Issue with exim and auth protocol [Solution found]

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 31 Jul 2014, Mildred Ki'Lya wrote:
> On 30/07/2014 23:32, Gedalya wrote:
>> Could it be related to something in your dovecot configuration (which
>> you didn't post)?
>> Despite the fact that an interesting conversation is developing in the
>> exim bug report, this setup does usually work, including on one of
>> your servers as you have indicated. On my end, I never had issues
>> between dovecot 2.1.7 and 2.2.13, using the exact same authenticator
>> config in exim.
>
>
> See at the end of the e-mail my dovecot configuration (my
> /etc/dovecot/local.conf). This configuration is included by the default
> dovecot configuration (as packaged by Debian, but I think there are not
> so many changes made by Debian).
>
> I agree that it could be related to my configuration, but I don't see
> how the changes I made could have altered how the auth server is working.
>
> I'm looking at the dovecot sources and found two different
> implementation for the auth protocol. One in auth-master-connection.c
> and one in auth-client-connection.c. One seems to send SPID and VERSION
> and wait for further commands before continuing. The other send the
> complete handshake.
>
> I think I'm connecting to a socket speaking the wrong protocol.
>
> exim is configured to use socket /var/run/dovecot/auth-userdb
> dovecot has the following configuration in 10-master.conf:
>
> service auth {
>  # ... some comments removed ...
>  unix_listener auth-userdb {
>    #mode = 0666
>    #user =
>    #group =
>  }
> }
>
>
>
> I think I completely misunderstood how dovecot sockets were configured ...
> If I set up exim to connect to auth-client instead of auth-userdb, it
> fixes the problem (I get a meaningful error message, probably because
> things are not configured properly elsewhere).
>
> What I don't understand is that the socket auth-client is nowhere to be
> found in the configuration. Where is it specified?
>
> Also, I don't understand because the production server I have currently
> running have the following configuration in 10-master.conf:
>
> service auth {
>  unix_listener auth-userdb {
>    mode = 0660
>    user = vmail
>    group = vmail
>  }
>
>  #SASL
>  unix_listener auth-client {
>    mode = 0660
>    user = vmail
>    group = vmail
>  }
> }
>
> And exim is configured to use auth-client socket, and everything works.
> I naively thought that I could remove auth-client and use auth+userdb
> instead when I was looking at this configuration.
>
> Could someone enlighten me how sockets are configured in dovecot?

Well, first of all auth-userdb and auth-client are completely different 
things.

exim must connect to auth-client and _not_ auth-userdb.

2nd: If the config does not enlist auth-client, look at the full config:

doveconf -a

There you see all effective settings. hence, I guess you need to replicate 
the setting from your running server into your local.conf in order to get 
exim access permissions.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU9obG3z1H7kL/d9rAQJ/owf9G8F1D4yaO6kGn+BB3gC+U0ZEwRmZp6DE
kKkoIWBk82SCPsmwc7LIcpAbh+zhEPx0A2Sk2Vw4qlXAd+xp8awGXjifeN5cyS7H
vDNRQ4BeeaH1rrqjpRugAp+Sk5i8dhlMI14/lWUFzz1JZyOzBwwdUbOaKeB7v54Q
BUBsjCVjOH1R4Qc/QKMPSrRdsrC5HQ3lE357z4O0DQsqK88+aQZvfbHZe64+IhE8
fE5QRJ0Jn7OvpWCyEfFFF1pCAZkaYdJlyD1gkmw/P8geZ5PPZ+ljRpsrrarh+/ka
cj4tS9BWOAr6kKfodHlYTal6n4wkDkg6w1MwPQ9brEdBJR3gSUCcfA==
=DeKm
-----END PGP SIGNATURE-----