[Dovecot] unknown users

Averlon c38sgzkz at averlon.net
Tue Jan 8 19:06:37 EET 2013


Signatur Averlon info
In addition to my info before, here is my ldap file.

hosts = localhost

dn = cn=aadmin,dc=averlon,dc=loc

#dnpass =

sasl_bind = no

auth_bind = no

ldap_version = 3

base = ou=user,dc=averlon,dc=loc

scope = onelevel

user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,
=mail=/home/vmail/%n/Maildir/

user_filter = (&(objectClass=posixAccount)(uid=%u))

pass_attrs = uid=user,userPassword=password

pass_filter = (&(objectClass=posixAccount)(uid=%u))

default_pass_scheme = MD5-CRYPT

Regards
Karl-Heinz Fischbach


Am 08.01.2013 17:36, schrieb Averlon:
> Hi,
> I know that the ldap query does not return the result I expected.
>
> Question is why.
> Question is why does doevcot look at ldap with the recipients e-Mail
> address. What does dovecot look for?
> Yes, I know, it is a password request. But why look for a password for
> the recipients e-Mail address user?
>
> Since I have static userdb the mailbox to deliver to is defined.
> I agree, since the delivery mailbox has "%n" as part of the path, the
> "uid" must get looked up somewhere, probably via ldap. But how to
> configure this.
>
> +++
> # 2.0.19: /etc/dovecot/dovecot.conf
> # OS: Linux 3.2.0-35-generic x86_64 Ubuntu 12.04.1 LTS
> auth_debug = yes
> auth_mechanisms = plain login cram-md5
> auth_username_format = %Lu
> hostname = mail.av.loc
> mail_gid = vmail
> mail_location = maildir:~/Maildir
> mail_privileged_group = vmail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> protocols = imap pop3 sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0660
>     user = vmail
>   }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_cipher_list =
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> ssl_key = </etc/ssl/private/dovecot.pem
> syslog_facility = avdove
> userdb {
>   args = uid=vmail gid=vmail home=/home/vmail/%n
>   driver = static
> }
> protocol lda {
>   mail_plugins = " sieve"
>   sendmail_path = /usr/sbin/sendmail
> }
> +++
>
> I have switched off
> "smtpd_tls_loglevel = 2"
>
> Be ensured I have looked at the ldap page - but I am currently lost
> where to configure what.
> Signatur Averlon info
>
>  
>
> Mit freundlichen Grüßen / Kind Regards
>
> Karl-Heinz Fischbach
>
>
> Skype: khfischbach
> jabber: averlon at jabber.org
> Blog: averlon.posterous.com
>
> Signatur:
> Diese e-mail ist unter Umständen signiert. Die Signatur entspricht dem
> Deutschen Signaturgesetz und entsprechenden europäischen Regelungen.
> Important Note:
> This e-mail may contain trade secrets or privileged, undisclosed or
> otherwise confidential information. If you have received this e-mail in
> error, you are hereby notified that any review, copying or distribution
> of it is strictly prohibited. Please inform us immediately and destroy
> the original transmittal.
>
> Signatur Averlon info
>
>  
>
> Am 08.01.2013 01:11, schrieb /dev/rob0:
>> On Mon, Jan 07, 2013 at 08:00:37PM +0100, Averlon wrote:
>>> can anyone tell me where these "unknown users" come from.
>>> Jan 7 19:43:11 f42252se postfix/pipe[14632]: 9A86C30007C: 
>>> to=<redmine at averlon.loc>, relay=spamassassin, delay=2.2, 
>>> delays=0.05/0/0/2.1, dsn=2.0.0, status=sent (delivered via 
>>> spamassassin service)
>>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: 9A86C30007C: removed
>> The original message is successfully delivered to your content 
>> filter.
>>
>>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>>> USER#0111#011redmine at averlon.loc#011service=lda
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: 
>>> ldap(redmine at averlon.loc): pass search: 
>>> base=ou=user,dc=averlon,dc=loc scope=onelevel 
>>> filter=(&(objectClass=posixAccount)(uid=redmine at averlon.loc)) 
>>> fields=uid,userPassword
>> Here's one of your LDAP queries.
>>
>>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(redmine at averlon.loc):
>>> *unknown user*
>>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: BE0AC30007F:
>>> to=<redmine at averlon.loc>, relay=dovecot, delay=0.02, delays=0/0/0/0.01,
>>> dsn=5.1.1, status=bounced (user unknown)
>> The content filter reinjects via sendmail(1), and the pipe(8) to the 
>> Dovecot LDA fails. Your LDAP query is not returning what you expect, 
>> or you're not querying for the right thing.
>>
>>> Jan  7 19:43:11 f42252se postfix/cleanup[14631]: C279030007E:
>>> message-id=<20130107184311.C279030007E at mail.av.loc>
>>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: from=<>,
>>> size=3182, nrcpt=1 (queue active)
>>> Jan  7 19:43:11 f42252se postfix/bounce[14639]: BE0AC30007F: sender
>>> non-delivery notification: C279030007E
>>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: BE0AC30007F: removed
>>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>>> USER#0111#011avadmin at av.loc#011service=lda
>>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: ldap(avadmin at av.loc):
>>> pass search: base=ou=user,dc=averlon,dc=loc scope=onelevel
>>> filter=(&(objectClass=posixAccount)(uid=avadmin at av.loc))
>>> fields=uid,userPassword
>> There's another one of your queries, looking up the sender address 
>> for delivery of the bounce.
>>
>>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(avadmin at av.loc): *unknown user*
>>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: C279030007E:
>>> to=<avadmin at av.loc>, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
>>> dsn=5.1.1, status=bounced (user unknown)
>>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: removed
>> Same thing happens to the bounce. Being undeliverable, your mail is 
>> gone.
>>
>>> +++
>>> Tell me what you need as additional info.
>> Turn off verbose logging in Postfix, as Charles pointed out. I guess 
>> it's only the TLS logging that you have made verbose.
>>
>> Review the Dovecot wiki / wiki2 (you didn't say what version you are
>> using?) page on LDAP.
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3887 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130108/c37a9787/attachment-0001.bin>


More information about the dovecot mailing list