[SOLVED] Re: Different passdb backends for different services
lists at mlserv.org
lists at mlserv.org
Wed Sep 4 21:03:15 EEST 2019
> Am 04.09.2019 um 18:32 schrieb R.N.S. via dovecot <dovecot at dovecot.org>:
>
>
>
>> Am 04.09.2019 um 16:58 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>:
>>
>>
>>
>>> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote:
>>>>
>>>> passdb {
>>>> args = /etc/dovecot/master-users
>>>> driver = passwd-file
>>>> master = yes
>>>> pass = yes
>>>> }
>>>> passdb {
>>>> args = /etc/dovecot/dovecot-ldap.conf.ext
>>>> driver = ldap
>>>> }
>>>>
>> ...
>>
>>
>>>> protocol sieve {
>>>> passdb {
>>>> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>>> driver = ldap
>>>> name =
>>>> }
>>>> }
>>>> protocol pop3 {
>>>> passdb {
>>>> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
>>>> driver = ldap
>>>> name =
>>>> }
>>>> }
>>>> protocol submission {
>>>> login_greeting = ESMTP
>>>> passdb {
>>>> args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
>>>> driver = ldap
>>>> name =
>>>> }
>>>> }
>>
>> So the problem really is in order of things.
>>
>> Your protocol specific passdbs are AFTER your global passdb. Global passdb {} returns return-ok on successful authentication and rest of the passdbs are never processed.
>
> postconf sorts all keys alphabetically. But I tried your idea and placed the global passdb also into the protocol. postconf looks now like this and it still produces the same errors:
>
> -------------------------------------------------------------------------
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 (7372921a)
> # OS: Linux 4.19.44-gentoo x86_64 Gentoo Base System release 2.6
> # Hostname: mx.roessner-net.de
> auth_cache_size = 64 M
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_ssl_username_from_cert = yes
> auth_verbose = yes
> default_client_limit = 5000
> default_process_limit = 500
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> doveadm_api_key = # hidden, use -P to show it
> hostname = mail.roessner-net.de
> imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
> imap_max_line_length = 4 M
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> lmtp_rcpt_check_quota = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
> mail_access_groups = vmail
> mail_attachment_dir = /var/mail/virtual/copymail/attachments
> mail_gid = vmail
> mail_location = sdbox:~/sdbox
> mail_max_keyword_length = 4096
> mail_plugins = quota acl fts fts_lucene zlib mail_log notify
> mail_privileged_group = mail
> mail_save_crlf = yes
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
> mdbox_preallocate_space = yes
> mdbox_rotate_size = 128 M
> namespace {
> list = children
> location = sdbox:%%h/sdbox
> prefix = Shared/%%u/
> separator = /
> subscriptions = no
> type = shared
> }
> namespace {
> hidden = yes
> list = children
> location = maildir:/var/mail/virtual/public:INDEXPVT=~/Maildir/public
> prefix = Public/
> separator = /
> subscriptions = no
> type = public
> }
> namespace inbox {
> inbox = yes
> location =
> mailbox Archive {
> auto = subscribe
> special_use = \Archive
> }
> mailbox "Deleted Messages" {
> special_use = \Trash
> }
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Junk-E-Mail {
> special_use = \Junk
> }
> mailbox Junk {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = /
> type = private
> }
> plugin {
> acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300
> acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
> fts = lucene
> fts_autoindex = yes
> fts_lucene = whitespace_chars=@.
> imapsieve_mailbox1_before = file:/etc/dovecot/sieve/rspamd.d/report-spam.sieve
> imapsieve_mailbox1_causes = COPY FLAG
> imapsieve_mailbox1_name = Junk
> imapsieve_mailbox2_before = file:/etc/dovecot/sieve/rspamd.d/report-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Junk
> imapsieve_mailbox2_name = *
> mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename
> mail_log_fields = box msgid
> quota = count:User quota
> quota_grace = 10%%
> quota_rule = *:storage=300M:messages=20000
> quota_rule2 = Trash:storage=+500M
> quota_rule3 = Sent:storage=+2G
> quota_rule4 = Archive:storage=+2G
> quota_status_nouser = DUNNO
> quota_status_overquota = 552 5.2.2 Mailbox is full
> quota_status_success = DUNNO
> quota_vsizes = yes
> quota_warning = storage=95%% quota-warning 95 %u
> quota_warning2 = storage=80%% quota-warning 80 %u
> quota_warning3 = -storage=100%% quota-warning below %u
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_after = /etc/dovecot/sieve/after
> sieve_before = /etc/dovecot/sieve/before
> sieve_extensions = +vacation-seconds
> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.debug
> sieve_pipe_bin_dir = /usr/bin
> sieve_plugins = sieve_imapsieve sieve_extprograms
> sieve_vacation_default_period = 10d
> sieve_vacation_max_period = 30d
> sieve_vacation_min_period = 1h
> zlib_save = gz
> zlib_save_level = 6
> }
> protocols = imap pop3 lmtp submission sieve
> service auth-worker {
> extra_groups = ssl-cert
> unix_listener auth-worker {
> mode = 0600
> user = vmail
> }
> user = vmail
> }
> service auth {
> extra_groups = ssl-cert
> unix_listener /var/spool/postfix-submission/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> mode = 0600
> user = vmail
> }
> user = vmail
> }
> service config {
> unix_listener config {
> mode = 0600
> user = vmail
> }
> }
> service dict {
> unix_listener dict {
> mode = 0600
> user = vmail
> }
> }
> service doveadm {
> inet_listener http {
> port = 9080
> ssl = yes
> }
> }
> service imap-login {
> inet_listener imap {
> address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
> }
> inet_listener imaps {
> port = 0
> }
> }
> service imap-postlogin {
> executable = script-login /usr/local/bin/dovecot-masteruser.sh /usr/local/bin/dovecot-lastlogin.sh
> user = vmail
> }
> service imap {
> executable = imap imap-postlogin
> }
> service lmtp {
> inet_listener lmtp {
> address = 127.0.0.1
> port = 24
> }
> unix_listener /var/spool/postfix/private/lmtp-dovecot {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
> service managesieve-login {
> inet_listener sieve {
> address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
> }
> }
> service pop3-login {
> inet_listener pop3 {
> address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248
> }
> inet_listener pop3s {
> port = 0
> }
> }
> service quota-status {
> client_limit = 1
> executable = quota-status -p postfix
> inet_listener {
> address = 127.0.0.1
> port = 12340
> }
> }
> service quota-warning {
> executable = script /usr/local/bin/quota-warning.sh
> extra_groups = mail
> unix_listener quota-warning {
> group = vmail
> mode = 0600
> user = vmail
> }
> user = vmail
> }
> ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
> ssl_client_key = # hidden, use -P to show it
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.2
> ssl_prefer_server_ciphers = yes
> submission_client_workarounds = whitespace-before-path
> submission_relay_host = mail.roessner-net.de
> submission_relay_port = 5870
> submission_relay_ssl = starttls
> submission_relay_trusted = yes
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> result_failure = return-fail
> result_success = continue
> }
> userdb {
> args = file=/etc/dovecot/dovecot-auth-userdb.lua blocking=yes
> driver = lua
> }
> verbose_proctitle = yes
> protocol lmtp {
> mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
> }
> protocol lda {
> mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve
> }
> protocol imap {
> mail_max_userip_connections = 50
> mail_plugins = quota acl fts fts_lucene zlib mail_log notify imap_quota imap_acl imap_zlib imap_sieve
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> name =
> pass = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
> driver = ldap
> name =
> }
> }
> protocol sieve {
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> name =
> pass = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
> driver = ldap
> name =
> }
> }
> protocol pop3 {
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> name =
> pass = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-incoming.conf.ext
> driver = ldap
> name =
> }
> }
> protocol submission {
> login_greeting = ESMTP
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> name =
> pass = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext
> driver = ldap
> name =
> }
> }
> -------------------------------------------------------------------------
>
> So now all passdbs are inside protocol.
>
> Errors:
>
> -------------------------------------------------------------------------
> Sep 4 18:25:19 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
> Sep 4 18:25:19 mx dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs
> Sep 4 18:25:19 mx dovecot: submission-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0
> secs): user=<>, rip=134.255.226.247, lip=134.255.226.248
> Sep 4 18:25:21 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
> Sep 4 18:25:21 mx dovecot: master: Error: service(auth): command startup failed, throttling for 4 secs
> Sep 4 18:25:21 mx dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 1 secs)
> : user=<>, rip=134.255.226.247, lip=134.255.226.248
> Sep 4 18:25:24 mx dovecot: managesieve-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip
> =134.255.226.247, lip=134.255.226.248
> Sep 4 18:25:25 mx dovecot: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
> Sep 4 18:25:25 mx dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
> Sep 4 18:25:25 mx dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 3 secs)
> : user=<>, rip=134.255.226.247, lip=134.255.226.248
> -------------------------------------------------------------------------
>
> So it looks to me something is missing for the "auth" service. Do you have any ideas?
>
> Thanks again for your help
I finally got it working. Thanks to your help. In addition to that I found this here:
https://dovecot.org/pipermail/dovecot/2012-March/081885.html
which seems to be required for Dovecot to function properly. It seems a little bit nasty to add a dummy backend, but at the end it works for me.
Christian
More information about the dovecot
mailing list