[Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb

Simon greminn at gmail.com
Sun Mar 30 22:34:32 UTC 2014


On Thu, Mar 27, 2014 at 5:16 PM, Tom Hendrikx <tom at whyscream.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 26-03-14 12:01, Charles Marcus wrote:
> > On 3/25/2014 4:08 PM, Simon <greminn at gmail.com> wrote:
> >> On Wed, Mar 26, 2014 at 12:15 AM, Charles Marcus
> >> <CMarcus at media-brokers.com>wrote:
> >>> On 3/24/2014 7:10 PM, Simon <greminn at gmail.com> wrote:
> >>>> Mar 13 09:55:44 vmail1 dovecot: lda: Error: userdb lookup:
> >>>> connect(/usr/local/dovecot/var/run/dovecot/auth-userdb)
> >>>> failed: Connection refused
> >
> >>> So, your SQL userdb is refusing connections from dovecot...
> >>>
> >>> Fix this...
> >
> >> Thanks Charles, I have looked into this and tried to fix
> >> permissions but still have the same issue. I have tried changing
> >> the permissions on the auth-userdb to 0666 (see below) as well as
> >> setting the permissions of /usr/local/dovecot/var/run/dovecot/ to
> >> 777 just for testing.
> >
> > You misunderstood...
> >
> > I didn't say the filesystem permissions were wrong.
> >
> > Your SQL SERVER is refusing the connection.
> >
> > The user (vmail) you are using to connect to the SQL server doesn't
> > have permission to talk to it.
> >
> > This needs to be fixed IN THE SQL SERVER ACCESS PERMISSIONS for
> > the 'vmail' user.
> >
>
> Charles, auth-worker would have logged errors about sql access if that
> was an issue. lda doesn't do sql queries by itself, it sends the
> queries to the auth socket instead, and that fails.
>

I agree here.. Charles im my email i mentioned that i understood you were
talking about SQL permissions, i have tested this and the user can connect
and perform all SQL queries. This is what i did to test this:

[root at vmail1 ~]# su vmail
[vmail at vmail1 root]$ mysql -u DBUSER -pDBPASS -h DBHOST

mysql> use DBNAME;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT
CONCAT('/var/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1)))
AS home, 5000 AS uid, 5000 AS gid, CONCAT('*:storage=',quota) AS quota_rule
FROM mail_users WHERE email='test at testdomain.co.nz';
+--------------------------------+------+------+------------------+
| home                           | uid  | gid  | quota_rule       |
+--------------------------------+------+------+------------------+
| /var/vmail/testdomain.co.nz/test | 5000 | 5000 | *:storage=1000MB |
+--------------------------------+------+------+------------------+
1 row in set (0.02 sec)

mysql> SELECT email as user, password FROM mail_users WHERE email='
test at testdomain.co.nz';
+---------------------+----------+
| user                | password |
+---------------------+----------+
| test at testdomain.co.nz | THEPASSWORD |
+---------------------+----------+
1 row in set (0.00 sec)

mysql> exit


> The socket is not usable, as was already observed upthread by doing
> tests as root using socat. I'm still opting for
> selinux/apparmor/rsbac/etc issues here.
>

I have disabled selinux completely "SELINUX=disabled"
in /etc/selinux/config :)


> Simon, are you sure you're not missing any logging on that? I'm not
> really experienced in thoose systems, but everytime I run into issues
> with them , they sure fill my logs with all kinds of cryptic stuff ;)


I have checked with this and this is the only logging i can see on the
issue (out of all logs in /var/log/)

Mar 31 11:32:31 vmail1 dovecot: lda: Debug: Loading modules from directory:
/usr/local/dovecot/lib/dovecot
Mar 31 11:32:31 vmail1 dovecot: lda: Debug: Module loaded:
/usr/local/dovecot/lib/dovecot/lib10_quota_plugin.so
Mar 31 11:32:31 vmail1 dovecot: lda: Debug: Module loaded:
/usr/local/dovecot/lib/dovecot/lib90_sieve_plugin.so
Mar 31 11:32:32 vmail1 dovecot: lda: Error: userdb lookup:
connect(/usr/local/dovecot/var/run/dovecot/auth-userdb) failed: Connection
refused
Mar 31 11:32:32 vmail1 dovecot: lda: Fatal: Internal error occurred. Refer
to server log for more information.

Simon


More information about the dovecot mailing list