Different passdb backends for different services

lists at mlserv.org lists at mlserv.org
Wed Sep 4 19:32:12 EEST 2019



> Am 04.09.2019 um 16:58 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>:
> 
> 
> 
>> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote:
>>> 
>>> passdb {
>>> args = /etc/dovecot/master-users
>>> driver = passwd-file
>>> master = yes
>>> pass = yes
>>> }
>>> passdb {
>>> args = /etc/dovecot/dovecot-ldap.conf.ext
>>> driver = ldap
>>> }
>>> 
> ...
> 
> 
>>> protocol sieve {
>>> passdb {
>>>   args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>>   driver = ldap
>>>   name =
>>> }
>>> }
>>> protocol pop3 {
>>> passdb {
>>>   args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>>   driver = ldap
>>>   name =
>>> }
>>> }
>>> protocol submission {
>>> login_greeting = ESMTP
>>> passdb {
>>>   args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
>>>   driver = ldap
>>>   name =
>>> }
>>> }
> 
> So the problem really is in order of things.
> 
> Your protocol specific passdbs are AFTER your global passdb. Global passdb {} returns return-ok on successful authentication and rest of the passdbs are never processed.

postconf sorts all keys alphabetically. But I tried your idea and placed the global passdb also into the protocol. postconf looks now like this and it still produces the same errors:

-------------------------------------------------------------------------
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 (7372921a)
# OS: Linux 4.19.44-gentoo x86_64 Gentoo Base System release 2.6
# Hostname: mx.roessner-net.de
auth_cache_size = 64 M
auth_master_user_separator = *
auth_mechanisms = plain login
auth_ssl_username_from_cert = yes
auth_verbose = yes
default_client_limit = 5000
default_process_limit = 500
default_vsz_limit = 512 M
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
hostname = mail.roessner-net.de
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
imap_max_line_length = 4 M
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lmtp_rcpt_check_quota = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_access_groups = vmail
mail_attachment_dir = /var/mail/virtual/copymail/attachments
mail_gid = vmail
mail_location = sdbox:~/sdbox
mail_max_keyword_length = 4096
mail_plugins = quota acl fts fts_lucene zlib mail_log notify
mail_privileged_group = mail
mail_save_crlf = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
mdbox_preallocate_space = yes
mdbox_rotate_size = 128 M
namespace {
  list = children
  location = sdbox:%%h/sdbox
  prefix = Shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace {
  hidden = yes
  list = children
  location = maildir:/var/mail/virtual/public:INDEXPVT=~/Maildir/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
    auto = subscribe
    special_use = \Archive
  }
  mailbox "Deleted Messages" {
    special_use = \Trash
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk-E-Mail {
    special_use = \Junk
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
plugin {
  acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300
  acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
  fts = lucene
  fts_autoindex = yes
  fts_lucene = whitespace_chars=@.
  imapsieve_mailbox1_before = file:/etc/dovecot/sieve/rspamd.d/report-spam.sieve
  imapsieve_mailbox1_causes = COPY FLAG
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/etc/dovecot/sieve/rspamd.d/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename
  mail_log_fields = box msgid
  quota = count:User quota
  quota_grace = 10%%
  quota_rule = *:storage=300M:messages=20000
  quota_rule2 = Trash:storage=+500M
  quota_rule3 = Sent:storage=+2G
  quota_rule4 = Archive:storage=+2G
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /etc/dovecot/sieve/after
  sieve_before = /etc/dovecot/sieve/before
  sieve_extensions = +vacation-seconds
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.debug
  sieve_pipe_bin_dir = /usr/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
  sieve_vacation_default_period = 10d
  sieve_vacation_max_period = 30d
  sieve_vacation_min_period = 1h
  zlib_save = gz
  zlib_save_level = 6
}
protocols = imap pop3 lmtp submission sieve
service auth-worker {
  extra_groups = ssl-cert
  unix_listener auth-worker {
    mode = 0600
    user = vmail
  }
  user = vmail
}
service auth {
  extra_groups = ssl-cert
  unix_listener /var/spool/postfix-submission/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = vmail
}
service config {
  unix_listener config {
    mode = 0600
    user = vmail
  }
}
service dict {
  unix_listener dict {
    mode = 0600
    user = vmail
  }
}
service doveadm {
  inet_listener http {
    port = 9080
    ssl = yes
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
  inet_listener imaps {
    port = 0
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/dovecot-masteruser.sh /usr/local/bin/dovecot-lastlogin.sh
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
  unix_listener /var/spool/postfix/private/lmtp-dovecot {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
}
service pop3-login {
  inet_listener pop3 {
    address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
  }
  inet_listener pop3s {
    port = 0
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 12340
  }
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  extra_groups = mail
  unix_listener quota-warning {
    group = vmail
    mode = 0600
    user = vmail
  }
  user = vmail
}
ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_client_key = # hidden, use -P to show it
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_client_workarounds = whitespace-before-path
submission_relay_host = mail.roessner-net.de
submission_relay_port = 5870
submission_relay_ssl = starttls
submission_relay_trusted = yes
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  result_failure = return-fail
  result_success = continue
}
userdb {
  args = file=/etc/dovecot/dovecot-auth-userdb.lua  blocking=yes
  driver = lua
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol lda {
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol imap {
  mail_max_userip_connections = 50
  mail_plugins = quota acl fts fts_lucene zlib mail_log notify imap_quota imap_acl imap_zlib imap_sieve
  passdb {
    args = /etc/dovecot/master-users
    driver = passwd-file
    master = yes
    name =
    pass = yes
  }
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol sieve {
  passdb {
    args = /etc/dovecot/master-users
    driver = passwd-file
    master = yes
    name =
    pass = yes
  }
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol pop3 {
  passdb {
    args = /etc/dovecot/master-users
    driver = passwd-file
    master = yes
    name =
    pass = yes
  }
  passdb {
    args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
    driver = ldap
    name =
  }
}
protocol submission {
  login_greeting = ESMTP
  passdb {
    args = /etc/dovecot/master-users
    driver = passwd-file
    master = yes
    name =
    pass = yes
  }
  passdb {
    args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
    driver = ldap
    name =
  }
}
-------------------------------------------------------------------------

So now all passdbs are inside protocol.

Errors:

-------------------------------------------------------------------------
Sep  4 18:25:19 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep  4 18:25:19 mx dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs
Sep  4 18:25:19 mx dovecot: submission-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0
 secs): user=<>, rip=134.255.226.247, lip=134.255.226.248
Sep  4 18:25:21 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep  4 18:25:21 mx dovecot: master: Error: service(auth): command startup failed, throttling for 4 secs
Sep  4 18:25:21 mx dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 1 secs)
: user=<>, rip=134.255.226.247, lip=134.255.226.248
Sep  4 18:25:24 mx dovecot: managesieve-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip
=134.255.226.247, lip=134.255.226.248
Sep  4 18:25:25 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep  4 18:25:25 mx dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
Sep  4 18:25:25 mx dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 3 secs)
: user=<>, rip=134.255.226.247, lip=134.255.226.248
-------------------------------------------------------------------------

So it looks to me something is missing for the "auth" service. Do you have any ideas?

Thanks again for your help

Kind regards

Christian


More information about the dovecot mailing list