Different passdb backends for different services

lists at mlserv.org lists at mlserv.org
Wed Sep 4 16:31:09 EEST 2019 


> Am 04.09.2019 um 08:24 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>:
> 
> 
> 
>> On 3 Sep 2019, at 19.08, R.N.S. via dovecot <dovecot at dovecot.org> wrote:
>> 
>> I tried this, but I have done something wrong probably.
>> 
>> I added this to 20-imap 20-pop 20-managesieve and 20-submission. Always in the protocol sections. I also disabled the passdb section from the auth-ldap.conf.ext in 10-auth and left over the userdb part.
>> 
>> Sep  3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server.
>> my pid=16106, input bytes=0
>> Sep  3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server.
>> my pid=16107, input bytes=0
>> 
>> Can somebody tell me which "things" need the userdb and which the passdb sections?
>> 
>> I am a little bit confused. Or do I have to add the above lines and is some inheritance working here?
>> 
>> Thanks in advance
>> 
>> Christian
> 
> I always use one flat dovecot.conf file. It is just so much more simpler and that way you can more easily ensure loading order of all settings.
> 
> Maybe you should too gather all settings you want to change to one config file and stop loading those in conf.d.
> 
> Also you can post your doveconf -n somewhere so that we can see what goes wrong.

I have created a doveconf -n output.

-------------------------------------------------------------------------------
auth_cache_size = 64 M
auth_master_user_separator = *
auth_mechanisms = plain login
auth_ssl_username_from_cert = yes
auth_verbose = yes
default_client_limit = 5000
default_process_limit = 500
default_vsz_limit = 512 M
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
hostname = mail.roessner-net.de
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
imap_max_line_length = 4 M
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lmtp_rcpt_check_quota = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_access_groups = vmail
mail_attachment_dir = /var/mail/virtual/copymail/attachments
mail_gid = vmail
mail_location = sdbox:~/sdbox
mail_max_keyword_length = 4096
mail_plugins = quota acl fts fts_lucene zlib mail_log notify
mail_privileged_group = mail
mail_save_crlf = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
mdbox_preallocate_space = yes
mdbox_rotate_size = 128 M
namespace {
  list = children
  location = sdbox:%%h/sdbox
  prefix = Shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace {
  hidden = yes
  list = children
  location = maildir:/var/mail/virtual/public:INDEXPVT=~/Maildir/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
    auto = subscribe
    special_use = \Archive
  }
  mailbox "Deleted Messages" {
    special_use = \Trash
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk-E-Mail {
    special_use = \Junk
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300
  acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
  fts = lucene
  fts_autoindex = yes
  fts_lucene = whitespace_chars=@.
  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/rspamd.d/report-spam.sieve
  imapsieve_mailbox1_causes = COPY FLAG
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/rspamd.d/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename
  mail_log_fields = box msgid
  quota = count:User quota
  quota_grace = 10%%
  quota_rule = *:storage=300M:messages=20000
  quota_rule2 = Trash:storage=+500M
  quota_rule3 = Sent:storage=+2G
  quota_rule4 = Archive:storage=+2G
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /etc/dovecot/sieve/after
  sieve_before = /etc/dovecot/sieve/before
  sieve_extensions = +vacation-seconds
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.debug
  sieve_pipe_bin_dir = /usr/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_vacation_default_period = 10d
  sieve_vacation_max_period = 30d
  sieve_vacation_min_period = 1h
  zlib_save = gz
  zlib_save_level = 6
}
protocols = imap pop3 lmtp submission sieve
service auth-worker {
  extra_groups = ssl-cert
  unix_listener auth-worker {
    mode = 0600
    user = vmail
  }
  user = vmail
}
service auth {
  extra_groups = ssl-cert
  unix_listener /var/spool/postfix-submission/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = vmail
}
service config {
  unix_listener config {
    mode = 0600
    user = vmail
  }
}
service dict {
  unix_listener dict {
    mode = 0600
    user = vmail
  }
}
service doveadm {
  inet_listener http {
    port = 9080
    ssl = yes
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
  inet_listener imaps {
    port = 0
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/dovecot-masteruser.sh /usr/local/bin/dovecot-lastlogin.sh
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
  unix_listener /var/spool/postfix/private/lmtp-dovecot {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
}
service pop3-login {
  inet_listener pop3 {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
  inet_listener pop3s {
    port = 0
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 12340
  }
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  extra_groups = mail
  unix_listener quota-warning {
    group = vmail
    mode = 0600
    user = vmail
  }
  user = vmail
}
ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_client_key = # hidden, use -P to show it
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_client_workarounds = whitespace-before-path
submission_relay_host = mail.roessner-net.de
submission_relay_port = 5870
submission_relay_ssl = starttls
submission_relay_trusted = yes
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  result_failure = return-fail
  result_success = continue
}
userdb {
  args = file=/etc/dovecot/dovecot-auth-userdb.lua  blocking=yes
  driver = lua
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol lda {
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol imap {
  mail_max_userip_connections = 50
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify imap_quota imap_acl imap_zlib imap_sieve
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol sieve {
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol pop3 {
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol submission {
  login_greeting = ESMTP
  passdb {
    args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
    driver = ldap
    name =
  }
}
-------------------------------------------------------------------------------

If I remove the outer userdb settings (not the ones inside the protocol), the auth-worker startes struggling:

-------------------------------------------------------------------------------
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  result_failure = return-fail
  result_success = continue
}
-------------------------------------------------------------------------------


Removing this part.

Am I missing some place, where the userdb is also needed?

Thanks in advance -)

Christian

More information about the dovecot mailing list