[Dovecot] wrong authentication for local delivery

Averlon c38sgzkz at averlon.net
Sun Jan 6 18:40:20 EET 2013 

Hi all there,
I have a postfix/dovecot environment running with ldap authentication.

I am able to deliver e-Mails to the internet and also receive them via
fetchmail.

I have a pure local domain (av.loc). Just for internal purpuse.

For all mails where destination is a local mailbox, as for all of the
local domain, delivery does not work.

Here I can show some logs of such a process:

+++
Here the process starts (I have sent an e-Mail to myself).
Jan  6 17:31:06 f42252se dovecot: auth: Debug: auth client connected
(pid=13250)
Jan  6 17:31:06 f42252se dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=192.168.110.150#011rip=192.168.110.165#011secured#011resp=<hidden>
Jan  6 17:31:06 f42252se dovecot: auth: Debug:
ldap(avadmin,192.168.110.165): pass search:
base=ou=user,dc=averlon,dc=loc scope=onelevel
filter=(&(objectClass=posixAccount)(uid=avadmin)) fields=mail,userPassword
*Jan  6 17:31:06 f42252se dovecot: auth: Debug:
auth(avadmin,192.168.110.165): username changed avadmin -> avadmin at av.loc*
Jan  6 17:31:06 f42252se dovecot: auth: Debug:
ldap(avadmin at av.loc,192.168.110.165): result:
userPassword(password)=<hidden> mail(user)=avadmin at av.loc
Jan  6 17:31:06 f42252se dovecot: auth: Debug: client out:
OK#0111#011user=avadmin at av.loc#011mail=/home/vmail/avadmin/Maildir/
Jan  6 17:31:06 f42252se postfix/smtpd[13250]: 69FDB30007C:
client=f42252ud.averlon.loc[192.168.110.165], sasl_method=PLAIN,
sasl_username=avadmin at av.loc
Jan  6 17:31:06 f42252se postfix/cleanup[13251]: 69FDB30007C:
message-id=<50E9A6C8.1090805 at av.loc>
Jan  6 17:31:06 f42252se postfix/qmgr[11960]: 69FDB30007C:
from=<avadmin at av.loc>, size=1224, nrcpt=1 (queue active)
Jan  6 17:31:06 f42252se postfix/smtpd[13250]: disconnect from
f42252ud.averlon.loc[192.168.110.165]
Jan  6 17:31:09 f42252se postfix/pickup[11959]: 19A2E30007F: uid=5002
from=<avadmin at av.loc>
Jan  6 17:31:09 f42252se postfix/cleanup[13251]: 19A2E30007F:
message-id=<50E9A6C8.1090805 at av.loc>
Jan  6 17:31:09 f42252se postfix/qmgr[11960]: 19A2E30007F:
from=<avadmin at av.loc>, size=1531, nrcpt=1 (queue active)
Jan  6 17:31:09 f42252se postfix/pipe[13252]: 69FDB30007C:
to=<avadmin at av.loc>, relay=spamassassin, delay=2.7, delays=0.01/0/0/2.7,
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan  6 17:31:09 f42252se postfix/qmgr[11960]: 69FDB30007C: removed
Jan  6 17:31:09 f42252se dovecot: auth: Debug: master in:
USER#0111#011avadmin at av.loc#011service=lda
*Jan  6 17:31:09 f42252se dovecot: auth: Debug: ldap(avadmin at av.loc):
pass search: base=ou=user,dc=averlon,dc=loc scope=onelevel
filter=(&(objectClass=posixAccount)(uid=avadmin at av.loc))
fields=mail,userPassword*
Jan  6 17:31:09 f42252se dovecot: auth: ldap(avadmin at av.loc): unknown user
Jan  6 17:31:09 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111

+++

I have configured my thunderbird to have a username to authenticate
against ldap.

In the first steps above the authentication of the sender works.

But then, when delivering to the receiver, dovecot uses the e-Mail
address of the receiver to check the password.

I do not know why dovecot chechs the password of the receiver before
delivery.

I do neither know where to switch that off or set some changes in the
configuration to avoid that process. Probably it is correct?
But anyhow, the setup ldap-procedure just checks the username and no
e-Mail address.

Dovecot konfig:

+++
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-35-generic x86_64 Ubuntu 12.04.1 LTS
auth_debug = yes
auth_mechanisms = plain login cram-md5
auth_username_format = %Lu
auth_verbose = yes
hostname = mail.av.loc
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = </etc/ssl/private/dovecot.pem
syslog_facility = avdove
userdb {
  args = uid=vmail gid=vmail home=/home/vmail/%n
  driver = static
}
protocol lda {
  sendmail_path = /usr/sbin/sendmail
}

+++

As always, I would appreciate some hints.
Thanks in advance.



-- 
Signatur Averlon info

 

Mit freundlichen Grüßen / Kind Regards

Karl-Heinz Fischbach

Skype: khfischbach
jabber: averlon at jabber.org
Blog: averlon.posterous.com

Signatur:
Diese e-mail ist unter Umständen signiert. Die Signatur entspricht dem
Deutschen Signaturgesetz und entsprechenden europäischen Regelungen.
Important Note:
This e-mail may contain trade secrets or privileged, undisclosed or
otherwise confidential information. If you have received this e-mail in
error, you are hereby notified that any review, copying or distribution
of it is strictly prohibited. Please inform us immediately and destroy
the original transmittal.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3887 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130106/ffded93d/attachment-0002.bin>

More information about the dovecot mailing list