<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>Some general information: <br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span><br>
</span></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>Mageia Linux 5.4.6-desktop-2.mga7<br>
</span>
<div><br>
</div>
<div>2.3.7.2 (3c910f64b)<br>
</div>
<div><br>
</div>
<div>postfix + dovecot + mysql<br>
</div>
<div><br>
</div>
<div>192.168.1.105 (shuttle) the email server machine<br>
</div>
<div>192.168.1.103 (pvr) the mail client machine<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I am unable to authenticate to send email. I've looked at postfix but I can't get past dovecot's authentication. Here is what I'm seeing in logs:<br>
</div>
<div><br>
</div>
<div>Jan 02 18:46:47 shuttle sshd[6660]: Connection closed by 192.168.1.100 port 48506 [preauth]<br>
</div>
<div>Jan 02 18:47:05 shuttle postfix/smtpd[6352]: connect from pvr[192.168.1.103]<br>
</div>
<div>Jan 02 18:47:16 shuttle postfix/smtpd[6352]: lost connection after CONNECT from pvr[192.168.1.103]<br>
</div>
<div>Jan 02 18:47:16 shuttle postfix/smtpd[6352]: disconnect from pvr[192.168.1.103] commands=0/0<br>
</div>
<div>Jan 02 18:47:36 shuttle postfix/smtpd[6352]: connect from pvr[192.168.1.103]<br>
</div>
<div>Jan 02 18:47:36 shuttle postfix/smtpd[6352]: 6345D4A4A97: client=pvr[192.168.1.103]<br>
</div>
<div>Jan 02 18:47:37 shuttle postfix/cleanup[6500]: 6345D4A4A97: message-id=<><br>
</div>
<div>Jan 02 18:47:37 shuttle postfix/qmgr[1385]: 6345D4A4A97: from=<madams@pvr>, size=485, nrcpt=1 (queue active)<br>
</div>
<div>Jan 02 18:47:37 shuttle postfix/smtpd[6352]: disconnect from pvr[192.168.1.103] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5<br>
</div>
<div>Jan 02 18:47:37 shuttle dovecot[6744]: lda(root@shuttle)<6744><>: Error: auth-master: userdb lookup(root@shuttle): connect(/run/dovecot/auth-userdb) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /run/dovecot/auth-userdb, dir owned
by 0:0 mode=0755)<br>
</div>
<div>Jan 02 18:47:37 shuttle dovecot[6744]: lda: Fatal: Internal error occurred. Refer to server log for more information.<br>
</div>
<div>Jan 02 18:47:37 shuttle postfix/pipe[6743]: 6345D4A4A97: to=<root@shuttle>, relay=dovecot, delay=1.1, delays=1.1/0.01/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(root@shuttle): Error: net_connect_unix(/run/dovecot/stats-writer)
failed: Permission denied )<br>
</div>
<div>^C<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Note: this error references "/run/dovecot/auth-userdb". That isn't even supposed to be the location of that file. I have no idea why that location shows up. The correct location should be "/etc/dovecot/auth-userdb". The file does exist at that location.<br>
</div>
<div><br>
</div>
<div>There is no "base_dir" configured in /etc/dovecot/dovecot.conf. When I do try an point the configuration at the correct base_dir, I get this when I try to restart dovecot:<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-- The unit dovecot.service has entered the 'failed' state with result 'exit-code'.<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(aggregator): unlink(/etc/dovecot/replication-notify-fifo) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(pop3): unlink(/etc/dovecot/login/pop3) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(old-stats): unlink(/etc/dovecot/old-stats) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(old-stats): unlink(/etc/dovecot/old-stats-mail) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(old-stats): unlink(/etc/dovecot/old-stats-user) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(log): unlink(/etc/dovecot/log-errors) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(lmtp): unlink(/etc/dovecot/lmtp) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(ipc): unlink(/etc/dovecot/ipc) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(ipc): unlink(/etc/dovecot/login/ipc-proxy) failed: Read-only file system<br>
</div>
<div>Jan 02 18:51:50 shuttle dovecot[7226]: master: Error: service(indexer-worker): unlink(/etc/dovecot/indexer-worker) failed: Read-only file system<br>
</div>
<div><br>
</div>
<div>And there are about 30 lines of "read-only file system" errors. I haven't been able to track down the cause of that.<br>
</div>
<div><br>
</div>
<div>Once the line "base_dir = /etc/dovecot" is commented out in /etc/dovecot/dovecot.conf, I can start dovecot:<br>
</div>
<div><br>
</div>
<div># systemctl status dovecot<br>
</div>
<div>● dovecot.service - Dovecot IMAP/POP3 email server<br>
</div>
<div> Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)<br>
</div>
<div> Active: active (running) since Thu 2020-01-02 18:54:15 MST; 5s ago<br>
</div>
<div> Docs: man:dovecot(1)<br>
</div>
<div> http://wiki2.dovecot.org/<br>
</div>
<div> Main PID: 7550 (dovecot)<br>
</div>
<div> Memory: 3.8M<br>
</div>
<div> CGroup: /system.slice/dovecot.service<br>
</div>
<div> ├─7550 /usr/sbin/dovecot -F<br>
</div>
<div> ├─7554 dovecot/anvil<br>
</div>
<div> ├─7555 dovecot/log<br>
</div>
<div> └瘢雹─7556 dovecot/config<br>
</div>
<div><br>
</div>
<div>Jan 02 18:54:15 shuttle systemd[1]: Started Dovecot IMAP/POP3 email server.<br>
</div>
<div>Jan 02 18:54:15 shuttle dovecot[7550]: master: Dovecot v2.3.7.2 (3c910f64b) starting up for imap, pop3, lmtp<br>
</div>
<div>Jan 02 18:54:15 shuttle dovecot[7550]: master: Error: t_readlink(/etc/dovecot/dovecot.conf) failed: readlink() failed: Invalid argument<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I have no idea what's up with the t_readlink error. Might be related to the errors above. I can't really find out much about it.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Trying to send email shows no apparent errors:<br>
</div>
<div><br>
</div>
<div>[madams@pvr ~]$ mail root@shuttle<br>
</div>
<div>Subject: testing<br>
</div>
<div><br>
</div>
<div>test<br>
</div>
<div><br>
</div>
<div>.<br>
</div>
<div>EOT<br>
</div>
<div>[madams@pvr ~]$ <br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Trying to send mail in detail looks like this:<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>$ openssl s_client -connect shuttle:25 -starttls smtp <br>
</div>
<div>CONNECTED(00000003)<br>
</div>
<div>depth=0 C = US, ST = NM, O = Personal, OU = Private<br>
</div>
<div>verify error:num=18:self signed certificate<br>
</div>
<div>verify return:1<br>
</div>
<div>depth=0 C = US, ST = NM, O = Personal, OU = Private<br>
</div>
<div>verify return:1<br>
</div>
<div>---<br>
</div>
<div>Certificate chain<br>
</div>
<div> 0 s:/C=US/ST=NM/O=Personal/OU=Private<br>
</div>
<div> i:/C=US/ST=NM/O=Personal/OU=Private<br>
</div>
<div>---<br>
</div>
<div>Server certificate<br>
</div>
<div><br>
</div>
<div><It produces all the right certificate information><br>
</div>
<div><br>
</div>
<div>-----END CERTIFICATE-----<br>
</div>
<div>subject=/C=US/ST=NM/O=Personal/OU=Private<br>
</div>
<div>issuer=/C=US/ST=NM/O=Personal/OU=Private<br>
</div>
<div>---<br>
</div>
<div>No client certificate CA names sent<br>
</div>
<div>Peer signing digest: SHA512<br>
</div>
<div>Server Temp Key: ECDH, P-256, 256 bits<br>
</div>
<div>---<br>
</div>
<div>SSL handshake has read 1764 bytes and written 467 bytes<br>
</div>
<div>---<br>
</div>
<div>New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br>
</div>
<div>Server public key is 2048 bit<br>
</div>
<div>Secure Renegotiation IS supported<br>
</div>
<div>Compression: NONE<br>
</div>
<div>Expansion: NONE<br>
</div>
<div>No ALPN negotiated<br>
</div>
<div>SSL-Session:<br>
</div>
<div><br>
</div>
<div><and all the SSL information is good><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div> Start Time: 1578016729<br>
</div>
<div> Timeout : 300 (sec)<br>
</div>
<div> Verify return code: 18 (self signed certificate)<br>
</div>
<div>---<br>
</div>
<div>250 CHUNKING<br>
</div>
<div>ehlo shuttle<br>
</div>
<div>250-shuttle<br>
</div>
<div>250-PIPELINING<br>
</div>
<div>250-SIZE 10240000<br>
</div>
<div>250-VRFY<br>
</div>
<div>250-ETRN<br>
</div>
<div>250-AUTH PLAIN<br>
</div>
<div>250-ENHANCEDSTATUSCODES<br>
</div>
<div>250-8BITMIME<br>
</div>
<div>250-DSN<br>
</div>
<div>250-SMTPUTF8<br>
</div>
<div>250 CHUNKING<br>
</div>
<div>mail from: madams@pvr<br>
</div>
<div>250 2.1.0 Ok<br>
</div>
<div>rcpt to: root@shuttle<br>
</div>
<div>250 2.1.5 Ok<br>
</div>
<div>data<br>
</div>
<div>354 End data with <CR><LF>.<CR><LF><br>
</div>
<div>subject: testing<br>
</div>
<div><br>
</div>
<div>test<br>
</div>
<div><br>
</div>
<div>.<br>
</div>
<div>250 2.0.0 Ok: queued as A73A84A4AE4<br>
</div>
<div>quit<br>
</div>
<div>221 2.0.0 Bye<br>
</div>
<div>closed<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>That transaction produces this in journalctl:<br>
</div>
<div><br>
</div>
<div>an 02 19:04:15 shuttle postfix/smtpd[8856]: connect from pvr[192.168.1.103]<br>
</div>
<div>Jan 02 19:04:15 shuttle dovecot[7555]: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth<br>
</div>
<div>Jan 02 19:04:15 shuttle dovecot[7555]: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/lib20_auth_var_expand_crypt.so<br>
</div>
<div>Jan 02 19:04:15 shuttle dovecot[7555]: auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat<br>
</div>
<div>Jan 02 19:04:15 shuttle dovecot[7555]: auth: Debug: auth client connected (pid=0)<br>
</div>
<div>Jan 02 19:04:31 shuttle postfix/smtpd[8856]: B621F4A4B0F: client=pvr[192.168.1.103]<br>
</div>
<div>Jan 02 19:04:39 shuttle postfix/cleanup[8914]: B621F4A4B0F: message-id=<><br>
</div>
<div>Jan 02 19:04:40 shuttle postfix/qmgr[1385]: B621F4A4B0F: from=<madams@pvr>, size=184, nrcpt=1 (queue active)<br>
</div>
<div>Jan 02 19:04:40 shuttle dovecot[8947]: lda(root@shuttle)<8947><>: Error: auth-master: userdb lookup(root@shuttle): connect(/run/dovecot/auth-userdb) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /run/dovecot/auth-userdb, dir owned
by 0:0 mode=0755)<br>
</div>
<div>Jan 02 19:04:40 shuttle dovecot[8947]: lda: Fatal: Internal error occurred. Refer to server log for more information.<br>
</div>
<div>Jan 02 19:04:40 shuttle postfix/pipe[8946]: B621F4A4B0F: to=<root@shuttle>, relay=dovecot, delay=13, delays=13/0.01/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(root@shuttle): Error: net_connect_unix(/run/dovecot/stats-writer)
failed: Permission denied )<br>
</div>
<div>Jan 02 19:04:43 shuttle postfix/smtpd[8856]: disconnect from pvr[192.168.1.103] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7<br>
</div>
<div>Jan 02 19:04:48 shuttle sshd[8962]: Connection closed by 192.168.1.100 port 48596 [preauth]<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I've experimented with ownership and permissions on run/dovecot/auth-userdb. It's running as vmail:dovecot, but the permissions I set on it are not persistent - they keep reverting to srw----- whenever I restart dovecot. This is correct given the configuration
in dovecot.conf, but should those permissions be set to 0600? Also, that shouldn't be happening in /run/dovcot, it should all be happening in /etc/dovcot.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Attempting to test authentication over TLS isn't working and I'm so confused at this point I'm not even sure I should be doing it.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>250 CHUNKING<br>
</div>
<div>ehlo shuttle<br>
</div>
<div>250-shuttle<br>
</div>
<div>250-PIPELINING<br>
</div>
<div>250-SIZE 10240000<br>
</div>
<div>250-VRFY<br>
</div>
<div>250-ETRN<br>
</div>
<div>250-AUTH PLAIN<br>
</div>
<div>250-ENHANCEDSTATUSCODES<br>
</div>
<div>250-8BITMIME<br>
</div>
<div>250-DSN<br>
</div>
<div>250-SMTPUTF8<br>
</div>
<div>250 CHUNKING<br>
</div>
<div>auth login<br>
</div>
<div>535 5.7.8 Error: authentication failed: Invalid authentication mechanism<br>
</div>
<div>auth login bWFkYW1z bm9uZQ==<br>
</div>
<div>501 5.5.4 Syntax: AUTH mechanism<br>
</div>
<div>auth plain bWFkYW1z bm9uZQ==<br>
</div>
<div>501 5.5.4 Syntax: AUTH mechanism<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>And those are base64 encoded credentials (bWFkYW1z bm9uZQ==).<br>
</div>
<div><br>
</div>
<div>Here is my config. All I want to do is run from machines on my lan to Thunderbird on my desktop so I can get notices about events and system health from my other servers. Should this be so hard? Is this Postfix's fault? Can anybody help with this?<br>
</div>
<div><br>
</div>
<div>Thanks.<br>
</div>
<div><br>
</div>
<div>And now that config:<br>
</div>
<div><br>
</div>
<div># dovecot -n<br>
</div>
<div># 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf<br>
</div>
<div># OS: Linux 5.4.6-desktop-2.mga7 x86_64 Mageia 7 <br>
</div>
<div># Hostname: shuttle<br>
</div>
<div>auth_debug_passwords = yes<br>
</div>
<div>auth_username_format = %Ln<br>
</div>
<div>disable_plaintext_auth = no<br>
</div>
<div>first_valid_uid = 0<br>
</div>
<div>last_valid_uid = 10001<br>
</div>
<div>mail_gid = 10001<br>
</div>
<div>mail_location = mbox:~/mail:INBOX=/var/mail/%u<br>
</div>
<div>mail_privileged_group = mail<br>
</div>
<div>mail_uid = 10001<br>
</div>
<div>namespace inbox {<br>
</div>
<div> inbox = yes<br>
</div>
<div> location = <br>
</div>
<div> mailbox Drafts {<br>
</div>
<div> special_use = \Drafts<br>
</div>
<div> }<br>
</div>
<div> mailbox Junk {<br>
</div>
<div> special_use = \Junk<br>
</div>
<div> }<br>
</div>
<div> mailbox Sent {<br>
</div>
<div> special_use = \Sent<br>
</div>
<div> }<br>
</div>
<div> mailbox "Sent Messages" {<br>
</div>
<div> special_use = \Sent<br>
</div>
<div> }<br>
</div>
<div> mailbox Trash {<br>
</div>
<div> special_use = \Trash<br>
</div>
<div> }<br>
</div>
<div> prefix = <br>
</div>
<div>}<br>
</div>
<div>passdb {<br>
</div>
<div> args = %s<br>
</div>
<div> driver = pam<br>
</div>
<div>}<br>
</div>
<div>plugin {<br>
</div>
<div> sieve = file:~/sieve;active=~/.dovecot.sieve<br>
</div>
<div>}<br>
</div>
<div>service auth-worker {<br>
</div>
<div> user = vmail<br>
</div>
<div>}<br>
</div>
<div>service auth {<br>
</div>
<div> unix_listener /var/spool/postfix/private/auth {<br>
</div>
<div> group = postfix<br>
</div>
<div> mode = 0666<br>
</div>
<div> user = postfix<br>
</div>
<div> }<br>
</div>
<div> unix_listener auth-userdb {<br>
</div>
<div> group = dovecot<br>
</div>
<div> mode = 0600<br>
</div>
<div> user = vmail<br>
</div>
<div> }<br>
</div>
<div> user = dovecot<br>
</div>
<div>}<br>
</div>
<div>service imap-login {<br>
</div>
<div> inet_listener imap {<br>
</div>
<div> port = 143<br>
</div>
<div> }<br>
</div>
<div>}<br>
</div>
<div>service lmtp {<br>
</div>
<div> unix_listener /var/spool/postfix/private/dovecot-lmtp {<br>
</div>
<div> group = postfix<br>
</div>
<div> mode = 0600<br>
</div>
<div> user = postfix<br>
</div>
<div> }<br>
</div>
<div>}<br>
</div>
<div>service pop3-login {<br>
</div>
<div> inet_listener pop3s {<br>
</div>
<div> port = 995<br>
</div>
<div> ssl = yes<br>
</div>
<div> }<br>
</div>
<div>}<br>
</div>
<div>ssl = required<br>
</div>
<div>ssl_cert = </etc/pki/tls/certs/fullchain.cer<br>
</div>
<div>ssl_dh = # hidden, use -P to show it<br>
</div>
<div>ssl_key = # hidden, use -P to show it<br>
</div>
<div>protocol lmtp {<br>
</div>
<div> hostname = shuttle<br>
</div>
<div> postmaster_address = postmaster@shuttle<br>
</div>
<div>}<br>
</div>
<span></span><br>
</div>
</body>
</html>