Different passdb backends for different services
lists at mlserv.org
lists at mlserv.org
Wed Sep 4 19:32:12 EEST 2019
> Am 04.09.2019 um 16:58 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>:
>
>
>
>> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote:
>>>
>>> passdb {
>>> args = /etc/dovecot/master-users
>>> driver = passwd-file
>>> master = yes
>>> pass = yes
>>> }
>>> passdb {
>>> args = /etc/dovecot/dovecot-ldap.conf.ext
>>> driver = ldap
>>> }
>>>
> ...
>
>
>>> protocol sieve {
>>> passdb {
>>> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>> driver = ldap
>>> name =
>>> }
>>> }
>>> protocol pop3 {
>>> passdb {
>>> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>> driver = ldap
>>> name =
>>> }
>>> }
>>> protocol submission {
>>> login_greeting = ESMTP
>>> passdb {
>>> args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
>>> driver = ldap
>>> name =
>>> }
>>> }
>
> So the problem really is in order of things.
>
> Your protocol specific passdbs are AFTER your global passdb. Global passdb {} returns return-ok on successful authentication and rest of the passdbs are never processed.
postconf sorts all keys alphabetically. But I tried your idea and placed the global passdb also into the protocol. postconf looks now like this and it still produces the same errors:
-------------------------------------------------------------------------
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 (7372921a)
# OS: Linux 4.19.44-gentoo x86_64 Gentoo Base System release 2.6
# Hostname: mx.roessner-net.de
auth_cache_size = 64 M
auth_master_user_separator = *
auth_mechanisms = plain login
auth_ssl_username_from_cert = yes
auth_verbose = yes
default_client_limit = 5000
default_process_limit = 500
default_vsz_limit = 512 M
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
hostname = mail.roessner-net.de
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
imap_max_line_length = 4 M
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lmtp_rcpt_check_quota = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_access_groups = vmail
mail_attachment_dir = /var/mail/virtual/copymail/attachments
mail_gid = vmail
mail_location = sdbox:~/sdbox
mail_max_keyword_length = 4096
mail_plugins = quota acl fts fts_lucene zlib mail_log notify
mail_privileged_group = mail
mail_save_crlf = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
mdbox_preallocate_space = yes
mdbox_rotate_size = 128 M
namespace {
list = children
location = sdbox:%%h/sdbox
prefix = Shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
hidden = yes
list = children
location = maildir:/var/mail/virtual/public:INDEXPVT=~/Maildir/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk-E-Mail {
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
plugin {
acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300
acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/rspamd.d/report-spam.sieve
imapsieve_mailbox1_causes = COPY FLAG
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/rspamd.d/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename
mail_log_fields = box msgid
quota = count:User quota
quota_grace = 10%%
quota_rule = *:storage=300M:messages=20000
quota_rule2 = Trash:storage=+500M
quota_rule3 = Sent:storage=+2G
quota_rule4 = Archive:storage=+2G
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_vsizes = yes
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve/after
sieve_before = /etc/dovecot/sieve/before
sieve_extensions = +vacation-seconds
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.debug
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_vacation_default_period = 10d
sieve_vacation_max_period = 30d
sieve_vacation_min_period = 1h
zlib_save = gz
zlib_save_level = 6
}
protocols = imap pop3 lmtp submission sieve
service auth-worker {
extra_groups = ssl-cert
unix_listener auth-worker {
mode = 0600
user = vmail
}
user = vmail
}
service auth {
extra_groups = ssl-cert
unix_listener /var/spool/postfix-submission/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = vmail
}
service config {
unix_listener config {
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service doveadm {
inet_listener http {
port = 9080
ssl = yes
}
}
service imap-login {
inet_listener imap {
address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
}
inet_listener imaps {
port = 0
}
}
service imap-postlogin {
executable = script-login /usr/local/bin/dovecot-masteruser.sh /usr/local/bin/dovecot-lastlogin.sh
user = vmail
}
service imap {
executable = imap imap-postlogin
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port = 24
}
unix_listener /var/spool/postfix/private/lmtp-dovecot {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
}
}
service pop3-login {
inet_listener pop3 {
address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
}
inet_listener pop3s {
port = 0
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
address = 127.0.0.1
port = 12340
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
extra_groups = mail
unix_listener quota-warning {
group = vmail
mode = 0600
user = vmail
}
user = vmail
}
ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_client_key = # hidden, use -P to show it
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_client_workarounds = whitespace-before-path
submission_relay_host = mail.roessner-net.de
submission_relay_port = 5870
submission_relay_ssl = starttls
submission_relay_trusted = yes
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
result_failure = return-fail
result_success = continue
}
userdb {
args = file=/etc/dovecot/dovecot-auth-userdb.lua blocking=yes
driver = lua
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol lda {
mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = quota acl fts fts_lucene zlib mail_log notify imap_quota imap_acl imap_zlib imap_sieve
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
name =
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
driver = ldap
name =
}
}
protocol sieve {
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
name =
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
driver = ldap
name =
}
}
protocol pop3 {
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
name =
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
driver = ldap
name =
}
}
protocol submission {
login_greeting = ESMTP
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
name =
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
driver = ldap
name =
}
}
-------------------------------------------------------------------------
So now all passdbs are inside protocol.
Errors:
-------------------------------------------------------------------------
Sep 4 18:25:19 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep 4 18:25:19 mx dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs
Sep 4 18:25:19 mx dovecot: submission-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0
secs): user=<>, rip=134.255.226.247, lip=134.255.226.248
Sep 4 18:25:21 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep 4 18:25:21 mx dovecot: master: Error: service(auth): command startup failed, throttling for 4 secs
Sep 4 18:25:21 mx dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 1 secs)
: user=<>, rip=134.255.226.247, lip=134.255.226.248
Sep 4 18:25:24 mx dovecot: managesieve-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip
=134.255.226.247, lip=134.255.226.248
Sep 4 18:25:25 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
Sep 4 18:25:25 mx dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
Sep 4 18:25:25 mx dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 3 secs)
: user=<>, rip=134.255.226.247, lip=134.255.226.248
-------------------------------------------------------------------------
So it looks to me something is missing for the "auth" service. Do you have any ideas?
Thanks again for your help
Kind regards
Christian
More information about the dovecot
mailing list