/01/2026 `a 21:56, John Fawcett via dovecot a ecrit :
Maybe this should be protocol lmtp { auth_username_format = %{user | lower} }Great, thank you very much! Authentication seems to be working fine now. Things are progressing well... but... I still have one problem: there is no delivery.
Which direction should I look?
postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 7496C880028 7846 Mon Jan 19 08:48:06 [1]bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) [2]alice7@my_domain.org
1F8D38800E7 7846 Mon Jan 19 08:21:42 [3]bob7@my_domain.org (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) [4]alice7@my_domain.org
-- 15 Kbytes in 2 Requests.
Postfix logs:
2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect from linux7.my_domain.org[192.168.100.17] 2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]: 7496C880028: client=linux7.my_domain.org[192.168.100.17], sasl_method=PLAIN, [5]sasl_username=bob7@my_domain.org 2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]: 7496C880028: message-id=[6]<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org> 2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]: 7496C880028: from=[7]<bob7@my_domain.org>, size=7846, nrcpt=1 (queue active) 2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]: 7496C880028: to=[8]<alice7@my_domain.org>, relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04, delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data -- message may be sent more than once) 2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]: disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Dovecot logs:
Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Server accepted connection (fd=22) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth client connected (pid=0) Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client in: AUTH 1 PLAIN service=smtp nologin lip=192.168.100.1 rip=192.168.100.17 resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous base64 data may contain sensitive data) Jan 19 08:48:06 auth([9]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Performing passdb lookup Jan 19 08:48:06 auth([10]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: lookup: [11]user=bob7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth([12]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: passwd-file: Finished passdb lookup Jan 19 08:48:06 auth([13]bob7@my_domain.org,192.168.100.17,sasl:plain): Debug: Auth request finished Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client passdb out: OK 1 [14]user=bob7@my_domain.org Jan 19 08:48:06 lmtp(2482): Info: Connect from local Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): Server accepted connection (fd=24) Jan 19 08:48:06 auth: Debug: master in: USER 1 [15]alice7@my_domain.org protocol=lmtp Jan 19 08:48:06 auth([16]alice7@my_domain.org): Debug: passwd-file: Performing userdb lookup Jan 19 08:48:06 auth([17]alice7@my_domain.org): Debug: passwd-file: lookup: [18]user=alice7@my_domain.org file=/etc/dovecot/passwd Jan 19 08:48:06 auth([19]alice7@my_domain.org): Debug: passwd-file: Finished userdb lookup Jan 19 08:48:06 auth: Debug: userdb out: USER 1 [20]alice7@my_domain.org uid=2222 gid=2222 [21]home=/var/spool/vmail/alice7@my_domain.org Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=2482,uid=118): auth-master client: Disconnected: Connection closed (fd=24) (created 2 msecs ago, handshake 2 msecs ago) Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Disconnected: Connection closed (fd=22)
Many thanks ! Regards, Christophe
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
Aki
Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe
Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe
On 19/01/2026 11:53 EET Christophe Lohr via dovecot <dovecot@dovecot.org> wrote:
Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe
you can try
log_debug=category=lmtp
Aki
ok these go in to dovecot config file
switch various debug = yes
also make sure debug log path = syslog so everything goes to the system logger
also best to try with ssl enabled first as that can cause complications until you are up and running.
auth_debug = no auth_debug_passwords = no
default_process_limit = 16384
mail_debug = no
#lock_method = dotlock #mail_max_lock_timeout = 300s
#mbox_read_locks = dotlock #mbox_write_locks = dotlock
mmap_disable = yes dotlock_use_excl = no mail_fsync = always mail_nfs_storage = no mail_nfs_index = no
#submission_host = 10.220.0.2:25
auth_mechanisms = plain login auth_verbose = yes base_dir = /data/dovecot/run/ debug_log_path = syslog disable_plaintext_auth = no dsync_features = empty-header-workaround
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Monday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-19 4:58 a.m., Aki Tuomi via dovecot wrote:
On 19/01/2026 11:53 EET Christophe Lohr via dovecot <dovecot@dovecot.org> wrote:
Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp? From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why... Best regards Christopheyou can try
log_debug=category=lmtp
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
sorry without ssl enabled (typo)
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Monday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-19 7:14 a.m., Paul Kudla via dovecot wrote:
ok these go in to dovecot config file
switch various debug = yes
also make sure debug log path = syslog so everything goes to the system logger
also best to try with ssl enabled first as that can cause complications until you are up and running.
auth_debug = no auth_debug_passwords = no
default_process_limit = 16384
mail_debug = no
#lock_method = dotlock #mail_max_lock_timeout = 300s
#mbox_read_locks = dotlock #mbox_write_locks = dotlock
mmap_disable = yes dotlock_use_excl = no mail_fsync = always mail_nfs_storage = no mail_nfs_index = no
#submission_host = 10.220.0.2:25
auth_mechanisms = plain login auth_verbose = yes base_dir = /data/dovecot/run/ debug_log_path = syslog disable_plaintext_auth = no dsync_features = empty-header-workaround
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Monday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-19 4:58 a.m., Aki Tuomi via dovecot wrote:
On 19/01/2026 11:53 EET Christophe Lohr via dovecot <dovecot@dovecot.org> wrote:
Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :
Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp?
From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why...
Best regards Christophe
you can try
log_debug=category=lmtp
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Le 19/01/2026 à 10:58, Aki Tuomi via dovecot a écrit :
you can try
log_debug=category=lmtp
Many thanks!
Thereisclearlysomeconfusionsomewherebetweenthevmailuserandthedovecotuser(nottomentionthatanvilisundertherootuser):
Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied Jan 19 13:13:56 lmtp(alice7@my_domain.org)<4940><g39gDwQgbmlMEwAAfWgqOQ>: Fatal: setresgid(2222(vmail),2222(vmail),8(mail)) failed with euid=118(dovecot): Operation not permitted Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned error 89 (Fatal failure)
How can I fix this?
Best regards Christophe
PS: Here is my current doveconf:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_debug = category=lmtp log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user|lower} mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { executable = lmtp -L user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user|lower} info_log_path = /var/log/dovecot-lmtp.log } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user|lower} uid = vmail } }
Le 19/01/2026 `a 10:58, Aki Tuomi via dovecot a ecrit :
you can try
log_debug=category=lmtp
Many thanks!
There is clearly some confusion somewhere between the vmail user and the dovecot user (not to mention that anvil is under the root user):
Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied Jan 19 13:13:56 lmtp([1]alice7@my_domain.org)<4940><g39gDwQgbmlMEwAAfWgqOQ>: Fatal: setresgid(2222(vmail),2222(vmail),8(mail)) failed with euid=118(dovecot): Operation not permitted Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned error 89 (Fatal failure)
How can I fix this?
Best regards Christophe
PS: Here is my current doveconf:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_debug = category=lmtp log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user|lower} mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { executable = lmtp -L user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user|lower} info_log_path = /var/log/dovecot-lmtp.log } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user|lower} uid = vmail } }
References
Visible links
- mailto:alice7@my_domain.org
Drop user=dovecot from service lmtp.
Aki
On 19/01/2026 14:35 EET Christophe Lohr via dovecot <dovecot@dovecot.org> wrote:
Le 19/01/2026 à 10:58, Aki Tuomi via dovecot a écrit :
you can try
log_debug=category=lmtp
Many thanks!
Thereisclearlysomeconfusionsomewherebetweenthevmailuserandthedovecotuser(nottomentionthatanvilisundertherootuser):
Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied Jan 19 13:13:56 lmtp(alice7@my_domain.org)<4940><g39gDwQgbmlMEwAAfWgqOQ>: Fatal: setresgid(2222(vmail),2222(vmail),8(mail)) failed with euid=118(dovecot): Operation not permitted Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned error 89 (Fatal failure)
How can I fix this?
Best regards Christophe
PS: Here is my current doveconf:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_debug = category=lmtp log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user|lower} mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { executable = lmtp -L user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user|lower} info_log_path = /var/log/dovecot-lmtp.log } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user|lower} uid = vmail } } Le 19/01/2026 `a 10:58, Aki Tuomi via dovecot a ecrit :
you can try
log_debug=category=lmtp
Many thanks!
There is clearly some confusion somewhere between the vmail user and the dovecot user (not to mention that anvil is under the root user):
Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied Jan 19 13:13:56 lmtp([1]alice7@my_domain.org)<4940><g39gDwQgbmlMEwAAfWgqOQ>: Fatal: setresgid(2222(vmail),2222(vmail),8(mail)) failed with euid=118(dovecot): Operation not permitted Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned error 89 (Fatal failure)
How can I fix this?
Best regards Christophe
PS: Here is my current doveconf:
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
Pigeonhole version 2.4.1-4 (0a86619f)
OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
Hostname: pc-serveur
4 default setting changes since version 2.4.0
dovecot_config_version = 2.4.0 auth_allow_cleartext = yes auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain auth_verbose = yes auth_verbose_passwords = yes default_login_user = vmail dovecot_storage_version = 2.4.0 first_valid_gid = 2222 first_valid_uid = 2222 fts_autoindex = yes fts_autoindex_max_recent_msgs = 999 fts_search_add_missing = yes info_log_path = /var/log/dovecot-info.log log_debug = category=lmtp log_path = /var/log/dovecot.log mail_access_groups = vmail mail_driver = maildir mail_home = /var/spool/vmail/%{user|lower} mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir mail_path = ~/Maildir mail_privileged_group = mail protocols = imap lmtp ssl = no verbose_proctitle = yes namespace inbox { inbox = yes mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } service imap-login { process_min_avail = 1 user = vmail inet_listener imap { port = 143 listen = 192.168.100.1 127.0.0.1 [::1] } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service submission-login { inet_listener submission { } inet_listener submissions { } } service lmtp { executable = lmtp -L user = dovecot unix_listener lmtp { } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap { } service pop3 { } service submission { } service auth { user = dovecot unix_listener auth-userdb { } unix_listener auth-chasquid-userdb { mode = 0660 user = chasquid } unix_listener auth-chasquid-client { mode = 0660 user = chasquid } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service auth-worker { user = dovecot } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/dovecot/private/dovecot.pem key_file = /etc/dovecot/private/dovecot.key } protocol lmtp { auth_username_format = %{user|lower} info_log_path = /var/log/dovecot-lmtp.log } passdb passwd-file { passwd_file_path = /etc/dovecot/passwd } userdb passwd-file { passwd_file_path = /etc/dovecot/passwd fields { gid = vmail home = /var/spool/vmail/%{user|lower} uid = vmail } }
References
Visible links
- mailto:alice7@my_domain.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
note postfix has log levels set to 15 for everything.
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Monday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-19 4:53 a.m., Christophe Lohr via dovecot wrote:
Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :Looks like the logs are missing all the useful things that would've hopefully come after this. The error is coming from lmtp, not auth.
How can I ask Dovecot to produce more logs concerning lmtp? From the postfix side I just have: "lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial server greeting" I'd like to know why... Best regards Christophe
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
ok here are my sniplets as this was fun the first time around
please note that postfix requires database tables setup etc when using sql
i use postgresql, mysql will be similiar however sasl also requires extra setup
basically postfix uses sasl, dovecot uses the database directly (no sasl) and the virtual transport has to be dovecot
also note postfix has to be built with sasl support (aka libs compiled in)
i use freebsd, configs are similiar accross th various distros but this should point you in the right direction
if you need further help please email me directly (paul@scom.ca)
i dont charge for stuff like this and dont feel bad took a few months for me to put it all together and i program in machine code, assember, c, python and build my own systems, its common for doc's to miss 'putting it all together'
relative parts from main.cf (postfix)
please be aware i run multiple instances of postfix so i use /usr/home/postfix as my base dir, you will need to adjust paths
#Cyrus smtpd_sasl_type = cyrus smtpd_sasl_path = smtpd
#SASL Common broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname
dovecot_destination_recipient_limit = 1 virtual_transport = dovecot
#Postgres Stuff mydestination = pgsql:/usr/home/postfix/config/pgsql-mydestination.cf #virtual_maps=pgsql:/usr/home/postfix/config/pgsql-virtual.cf alias_maps=pgsql:/usr/home/postfix/config/pgsql-aliases.cf #sender_canonical_maps = pgsql:/usr/home/postfix/config/pgsql-canonical.cf
transport_maps = hash:/usr/home/postfix/config/transport
#virtual_mailbox_lock = dotlock (i dont use this but dovecot lmtp might if sharing accross network nfs shares)
file(s)
transport (is a black file just use touch to create it)
pgsql-aliases.cf :
**** pgsql-virtual.cf ***
pgsql config file for alias lookups on postfix
comments are ok.
the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433 user = pgsql password = 00
the database name on the servers
dbname = scom_billing
the table name
table = email_users
#Select source email address alias (ie sales@ etc aliases ) where_field = source
#Select destination email account address (final delivery) select_field = destination
#Account Status (1=good) additional_conditions = and status = '1'
pgsql-canonical.cf :
**** pgsql-canonical.cf ****
#############################################
pgsql config file for canonical lookups on postfix comments are ok.
the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433 user = pgsql password = 00
the database name on the servers
dbname = scom_billing
the table name
table = email_users
select_field = source
where_field = destination
pgsql-mydestination.cf :
/etc/postfix/pgsql-mydestination.cf
#####################################
pgsql config file for local domain (like sendmail's sendmail.cw)
lookups on postfix
comments are ok.
the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433 user = pgsql password = 00
the database name on the servers
dbname = scom_billing
the table name
table = email_users
select_field = domain where_field = domain
#Account Status (1=good) additional_conditions = and status = '1'
pgsql-virtual.cf (this is the big one) :
**** pgsql-virtual.cf ***
pgsql config file for alias lookups on postfix
comments are ok.
the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433 user = pgsql password = 00
the database name on the servers
dbname = scom_billing
the table name
table = email_users
#Select source email address alias (ie sales@ etc aliases ) where_field = source
#Select destination email account address (final delivery) select_field = destination
#Account Status (1=good) additional_conditions = and status = '1'
for sasl to work on outgoing postfix connections you need to map to a sasl config file
i makde a sasl dir inside postfix config dir that links to where it usually needs to be for sasl to find it
[00:29:56] mail18.scom.ca [root:0] /usr/home/postfix/config/sasl
ll
total 10 drwxr-xr-x 2 root vmail uarch 3B Sep 1 2024 . drwxr-xr-x 7 root wheel uarch 59B Jan 17 00:29 .. lrwxr-xr-x 1 root wheel - 31B Mar 27 2013 smtpd.conf -> /usr/local/lib/sasl2/smtpd.conf
smtpd.conf contains :
cat smtpd.conf
#Local Password Database #pwcheck_method: saslauthd #mech_list: login plain #saslauthd_path: /var/run/saslauthd
#Postygres pwcheck_method: auxprop mech_list: PLAIN LOGIN auxprop_plugin: sql sql_engine: pgsql sql_hostnames: dovecot-mail18.scom.ca:5433 sql_database: scom_billing sql_user: pgsql sql_passwd: 00
sql_select: SELECT password FROM email_users WHERE username = '%u@%r' and password <> 'alias' and currentcount_bad < maxcount and currentcount < currentcount_threshold and currentcount_daily < currentcount_daily_threshold and currentcount_monthly < currentcount_monthly_threshold and currentcount_yearly < currentcount_yearly_threshold and status = True
#Logging? log_level: 7
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Saturday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-01-16 11:22 a.m., John Fawcett via dovecot wrote:
On 16/01/2026 15:09, Christophe Lohr via dovecot wrote:
Hello, Please excuse my naive question. I am trying to understand how "service auth" is supposed to work between Postfix and Dovecot. (https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)
Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener /var/spool/ postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener /var/spool/ postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd
Now, postrfix receive (by smtp) an email From: bob@my_domain.org To: alice@my_domain.org Postfix validate the domain according to its config (main.cf: virtual_mailbox_domains=my_domain.org) Then, it queries dovecot about these users via sasl: and that's where it fails!
Here are logs from postfix:
2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: CA20D880486: from=<bob@my_domain.org>, size=9988, nrcpt=1 (queue active) 2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: CA20D880486: to=<alice@my_domain.org>, relay=pc- serveur.my_domain.org[private/dovecot-lmtp], delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (host pc-serveur.tp- reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 <alice@my_domain.org> User doesn't exist: alice@my_domain.org (in reply to RCPT TO command)) That does not look like a sasl request. This is postfix lmtp delivery agent connecting to dovecot to deliver the message to dovecot, but dovecot rejecting the email due to user not found.
Here are logs from dovecot:
Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb (pid=25081,uid=118): Server accepted connection (fd=24) Jan 16 14:28:55 auth: Debug: master in: USER 1 bob@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 1 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY) Jan 16 14:28:55 lmtp(25081): Info: Connect from local Jan 16 14:28:55 auth: Debug: master in: USER 2 alice@my_domain.org protocol=lmtp Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 file=/etc/dovecot/passwd Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 2 Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out (state=READY)
So, what's wrong? It seems to me that Dovecot receives a SASL request for the user "bob@my_domain.org", but only does a lookup for "bob", without the domain. Isn't it? So, why? What can I do?
Best regards, Christophe
Have you configured users on dovecot and are you able to login to imap ok? Before integrating postfix and dovecot, is dovecot configured and working?
John
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hi,
this is a actual DokuWiki entry, made for myself, but maybe it could help.
https://dokuwiki.tachtler.net/doku.php?id=tachtler:dovecot_archlinux_-_sasl
Greetings Klaus.
--
e-Mail : klaus@tachtler.net Homepage: https://www.tachtler.net DokuWiki: https://dokuwiki.tachtler.net
participants (7)
-
Aki Tuomi
-
Christophe Lohr
-
Christophe Lohr
-
John Fawcett
-
Klaus Tachtler
-
Mike
-
Paul Kudla