a temporary failure
lejeczek
peljasz at yahoo.co.uk
Tue Jun 23 11:19:57 UTC 2015
On 23/06/15 09:32, Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 22 Jun 2015, lejeczek wrote:
>> On 22/06/15 09:43, Steffen Kaiser wrote:
>>> On Mon, 22 Jun 2015, lejeczek wrote:
>>>> On 22/06/15 09:16, lejeczek wrote:
>>>>>
>>>>> to=<me at my.domain>,orig_to=<root at localhost>,
>>>>> relay=dovecot, delay=39296, delays=39294/2.2/0/0.27,
>>>>> dsn=4.3.0, status=deferred (temporary failure)
>>>>>
>>>>> and dovecot logs no error, despite having debug to yes
>>>>> in couple of places,
>>>>> it shows:
>>>>>
>>>>> auth: Debug: master in: USER 1 me at my.domain
>>>>> service=lda
>>>>> auth-worker(25343): Debug: passwd(me at my.domain): lookup
>>>>> auth-worker(25343): passwd(me at my.domain): unknown user
>>>>> auth: Debug: ldap(me at my.domain): user search:
>>>>> base=ou=People,dc=my,dc=domain scope=subtree
>>>>> filter=(&(objectClass=person)(uid=me)) fields=
>>>>> auth: Debug: ldap(me at my.domain): result:
>>>>> objectClass=top,top,top,top,
>>>>>
>>>>> ... here goes the whole lot of ldap atrribs, and at
>>>>> the end:
>>>>>
>>>>> unused.
>>>>>
>>>>> For passdb & userdb in the configs I only configure
>>>>> ldap backed, nothing else. Ldap works, I can query it
>>>>> without failling.
>>>>> I believe it's very simple set up but I must be wrong
>>>>> somewhere.
>>>>>
>>>>> pass_filter = (&(objectClass=posixAccount)(uid=%n))
>>>>> pass_attrs = uid=user=%n,userPassword=password
>>>
>>> Use either uid=user oder =user=%n but not uid=user=%n. I
>>> would use uid=user, so the user cannot specify the case
>>> of the username.
>>>
>>>>> user_attrs =
>>>>> =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
>>>>> user_filter = (&(objectClass=person)(uid=%n))
>>>>>
>>>> even stranger, if I use(along with ldap in configs):
>>>
>>> Please post:
>>>
>>> complete doveconf -n
>>> and the complete LDAP config being referenced by the
>>> config.
>>>
>>>> userdb {
>>>> driver = static
>>>> args = uid=vmail gid=mail home=/var/spool/mail/%d/%n
>>>> mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
>>>> sieve_storage=/var/spool/mail/%d/%n/SIEVE
>>>> sieve=/var/spool/mail/%d/%n/dovecot.sieve
>>>> }
>>>>
>>>> dovecot start to core dump:
>>>>
>>>> auth: Fatal: master: service(auth): child 9188 killed
>>>> with signal 11 (core dumped)
>>
>> auth_debug = yes
>
> The first lines should be something like this:
>
> # 2.2.18 (8906101589f9):
> /usr/local/dovecot-2.2.18/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.8 (3df7e50f986d)
> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10
>
> What version are you using?
>
>> auth_mechanisms = login
>> auth_verbose = yes
>> first_valid_uid = 999
>> mail_debug = yes
>> mail_location = maildir:/var/spool/mail/my.domain/%u/Maildir
>> mail_uid = vmail
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress
>> comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox
>> date ihave
>> mbox_write_locks = fcntl
>> namespace inbox {
>> inbox = yes
>> location =
>> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix =
>> }
>> passdb {
>> driver = pam
>> }
>
> Did you've removed or commented the line :
>
> 10-auth.conf:#!include auth-system.conf.ext
>
> ?
>
>> passdb {
>> args = /etc/dovecot/ldap-passdb-my.domain.conf
>> driver = ldap
>> }
>> plugin {
>> sieve = ~/.dovecot.sieve
>> sieve_dir = ~/sieve
>> sieve_storage = SIEVE
>> }
>> protocols = imap sieve
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = mail
>> mode = 0660
>> user = vmail
>> }
>> unix_listener auth-userdb {
>> group = mail
>> mode = 0660
>> user = vmail
>> }
>> }
>> service imap-login {
>> inet_listener imap {
>> port = 143
>> }
>> inet_listener imaps {
>> port = 993
>> }
>> }
>> ssl = required
>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
>> ssl_key = </etc/pki/dovecot/private/dovecot.pem
>> userdb {
>> driver = passwd
>> }
>> userdb {
>> args = /etc/dovecot/ldap-userdb-my.domain.conf
>> driver = ldap
>> }
>> protocol lmtp {
>> mail_plugins = " sieve"
>> }
>> protocol lda {
>> mail_plugins = " sieve"
>> }
>>
>> #ldap-passdb
>> hosts = localhost
>> uris = ldap://localhost:389/
>> ldap_version = 3
>> base = ou=People,dc=my,dc=domain
>> dn = cn=Manager,dc=my,dc=domain
>> dnpass = my.pass
>> auth_bind = no
>> pass_attrs = uid=%n,userPassword=password
>
> uid=%n makes no sense. Please use just:
>
> pass_attrs = userPassword=password
>
>> pass_filter = (&(objectClass=posixAccount)(uid=%n))
>>
>>
>> #ldap-userdb
>> hosts = localhost
>> uris = ldap://localhost:389/
>> ldap_version = 3
>> base = ou=People,dc=my,dc=domain
>> dn = cn=Manager,dc=my,dc=domain
>> dnpass = my.pass
>> auth_bind = no
>> user_attrs =
>> =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
>> user_filter = (&(objectClass=person)(uid=%n))
>> default_pass_scheme = SSHA
>>
>> It cannot be postfix if it relays and dovecots gets these
>> relays. Can it be?
>
> I have tried your config with above mentioned version,
> with LDAP as only passdb and userdb and these LDAP-settings:
>
> hosts = localhost
> auth_bind = yes
> base = <baseDN>
> deref = searching
> user_attrs =
> =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
> user_filter = (&(objectClass=fhMailAlias)(uid=%n))
> pass_attrs = userPassword=password
> pass_filter =
> (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls)))
> iterate_filter = (objectClass=fhMailAlias)
>
> Note the pass_attrs. Then I submitted a new message with:
>
> socat stdin UNIX:/var/run/dovecot2.2/lmtp
> LHLO loc
> mail from:<me at example.com>
> rcpt to:<other at example.com>
> data
> Subject: 1
>
> 1
> .
>
> successfully. Maildir was created and message spooled to
> /var/spool/mail/example.com/other/Maildir. Then I logged
> in via IMAP successfully as well.
>
> I also tried the other order: reload Dovecot to flush any
> caches, log in via IMAP and submit via LMTP.
>
> You should however note the following:
>
> Both filters treat users "me at example.com" and
> "me at localhost.localdomain" as the same user, because they
> match the same LDAP item (uid=%n), however the directories
> of the users _should_ differ, but they won't as long as
> the user's information is cached in the auth cache.
>
> That means:
>
> doveadm auch cache flush
> doveadm user me at example.net
> doveadm user me at example.com
>
> returns the date for me at example.net in both cases and
>
> doveadm auch cache flush
> doveadm user me at example.com
> doveadm user me at example.net
>
> returns the data for me at example.com in both cases.
it's weird I know, I do:
# doveadm auth test -x service=smtp -x rip=172.25.12.214
me at my.domain
Password:
passdb: me at my.domain auth succeeded
extra fields:
user=me at my.domain
and in the logs:
auth-worker(32531): Debug: pam(me at my.domain,172.25.12.214):
lookup service=dovecot
auth-worker(32531): Debug: pam(me at my.domain,172.25.12.214):
#1/1 style=1 msg=Password:
pam_unix(dovecot:auth): check pass; user unknown
pam_unix(dovecot:auth): authentication failure; logname=
uid=0 euid=0 tty=dovecot ruser=me at my.domain rhost=172.25.12.214
auth-worker(32531): pam(me at my.domain,172.25.12.214): unknown
user
auth: Debug: ldap(me at my.domain,172.25.12.214): pass search:
base=ou=spotdepression.org,ou=mail,dc=virtual,dc=hosting
scope=subtree
filter=(&(objectclass=person)(|(uid=info)(mail=me at my.domain)))
fields=uid,userPassword
auth: Debug: ldap(me at my.domain,172.25.12.214): result:
uid=info userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(me at my.domain,172.25.12.214): result:
uid=info userPassword=<hidden>
auth: Debug: client passdb out: OK 1 user=me at my.domain
so it seems fine, right?
only I do simple test on that dovecot locally
echo repli_test | mail -s "repl test" my at my.domain
to get:
auth-worker(365): Debug: passwd(me at my.domain): lookup
auth-worker(365): passwd(me at my.domain): unknown user
auth: Debug: password(me at my.domain): passdb doesn't support
credential lookups
auth: Debug: ldap(me at my.domain): pass search:
base=ou=spotdepression.org,ou=mail,dc=virtual,dc=hosting
scope=subtree
filter=(&(objectclass=person)(|(uid=info)(mail=me at my.domain)))
fields=uid,userPassword
auth: Debug: ldap(me at my.domain): result: uid=info
userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(me at my.domain): result: uid=info
userPassword=<hidden>
auth: Fatal: master: service(auth): child 364 killed with
signal 11 (core dumped)
the same error with:
doveadm user me at my.domain
so it's must be userdb, right?
maybe it's postfix twisting something?
>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBVYkZtnz1H7kL/d9rAQIZEQf6AsT93VQg1bvF+kla4q9m/0cFlZpAEzDl
>
> t4V1XwiYUENBCCvXuxKpY1QvKCKVwryS+GUbPh0eP0t+Rjl6bOT1wP4qwkOlRIkN
>
> V6kmx6sBabdObTUgI1kl07ss2vt0MVzjFh5WDRPz6Z/UzKRIGkuphzksVle14GDG
>
> UefgtdOYhR+Mfn0nRil2FOSFbWnMgR/9rkKEBr7Ou4vxgU7BF1nfOUA/bmc/tEF+
>
> oMuNkq8xdsKmuN5AhbIghUr3o4DARW0KnLCo4uUJTx7BRreO651Cw4K3fwKlRyAu
>
> Pvt4NqxAkJ2Iyu0lFc60xkN0RX+vndfqGOwfIwRYhiBIbX03Cvesaw==
> =Hn9X
> -----END PGP SIGNATURE-----
>
More information about the dovecot
mailing list