[Dovecot] Problem with lmtp proxy

Miguel Tormo mlists at edicom.eu
Thu Nov 24 18:11:11 EET 2011 

Hello everyone,

I have set up postfix to deliver mails to dovecot (2.0.16) using LMTP. On the other hand, I've successfully configured the IMAP proxy setting in dovecot in order to be able to distribute mailboxes among different servers. I wanted to do the same proxy at LMTP level, but it's not working. If I put lmtp_proxy = no, then everything works ok (assuming the mailbox is local), but when I set lmtp_proxy = yes then the user is not found when deliverying the message via LMTP, so the mail remains in the postfix queue.

Users are validated through active directory. However, this AD hasn't the SFU installed, thus its LDAP schema doesn't provide me with the required uid, gid, etc. To solve this, I have winbind configured in the system, so I'm doing this:
  - To validate users *and* be able to set the proxy extra fields, I use ldap as "passdb" (I believe it's not possible to use proxies with PAM). I'm using some LDAP field to store the host that has the user's mailbox.
  - In order to get the user account data that is not available in the AD, I use passwd as "userdb".

I know that when using LMTP with proxy, a passdb needs to be configured. I assume this is needed for the service to lookup for the appropriate host to send the message. So, initially I set ldap as the passdb for LMTP, but just because it didn't work I put both ldap and passwd, and even a userdb (passwd), but the problems remain the same. Anyway the ldap should be the right one as it is there where I have the host information for each user.

I think I'm missing something but I can't find what it is. To summarize: with lmtp_proxy = no it does work, with lmtp_proxy = yes it doesn't. Thank you for your help!

This is my current config:

************* dovecot -n **************
# 2.0.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.37-gentoo-edicom-1104 x86_64 Gentoo Base System release 1.12.14
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
base_dir = /var/run/dovecot/
listen = *
lmtp_proxy = yes
login_trusted_networks = 127.0.0.1
mail_debug = yes
mail_location = maildir:~/maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmaster at domain.com
protocols = imap pop3 sieve lmtp
quota_full_tempfail = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    group = root
    mode = 0600
    user = root
  }
}
service imap {
  vsz_limit = 512 M
}
service lmtp {
  inet_listener lmtp {
    address = 192.168.0.90
    port = 24
  }
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/ssl/dovecot/server.pem
ssl_key = </etc/ssl/dovecot/server.key
submission_host = 192.168.0.22
userdb {
  driver = passwd
}
verbose_proctitle = yes
protocol lmtp {
  passdb {
    args =
    driver = passwd
  }
  passdb {
    args = /etc/dovecot/dovecot-ldap.conf.ext
    driver = ldap
  }
  userdb {
    args =
    driver = passwd
  }
}
protocol lda {
  mail_plugins = sieve
}
protocol imap {
  imap_client_workarounds = delay-newmail
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}
****************************************************

************** cat dovecot-ldap.conf.ext **************
hosts = dcserver:389
dn = cn=binduser,cn=Users,dc=edicom,dc=es
dnpass = bindpassword
tls = no
debug_level = -1
auth_bind = yes
ldap_version = 3
base = CN=Users,DC=domain,DC=com
deref = never
scope = subtree
user_filter = (&(memberOf=CN=correo,OU=Alfresco,DC=edicom,DC=es)(sAMAccountName=%u))
pass_attrs = userPassword=password,=proxy_maybe=Y,physicalDeliveryOfficeName=host
pass_filter = (&(memberOf=CN=correo,OU=Alfresco,DC=edicom,DC=es)(sAMAccountName=%u))
****************************************************

The results I get in the log:
****************************************************
dovecot [2011-11-24 15:53:39] [warning] master: Warning: Killed with signal 15 (by pid=10437 uid=0 code=kill)
dovecot [2011-11-24 15:53:40] [info] master: Dovecot v2.0.16 starting up (core dumps disabled)
dovecot [2011-11-24 15:53:50] [debug] lmtp(10506): Debug: none: root=, index=, control=, inbox=, alt=
dovecot [2011-11-24 15:53:50] [info] lmtp(10506): Connect from local
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_bind
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_simple_bind
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_sasl_bind
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_send_initial_request
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_new_connection 1 1 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_int_open_connection
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_connect_to_host: TCP dcserver:389
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_new_socket: 17
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_prepare_socket: 17
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_connect_to_host: Trying 192.168.0.67:389
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_pvt_connect: fd: 17 tm: -1 async: 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_open_defconn: successful
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_send_server_request
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: master in: PASS      1       myuser at domain.com service=lmtp
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb doesn't support credential lookups
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb doesn't support credential lookups
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: password(myuser): passdb doesn't support credential lookups
dovecot [2011-11-24 15:53:50] [debug] auth: Debug: master out: FAIL     1
dovecot [2011-11-24 15:53:50] [err] lmtp(10506): Error: user myuser at domain.com: Auth PASS lookup failed
dovecot [2011-11-24 15:53:50] [debug] lmtp(10506): Debug: auth input:
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_result ld 0x16518d0 msgid -1
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg ld 0x16518d0 msgid -1 (timeout 0 usec)
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg continue ld 0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Connections:
dovecot [2011-11-24 15:53:50] [err] auth: Error: * host: domain.com  port: 389  (default)
dovecot [2011-11-24 15:53:50] [err] auth: Error:   refcnt: 2  status: Connected
dovecot [2011-11-24 15:53:50] [err] auth: Error:   last used: Thu Nov 24 15:53:50 2011
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Outstanding Requests:
dovecot [2011-11-24 15:53:50] [err] auth: Error:  * msgid 1,  origid 1, status InProgress
dovecot [2011-11-24 15:53:50] [err] auth: Error:    outstanding referrals 0, parent count 0
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 request count 1 (abandoned 0)
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Response Queue:
dovecot [2011-11-24 15:53:50] [err] auth: Error:    Empty
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 response count 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList ld 0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList returns ld 0x16518d0 NULL
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_int_select
dovecot [2011-11-24 15:53:50] [err] auth: Error: read1msg: ld 0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: read1msg: ld 0x16518d0 msgid 1 message type bind
dovecot [2011-11-24 15:53:50] [err] auth: Error: read1msg: ld 0x16518d0 0 new referrals
dovecot [2011-11-24 15:53:50] [err] auth: Error: read1msg:  mark request completed, ld 0x16518d0 msgid 1
dovecot [2011-11-24 15:53:50] [err] auth: Error: request done: ld 0x16518d0 msgid 1
dovecot [2011-11-24 15:53:50] [err] auth: Error: res_errno: 0, res_error: <>, res_matched: <>
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_free_request (origid 1, msgid 1)
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_parse_result
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_msgfree
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_result ld 0x16518d0 msgid -1
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg ld 0x16518d0 msgid -1 (timeout 0 usec)
dovecot [2011-11-24 15:53:50] [err] auth: Error: wait4msg continue ld 0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Connections:
dovecot [2011-11-24 15:53:50] [err] auth: Error: * host: domain.com  port: 389  (default)
dovecot [2011-11-24 15:53:50] [err] auth: Error:   refcnt: 1  status: Connected
dovecot [2011-11-24 15:53:50] [err] auth: Error:   last used: Thu Nov 24 15:53:50 2011
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error:
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Outstanding Requests:
dovecot [2011-11-24 15:53:50] [err] auth: Error:    Empty
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 request count 0 (abandoned 0)
dovecot [2011-11-24 15:53:50] [err] auth: Error: ** ld 0x16518d0 Response Queue:
dovecot [2011-11-24 15:53:50] [err] auth: Error:    Empty
dovecot [2011-11-24 15:53:50] [err] auth: Error:   ld 0x16518d0 response count 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList ld 0x16518d0 msgid -1 all 0
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_chkResponseList returns ld 0x16518d0 NULL
dovecot [2011-11-24 15:53:50] [err] auth: Error: ldap_int_select
dovecot [2011-11-24 15:53:50] [info] lmtp(10506): Disconnect from local: Client quit (in reset)
****************************************************

More information about the dovecot mailing list