- dovecot - dovecot.org

[Dovecot] permission denied?
by Alex 29 Aug '04

29 Aug '04

I configured dovecot with Postfix with mysql Now I have directory /home/mail/virtual User/group postfix.postfix I added one domain, and one user. I login is successful but it gets interupted because of this. pop3(xx(a)private-projects.net): Aug 11 00:48:53 Error: lstat(/home/mail/virtual/private-projects.net/xx@private-projects.net/cur) failed: Permission denied pop3(xx(a)private-projects.net): Aug 11 00:48:53 Error: lstat(/home/mail/virtual/private-projects.net/xx@private-projects.net/cur) failed: Permission denied pop3(xx(a)private-projects.net): Aug 11 00:48:53 Warning: I/O leak: 0x8050cc0 (0) pop3(xx(a)private-projects.net): Aug 11 00:48:53 Warning: I/O leak: 0x8084e90 (1) [root@octalys dovecot]# ls -la /home/mail/virtual/private-projects.net/xx\(a)private-projects.net/cur/ total 8 drwxrw---- 2 postfix postfix 4096 Aug 2 21:47 . drwxrw---- 5 postfix postfix 4096 Aug 2 21:47 .. [root@octalys dovecot]# I added dovecot user to postfix group. I even tried chmod -R 777 * in virtual. It doesn't work. Whats the problem ?

3 5

[Dovecot] MySQL passdb, auth_verbose, and documentation
by tmetro+dovecot＠vl.com 28 Aug '04

28 Aug '04

I've been playing around with Dovecot for the past few months for testing (on a Debian 3.0 system), and initially it was easy to setup and worked well. Recently I upgraded to 0.99.10.9, and when I rebuilt it I enabled MySQL and SSL. The first problem I ran into was upon startup it complained that there was no certificate, which makes sense, except that I hadn't enabled imaps in the config file. It would make more sense not to require SSL support files if SSL isn't being used. But this is minor. I encountered more serious problems when I tried migrating from real user accounts to virtual accounts via MySQL. Has anyone written a howto on setting up Dovecot with MySQL? (Just pointing to dovecot-mysql.conf leaves out a lot.) If not, I'll volunteer to write something up. I set up dovecot-mysql.conf as I thought it should be, created a database, added a record with a digest-md5 password, and changed some dovecot.conf directives as follows: default_mail_env = maildir:/var/mail/%d/%n/ auth_mechanisms = digest-md5 auth_default_realm = example.com auth_userdb = static uid=5000 gid=5000 home=/var/mail/%d/%n/ auth_passdb = mysql /etc/dovecot-mysql.conf For the static auth_userdb I wasn't quite sure what to put after home= as I wasn't really defining a home directory location. I initially tried making it identical to default_mail_env, but later learned that it clearly didn't like the "maildir:" prefix. Some questions the documentation left unanswered: Is home= required if default_mail_env will suffice for virtual users? Can mail= be used instead, as implied by the database documentation? Practically speaking, is there any difference between the two in the case of virtual user accounts? I tried to access Dovecot from a mail client and repeatedly received a login failure. Unfortunately, this is typical of what I saw in the log file: Aug 8 03:53:50 lex dovecot: Dovecot starting up Aug 8 03:53:52 lex dovecot-auth: MySQL: connected to localhost Aug 8 03:55:13 lex imap-login: Disconnected: Inactivity [192.168.0.200] I enabled auth_verbose: auth_verbose = yes and checked my syslog.conf to make sure all priorities were being logged: mail.* /var/log/syslog/mail.log but still no additional verbosity. How should things look different when auth_verbose is enabled? Checking MySQL's log I could see that Dovecot was successfully connecting to the database server, but never executing any queries. I was going to next turn on logging of all IMAP traffic, but noticed the Wiki suggested trying a manual session, which I did: % telnet localhost imap * OK dovecot ready. 1 LOGIN tmetro(a)example.com password 1 NO Login failed: Unsupported authentication mechanism Isn't this the kind of thing that should appear in the log when auth_verbose is enabled? That seemed odd, as 'digest-md5' is mentioned right in dovecot.conf as a valid choice. In retrospect, I gather what the message above is trying to tell me is that Dovecot wasn't configured to accept a 'plain' authentication, which is apparently what I was using in my manual session. It would be nice if the error message could express that a bit better. I did have some suspicion that it might be the that plain text authentication was being prevented, as at that point I didn't know what auth_mechanisms applied to, but I looked at dovecot.conf and found disable_plaintext_auth = no, which seemed to imply that plain text at the IMAP protocol level should have been permitted. Might it be clearer if that attribute was incorporated into the auth_mechanisms settings or at least moved into the auth section? I switched it to 'plain-md5', as mentioned in auth.txt, and tried again. That resulted in: Aug 8 21:11:53 lex dovecot-auth: Unknown authentication mechanism 'plain-md5' Aug 8 21:11:53 lex dovecot: Auth process died too early - shutting down Aug 8 21:11:53 lex dovecot: child 10293 (auth) returned error 89 Aug 8 21:11:53 lex imap-login: fd_send(-1) failed: Broken pipe That got me wondering whether there were two different areas where authentication terms apply - one being the password exchange in the IMAP protocol, and the other being how the password is stored on the server - yet the discussion of the two seems to be mixed together in the documentation. I tried switching to: auth_mechanisms = plain and finally got something more expected: Aug 8 21:20:44 lex dovecot-auth: mysql(tmetro(a)example.com): Password mismatch I tried putting the password into the database unencrypted, but that didn't work (probably because of my default_pass_scheme setting?). Generating a PLAIN-MD5 per auth.txt finally worked. This leads to some questions: auth_mechanisms doesn't seem to be describing the way in which the password is stored, so what does it describe? In dovecot-mysql.conf I had: default_pass_scheme = DIGEST-MD5 and didn't change it. What purpose does it serve? Is it only to identify the encryption used when there isn't a {SCHEME} tag present? For DIGEST-MD5, which encrypts "user:realm:pass", does realm include the @? Does user include @realm? I assumed no in both cases, yet it didn't work. In other matters...during one of my login attempts I got: * OK dovecot ready. 1 LOGIN tmetro(a)example.com password 1 OK Logged in. Connection closed by foreign host. The abrupt disconnect after an apparently successful login seemed odd. The log file showed: Aug 8 21:23:47 lex dovecot: chdir(maildir:/var/mail/example.com/tmetro/) failed with uid 5000: Permission denied Aug 8 21:23:47 lex dovecot: child 10315 (imap) returned error 89 which is the problem I discussed above, but is it reasonable for Dovecot to disconnect the IMAP socket and not send an error message to the client? At the end of the dovecot-example.conf is: #auth = digest_md5 #auth_methods = digest-md5 #auth_realms = #auth_userdb = passwd-file /etc/passwd.imap #auth_passdb = passwd-file /etc/passwd.imap #auth_user = imapauth #auth_chroot = Is auth_methods an alias for auth_mechanisms? Aside from the insufficient detail in the log, most of the difficulty I encountered could be avoided with better documentation and comments in the config files. I'd be happy to submit clarified comments once I get some answers to the above questions and confirm my understanding of how things work. -Tom

10 22

[Dovecot] Authentication and Startup/Shutdown error.
by Andrew Lietzow 28 Aug '04

28 Aug '04

Hello and ... help! I am using Redhat FC2. I was looking for a simple POP3 compatible application package that would allow growth into secure mailboxes, and it looks like dovecot can fill the bill, and then some. I am a newbie. I scanned the Wiki but am as confused by it as I am by my problems. Fortunately for me, I don't need 7 different authentication schemes; I just need something simple that works with Thunderbird and Outlook Express. Is there a HOW-TO around that shows simple pop3 setup on Linux? #1) I had the pop3-login working for a bit, but now it has stopping starting up. When I attempt a <./dovecot stop>, I get a message that the stop has [FAILED]. I believe this is because it is leaving a lock in the /var/lock/subsys directory. I delete that file and try again, same problem. The system starts okay, but there are no longer any pop3-login processes being started up. <ps -elf | egrep pop3*> returns nothing but the grep process. #2) I need a simple method to access email. Nothing fancy as I only have a couple of users. Terrorists woud be wasting their time to monkey with my server. In the dovecot.conf file, here are a few of my settings. pop3_executable = /usr/libexec/dovecot/pop3 pop3_process_size = 256 auth = passwd auth_mechanisms = plain auth_realms = auth_default_realm = auth_userdb = passwd: /etc/passwd auth_passdb = passwd: /etc/passwd auth_executable = /usr/libexec/dovecot/dovecot-auth auth_process_size = 256 auth_user = root auth_count = 2 Any help would be greatly appreciated, of course. I'll keep scanning the web site while I am at your mercy. TIA, Andrew L. in Iowa _____________________________________________________________________ Get your own family web site at www.MyFamily.com!

4 3

[Dovecot] 1.0-test37
by Timo Sirainen 28 Aug '04

28 Aug '04

http://dovecot.org/test/ - Added mbox_dirty_syncs setting, defaulting to yes. This means that while mbox is opened and new mails come, it only reads the new mails instead of the whole mbox. Then there's several checks that make sure this is safe to do and if something doesn't look right it fallbacks to syncing the whole mbox again. - dovecot-auth was leaking memory (not same bug as with 0.99/ldap) - Some other fixes

1 0

[Dovecot] 1.0-test36
by Timo Sirainen 28 Aug '04

28 Aug '04

http://dovecot.org/test/ Fixes mostly. Seems to be working quite well with me nowadays with mboxes. If you see any crashes or other problems please report.

2 1

[Dovecot] ldap without bind
by Cedric Foll 28 Aug '04

28 Aug '04

Is it possible to connect to the ldap server without bind (ie anonymous access). How can I do that ? Regards.

2 1

Re: [Dovecot] Authentication and Startup/Shutdown error.
by Andrew Lietzow 28 Aug '04

28 Aug '04

Tim, Thanks for the reply. I did check the maillog quite a bit. Fortunately, I had kept an orig of the dovecot.conf file so I rolled back to the example I found on the dovecot.org website and now it's up and running. It's all smoke and mirrors to me, mostly, but at least it's working for now. I'll come back to this question of implementing TLS or SSL later, in my voluminous spare time. It appears to be a very powerful program and should carry me through to the next millenium... Ciao and Muchos Gracias, Andrew in Iowa, USA -----Original Message----- From: Tim Miller <tim(a)gem.win.co.nz> Sent: Friday, August 27, 2004 10:33 PM To: Andrew Lietzow <alietzow(a)myfamily.com> Cc: dovecot(a)dovecot.org Subject: Re: [Dovecot] Authentication and Startup/Shutdown error. On Fri, 27 Aug 2004, Andrew Lietzow wrote: > Hello and ... help! (snip of problem) When setting up Dovecot, I found that a lot of helpfull information was put into /var/log/maillog (or wherever syslogd sends mail logs on your system). Since you didn't post anything from that file, I'm not sure if you consulted it. Best, Tim M. _____________________________________________________________________ Get your own family web site at www.MyFamily.com!

1 0

[Dovecot] dovecot-1.0-test32-error
by jls＠tj.se.gov.br 28 Aug '04

28 Aug '04

I installed dovecot-1.0-test32 and I present the following error in some users: Error: IMAP(user): Buffer full (46) How to solve this problem?

2 1

[Dovecot] Just installed with Fedora 2
by Michael J. Pawlowsky 26 Aug '04

26 Aug '04

I just upgraded my RH9 installation to Fedora 2. To my surprise, imapd seems to be gone from the core. I noticed there are now two IMAP servers docevot and cyrus. After reading brief descriptions of both, dovecot would seem to be more compatible with my setup. Especially since I'm using mbox's. I have 2 questions. It seems like dovecot does not support mailboxes inside of a directories. Am I right in thinking this? Second I get the error message: The current command did not succeed. The mail server responded: Error in IMAP command MYRIGHTS: Unknown command. My client is Thunderbird. Any work around for this? Thanks, Mike

4 4

[Dovecot] 0.99.10.x auth memory leak?
by Christian Balzer 26 Aug '04

26 Aug '04

Hello, running 0.99.10.6 (but seen it before that, too). Also (quite obviously) running 5 auth processes, given the fact that this is a pretty busy box and I didn't want to introduce any artificial bottlenecks. Alas with them eating up half of the free memory (which would go to a much better use as FS cache) I'm getting sorta concerned. If it's not a leak, it's caching something rather needlessly and inefficiently (the LDAP DB memory footprint for ALL users is less than this and the box below just serves half of those). This box sees about 0.5 million POP3/IMAP logins/day. --- PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 31235 root 16 0 220m 216m 5560 S 0.0 10.7 25:01.54 dovecot-auth 31234 root 16 0 205m 202m 5560 S 0.0 10.0 24:08.84 dovecot-auth 31231 root 16 0 200m 196m 5560 S 0.7 9.7 23:25.37 dovecot-auth 31232 root 16 0 196m 192m 5560 S 0.0 9.5 23:10.44 dovecot-auth 31233 root 15 0 179m 175m 5560 S 0.3 8.6 22:13.07 dovecot-auth --- So, I guess my questions to Timo are: Think it's leaky and any idea where? Given the load, would a single auth process be a bad idea? (it is a quite fast dual opteron box) Regards, Christian Balzer -- Christian Balzer Network/Systems Engineer NOC chibi(a)gol.com Global OnLine Japan/Fusion Network Services http://www.gol.com/

3 5