[Dovecot] Sieve authentication / directory issue after upgrade to 1.0.13.

[Drew Calcott]

This has been resolved.  The rather helpful tss from #dovecot noticed that the username variable within the checkpassword script
was being rewritten and passed back without the domain.

Simple matter of changing the variable name that checkpassword was using.  :)



Drew Calcott wrote:
> Hi everyone,
> 
> I have come across a problem after upgrading from 1.0.rc17 to 1.0.13
> (debian builds 1.0.13 is from etch-backports).
> 
> I initially upgraded as 1.0.rc17 isn't compiled with regex support, so
> vacation messages that were uploaded via horde were being rejected.
> (Everything else was working fine, just messages that required regex
> functions were failing).
> 
> Horde is uploading the filters via pysieved, which is then in turn
> placing them in the directory of:
> 
> 
> ---------
> 
> 	/shared/spool/active/%d/%0.1u/%1.1u/%n/sieve/ingo
> 
> ---------
> 
> 
> At least, it was previously.  Since upgrading, dovecot has changed the
> way it passes authentication details to pysieved and the domain is no
> longer included in the username, so the domain cannot be parsed and
> pysieved fails as it is unable to strip a value for %d.  (as a quick
> aside, this isn't an issue with single domain servers as there is a
> "defaultdomain" option that will force the value for %d, however, since
> we have 9 domains to deal with, this isn't going to cut it).
> 
> Prior to upgrade, authentication was passed as thus (= are a new line in case the formatting dies)
> 
> 
> --------
> 
> ======= > 'AUTH\t1\tPLAIN\tservice=pysieved\tresp=YWNhbD* restofstring *
> ====== < OK\t1\tuser=acal030 at sit.auckland.ac.nz\tuser=acal030\t\n'
> ===== Finished SASL authentication : {'username':'acal030 at sit.auckland.ac.nz', 'result': 'OK'}
> ===== Plugin returned home :'/shared/spool/active/sit.auckland.ac.nz/a/c/acal030/'
> = Authenticated user acal030 at sit.auckland.ac.nz
> 
> --------
> 
> 
> Both user and user at domain were being passed and it was a matter of
> simple nagging of the pysieved guys to update their code to strip the
> required information.
> 
> However, the new version is passing auth like this:
> 
> 
> --------
> 
> ======= > 'AUTH\t1\tPLAIN\tservice=pysieved\tresp=YWNhbD* restofstring *
> ======= < 'OK\t1\tuser=acal030\n'
> ===== Finished SASL authentication : {'username': 'acal030', 'result': 'OK'}
> ===== Plugin returned home : '/shared/spool/active//a/c/acal030/'
> 
> -------
> 
> The only change to the dovecot config I have made is to add
> "allow_all_users=yes" to userdb static as the new version was a lot
> stricter about the passdb pam lookup not containing the user data (and
> failing completely as a result).
> 
> In the dovecot logs themselves, the following lines were from the earlier build:
> 
> 
> ------
> 
> Info: auth(default): client out: OK	1	user=acal030 at sit.auckland.ac.nz	user=acal030
> Info: auth(default): master in: REQUEST	243	23994	1
> Info: auth(default): master out: USER	243	acal030 at sit.auckland.ac.nz home=/blah, mail=/blah etc.
> 
> ------
> 
> 
> Compared to this from the new one:
> 
> 
> ------
> 
> Info: auth(default): auth(acal030 at sit.auckland.ac.nz,130.216.39.182): username changed acal030 at sit.auckland.ac.nz -> acal030
> Info: auth(default): client out: OK        1       user=acal030
> Info: auth(default): prefetch(acal030,130.216.39.182): success
> Info: auth(default): master out: USER      2       acal030 home=/blah, mail=/blah etc.
> 
> ------
> 
> 
> I am rather at the end of my tether with this, unfortunately.  :(  I have browsed through many wiki pages looking for a possible solution
> or config variable I may have missed, but I really am coming up dry.
> 
> Cleaned up dovecot.conf is at: http://pastebin.com/m7f4303af
> 
> Should anyone want strace logs or whatever, I'm more than happy to make with them.
> 
> Thanks in advance for any assistance.
> 
> 
> Regards,
> 
> 
> 
> ---
> Drew Calcott
> Science IT
> University of Auckland
> (p) +64 9 373 7599 x84269