director + lmtp + ldap user

Lazy lazy404 at gmail.com
Thu Dec 25 03:10:51 UTC 2014


Hi,

recently I have migrated our prevoius dovecot-lda to 2.2 with director + lmtp.

And we are having some issues.
When lmtp delivers to ldap uid names everything works except sieve
vacation (login is not found in headers so reply is not sent).

When using full email addresses in rcpt to vacation works but
usernames are inconsistent (one user can login using his email
address, or aliases,
or uid). To fix that in ldap settings a have added uid=user which
should be setting the username to approperate values.

Most of the times it works but some deliveries are using email
addresses not ldap uid's which seems to break dict quota's. It's must
be related to auth cache
(flushing the cache fixes the issue temporarly for given account). I
think that the cache can be "polluted" by some other dovecot service.

Does anyone have an idea where this can be comming from ?

doveadm auth lookup -f user mon at test.com
returns expected ldap uid no email address

Thanks in advance for any help.

Michal Grzedzicki

from dovecot-ldap.conf.ext from backends

user_attrs = uid=user, mailMessageStore=home,
mailQuotaSize=quota_rule=*:bytes=%$
user_filter = (&(&(!(accountStatus=deleted))(objectClass=qMailUser))(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))

pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=qMailUser)(|(mail=%u)(uid=%u)(mailAlternateAddress=%u)))

iterate_attrs = uid=user
iterate_filter = (&(&(objectClass=qmailUser)(!(accountStatus=deleted))))



director is doing the authorization and passing it to the backend
using a master user

protocol lmtp {
  passdb {
    args = proxy=y nopassword=y port=24
  }
}

backend doveconf -n

# 2.2.15: /etc/dovecot/dovecot.conf

# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7

auth_cache_negative_ttl = 5 mins

auth_cache_size = 10 M

auth_cache_ttl = 5 mins

auth_debug = yes

auth_master_user_separator = *

auth_mechanisms = plain login

auth_username_format = %u

auth_verbose = yes

base_dir = /var/run/dovecot/

deliver_log_format = msgid=%m f:%f s:%s %$

disable_plaintext_auth = no

first_valid_gid = 300

first_valid_uid = 300

import_environment = TZ

last_valid_gid = 300

last_valid_uid = 300

lda_mailbox_autocreate = yes

lda_mailbox_autosubscribe = yes

lda_original_recipient_header = Delivered-To

login_greeting = Imap ready.

mail_debug = yes

mail_gid = 300

mail_location = maildir:~/Maildir:INDEX=/var/dovecot_indexes%h

mail_plugins = quota expire notify mail_log

mail_uid = 300

maildir_very_dirty_syncs = yes

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

    special_use = \Drafts

  }

  mailbox Junk {

    special_use = \Junk

  }

  mailbox SPAM {

    special_use = \Junk

  }

  mailbox Sent {

    special_use = \Sent

  }

  mailbox "Sent Messages" {

    special_use = \Sent

  }

  mailbox Trash {

    special_use = \Trash

  }

  prefix =

}

passdb {

  args = /etc/dovecot/master-users

  driver = passwd-file

  master = yes

  pass = yes

}

passdb {

  args = /etc/dovecot/dovecot-ldap.conf.ext

  driver = ldap

}

plugin {

  expire = SPAM

  expire_dict = redis:host=127.0.0.1:prefix=expire/

  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename

  mail_log_fields = uid box msgid from subject size

  quota = dict:User quota::redis:host=127.0.0.1:prefix=user/

  quota_warning = storage=95%% quota-warning 95 %u

  quota_warning2 = storage=80%% quota-warning 80 %u

  sieve_global_dir = /etc/sieve_global

  sieve_max_redirects = 20

}

postmaster_address = postmaster at iq.pl

protocols = imap pop3 lmtp sieve

recipient_delimiter =

service auth {

  unix_listener auth-userdb {

    mode = 0777

  }

}

service dict {

  unix_listener dict {

    group = vmail

    user = vmail

  }

}

service doveadm {

  inet_listener {

    port = 2424

  }

}

service imap-login {

  process_min_avail = 8

  service_count = 0

}

service imap {

  process_limit = 14000

}

service lmtp {

  inet_listener lmtp {

    address = dovecot1

    port = 24

  }

  process_min_avail = 5

  user = vmail

}

service managesieve-login {

  inet_listener sieve {

    address = 0.0.0.0

    port = 4090

  }

  protocol = sieve

}

service pop3-login {

  process_min_avail = 8

  service_count = 0

}

service pop3 {

  process_limit = 10000

}

service quota-warning {

  executable = script /usr/local/bin/quota_warning.sh

  unix_listener quota-warning {

    user = vmail

  }

  user = vmail

}

ssl = no

syslog_facility = local2

userdb {

  args = /etc/dovecot/dovecot-ldap.conf.ext

  driver = ldap

}

verbose_proctitle = yes

protocol lmtp {

  auth_username_format = %u

  info_log_path = /var/log/dovecot-lmtp

  mail_plugins = quota expire notify mail_log sieve

  syslog_facility = local3

}

protocol lda {

  mail_plugins = quota expire notify mail_log sieve

  syslog_facility = local3

}

protocol imap {

  mail_max_userip_connections = 30

  mail_plugins = quota expire notify mail_log imap_quota

}


More information about the dovecot mailing list