"nologin" field set leads to internal failure

postminion at dicksinmyan.us postminion at dicksinmyan.us
Fri Aug 17 16:50:20 EEST 2018 

Hi,

I've tried to use the "nologin" extra password-db field as specified 
here:
https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin

Due to lack of exact documentation, I've tried to use `nologin`='y' for 
users that can't login, and setting `nologin`='n' for normal users.

Apparently setting it to NULL for normal users would have been correct, 
as I've found out. Maybe write that on the above website.

Anyway, login didn't work for a user with `nologin`='n' set. Trying to 
debug a normal user being unable to login, the log (mail.log) says:

dovecot: imap-login: Disconnected (internal failure, 4 successful 
auths): user=<test at example.com>, method=PLAIN, rip=<ip6>, lip=<ip6>, 
TLS, session=<session>

What I'm expecting it to say would be something like "user not allowed 
to login". I'm considering this a problem because of "Dovecot always 
logs a detailed error message if something goes wrong." as written here:
https://wiki2.dovecot.org/Logging

For the record, setting auth_debug=yes and mail_debug=yes gave the 
following line in the logs somewhere, from which I was able to figure 
out that NOLOGIN was the problem:

dovecot: auth: Debug: client passdb out: 
OK#011<id>#011user=test at example.com#011nologin

Thank you.



dovecot -n output:
--snip--
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-7-amd64 x86_64 Debian 9.5
auth_default_realm = example.com
base_dir = ...
listen = *,[v6]
login_greeting = ...
mail_home = .../%d/%n/
mail_location = maildir:~/mail/:INDEX=MEMORY
mail_plugins = trees
mail_temp_dir = ...
namespace inbox {
   inbox = yes
   location =
   prefix =
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
}
protocols = imap lmtp
recipient_delimiter = -+
service auth {
   unix_listener ... {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 0
   }
   service_count = 1
}
service lmtp {
   unix_listener ... {
     group = postfix
     mode = 0600
     user = postfix
   }
   user = vmail
}
ssl = required
ssl_cert = <...
ssl_cipher_list = ...
ssl_dh_parameters_length = 4096
ssl_key =  # hidden, use -P to show it
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
}
--snap--

More information about the dovecot mailing list