<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 24/01/2021 15:42, Jeff Abrahamson
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:989abf98-37e8-5e8f-70fd-c5fd802bf953@p27.eu">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p> </p>
<div class="moz-text-html" lang="x-unicode">
<p>I've set up a new dovecot+postfix instance with virtual (not
system) users.<br>
</p>
[...]</div>
</blockquote>
<p>Thanks to several responses here (many thanks!) and much further
hacking, I have moved further.</p>
<p>I now have two problems that I'm hitting my head on. (I've
posted my config below.)<br>
</p>
<ul>
<li>Delivery has a permission error, but I don't see what is
causing it.</li>
<li>Authorisation on sending is failing.<br>
</li>
</ul>
<p>1. Delivery</p>
<p>I send mail to <a class="moz-txt-link-abbreviated" href="mailto:jeff@mobilitains.fr">jeff@mobilitains.fr</a>, which I think should be an
authorised user.</p>
<blockquote>
<p><font size="-1" color="#7d26cd"><tt>Jan 24 17:19:02 nantes-m1
postfix/qmgr[8025]: 8640AA0C71: from=<a class="moz-txt-link-rfc2396E" href="mailto:jeff@p27.eu"><jeff@p27.eu></a>,
size=4737, nrcpt=1 (queue active)</tt><tt><br>
</tt><tt>Jan 24 17:19:02 nantes-m1 dovecot:
lda(jeff)<10628><pbr+CgasDWCEKQAAvhw8tw>: Error:
mkdir(/var/mail/vmail//jeff/mail) failed: Permission denied
(euid=1000(jeff) egid=1001(jeff) missing +w perm:
/var/mail/vmail/, dir owned by 4000:4000 mode=0755)</tt><tt><br>
</tt><tt>Jan 24 17:19:02 nantes-m1 dovecot:
lda(jeff)<10628><pbr+CgasDWCEKQAAvhw8tw>: Error:
mkdir(/var/mail/vmail//jeff/mail) failed: Permission denied
(euid=1000(jeff) egid=1001(jeff) missing +w perm:
/var/mail/vmail/, dir owned by 4000:4000 mode=0755)</tt><tt><br>
</tt><tt>Jan 24 17:19:02 nantes-m1 dovecot:
lda(jeff)<10628><pbr+CgasDWCEKQAAvhw8tw>: Error:
Mailbox INBOX: Failed to autocreate mailbox: Internal error
occurred. Refer to server log for more information.
[2021-01-24 17:19:02]</tt><tt><br>
</tt><tt>Jan 24 17:19:02 nantes-m1 dovecot:
lda(jeff)<10628><pbr+CgasDWCEKQAAvhw8tw>:
msgid=<a class="moz-txt-link-rfc2396E" href="mailto:45693641-2b61-815d-6129-feb9c4e3608a@p27.eu"><45693641-2b61-815d-6129-feb9c4e3608a@p27.eu></a>:
save failed to open mailbox INBOX: Mailbox INBOX: Failed to
autocreate mailbox: Internal error occurred. Refer to server
log for more information. [2021-01-24 17:19:02]</tt><tt><br>
</tt><tt>Jan 24 17:19:02 nantes-m1 postfix/local[10626]:
8640AA0C71: to=<a class="moz-txt-link-rfc2396E" href="mailto:jeff@nantes-m1.p27.eu"><jeff@nantes-m1.p27.eu></a>,
orig_to=<a class="moz-txt-link-rfc2396E" href="mailto:jeff@mobilitains.fr"><jeff@mobilitains.fr></a>, relay=local, delay=593,
delays=593/0.01/0/0.02, dsn=4.3.0, status=deferred
(temporary failure. Command output: lda(jeff): Error:
net_connect_unix(/var/run/dovecot/stats-writer) failed:
Permission denied )</tt></font><br>
</p>
</blockquote>
<p>Now I know what the words mean: it wants to create the mail
directory where I've asked it to, in /var/mail/vmail/%d/%n/mail,
and it's hitting a permission error, because that directory is
owned by vmail and that bit of dovecot, apparently, doesn't have
permission to read/write there. I can see that some dovecot
processes run as vmail, others as dovecot or dovenull, still
others as root (!). I'm unclear after much reading of docs what I
<i>should</i> see here and what I should change.</p>
<blockquote>
<p><font size="-1" color="#7d26cd"><tt>[T] jeff@nantes-m1:postfix
$ ps axfu | grep dovec</tt><tt><br>
</tt><tt>root 607 0.0 0.3 4612 3360 ? Ss
10:12 0:00 /usr/sbin/dovecot -F</tt><tt><br>
</tt><tt>dovecot 637 0.0 0.1 4248 1072 ? S
10:12 0:00 \_ dovecot/anvil</tt><tt><br>
</tt><tt>root 9852 0.0 0.2 4388 2940 ? S
16:54 0:00 \_ dovecot/log</tt><tt><br>
</tt><tt>dovecot 9907 0.0 0.2 4396 2828 ? S
16:54 0:00 \_ dovecot/stats</tt><tt><br>
</tt><tt>root 9908 0.0 0.4 5664 4188 ? S
16:54 0:00 \_ dovecot/config</tt><tt><br>
</tt><tt>dovenull 9976 0.0 0.6 8476 6584 ? S
16:58 0:00 \_ dovecot/imap-login</tt><tt><br>
</tt><tt>vmail 9978 0.0 0.5 6940 5572 ? S
16:58 0:00 \_ dovecot/imap</tt><tt><br>
</tt><tt>dovenull 10023 0.0 0.6 8472 6584 ? S
17:04 0:00 \_ dovecot/imap-login</tt><tt><br>
</tt><tt>vmail 10024 0.0 0.5 6884 5516 ? S
17:04 0:00 \_ dovecot/imap</tt><tt><br>
</tt><tt>jeff 10952 0.0 0.0 8904 672 pts/1 S+
17:33 0:00 | \_ grep --color=auto dovec</tt><tt><br>
</tt><tt>[T] jeff@nantes-m1:postfix $ </tt></font><br>
<br>
</p>
</blockquote>
<p>2. Authorisation on sending<br>
</p>
<p>Using thunderbird I try to send an email from my workstation as
<a class="moz-txt-link-abbreviated" href="mailto:jeff@mobilitains.fr">jeff@mobilitains.fr</a> (myself, as this host sees it) to another user
(myself somewhere else).</p>
<blockquote>
<p><font color="#7d26cd"><tt><font size="-1">Jan 24 17:35:42
nantes-m1 postfix/submission/smtpd[10971]: connect from
10.244.88.92.rev.sfr.net[92.88.244.10]<br>
Jan 24 17:35:42 nantes-m1 postfix/submission/smtpd[10971]:
Anonymous TLS connection established from
10.244.88.92.rev.sfr.net[92.88.244.10]: TLSv1 with cipher
ECDHE-RSA-AES128-SHA (128/128 bits)<br>
Jan 24 17:35:42 nantes-m1 postfix/submission/smtpd[10971]:
warning: SASL: Connect to private/auth failed: No such
file or directory<br>
Jan 24 17:35:42 nantes-m1 postfix/submission/smtpd[10971]:
fatal: no SASL authentication mechanisms<br>
Jan 24 17:35:43 nantes-m1 postfix/master[1634]: warning:
process /usr/lib/postfix/sbin/smtpd pid 10971 exit status
1<br>
Jan 24 17:35:43 nantes-m1 postfix/master[1634]: warning:
/usr/lib/postfix/sbin/smtpd: bad command startup --
throttling</font></tt></font><br>
</p>
</blockquote>
<p>So I'm failing to connect, but the error about private/auth is
quite unclear to me. I think what I've configured is that
plaintext auth is disabled unless on a SSL/TLS connection, and
SSL/TLS connections are required, so plaintext over SSL/TLS is the
rule. There's an error related to smtpd startup, though I'm
unclear what that means, since postfix is running. I think it
means it can't run smtpd to send the mail, but why and where
configured is unclear to me.<br>
</p>
<blockquote>
<p><font size="-1" color="#7d26cd"><tt>[T] <a class="moz-txt-link-abbreviated" href="mailto:jeff@nantes-m1:conf.d">jeff@nantes-m1:conf.d</a> $
<b>cat 10-auth.conf | grep -vE '^#' | uniq</b></tt><tt><br>
</tt><tt><br>
</tt><tt>disable_plaintext_auth = yes</tt><tt><br>
</tt><tt><br>
</tt><tt>auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@</tt><tt><br>
</tt><tt><br>
</tt><tt>auth_mechanisms = plain</tt><tt><br>
</tt><tt><br>
</tt><tt>!include auth-passwdfile.conf.ext</tt><tt><br>
</tt><tt>[T] <a class="moz-txt-link-abbreviated" href="mailto:jeff@nantes-m1:conf.d">jeff@nantes-m1:conf.d</a> $ <br>
</tt></font><font size="-1" color="#7d26cd"><tt>[T]
<a class="moz-txt-link-abbreviated" href="mailto:jeff@nantes-m1:conf.d">jeff@nantes-m1:conf.d</a> $ <b>cat auth-passwdfile.conf.ext </b></tt><tt><br>
</tt><tt># Authentication for passwd-file users. Included from
10-auth.conf.</tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># passwd-like file with specified location.</tt><tt><br>
</tt><tt># <doc/wiki/AuthDatabase.PasswdFile.txt></tt><tt><br>
</tt><tt>#</tt><tt><br>
</tt><tt># This is heavily modified from the ubuntu dovecot
distribution file.</tt><tt><br>
</tt><tt><br>
</tt><tt>passdb {</tt><tt><br>
</tt><tt> driver = passwd-file</tt><tt><br>
</tt><tt> # args = scheme=CRYPT username_format=%u
/etc/dovecot/users</tt><tt><br>
</tt><tt> # args = username_format=%u scheme=ssha512
/etc/dovecot/passwd.db</tt><tt><br>
</tt><tt> args = username_format=%u scheme=blf-crypt
/etc/dovecot/passwd.db</tt><tt><br>
</tt><tt> deny = no</tt><tt><br>
</tt><tt> master = no</tt><tt><br>
</tt><tt> pass = no</tt><tt><br>
</tt><tt> skip = never</tt><tt><br>
</tt><tt> result_failure = continue</tt><tt><br>
</tt><tt> result_internalfail = continue</tt><tt><br>
</tt><tt> result_success = return-ok</tt><tt><br>
</tt><tt>}</tt><tt><br>
</tt><tt><br>
</tt><tt>userdb {</tt><tt><br>
</tt><tt> driver = static</tt><tt><br>
</tt><tt> args = uid=4000 gid=4000
home=/var/mail/vmail/%d/%n</tt><tt><br>
</tt><tt>}</tt><tt><br>
</tt><tt><br>
</tt><tt>[T] <a class="moz-txt-link-abbreviated" href="mailto:jeff@nantes-m1:conf.d">jeff@nantes-m1:conf.d</a> $ </tt></font><br>
</p>
</blockquote>
<p>My config:</p>
<blockquote>
<p><font size="-1" color="#7d26cd"><tt>[T] jeff@nantes-m1:~ $ <b>doveconf
-n</b><br>
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf<br>
# Pigeonhole version 0.5.7.2 ()<br>
# OS: Linux 5.4.0-64-generic x86_64 Ubuntu 20.04.1 LTS ext4<br>
# Hostname: nantes-m1.p27.eu<br>
auth_debug = yes<br>
auth_verbose = yes<br>
mail_home = /var/mail/vmail/%d/%n<br>
mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs<br>
mail_privileged_group = mail<br>
namespace inbox {<br>
inbox = yes<br>
location = <br>
mailbox Archive {<br>
auto = subscribe<br>
special_use = \Archive<br>
}<br>
mailbox Drafts {<br>
auto = subscribe<br>
special_use = \Drafts<br>
}<br>
mailbox Junk {<br>
auto = subscribe<br>
special_use = \Junk<br>
}<br>
mailbox Sent {<br>
auto = subscribe<br>
special_use = \Sent<br>
}<br>
mailbox Trash {<br>
auto = subscribe<br>
special_use = \Trash<br>
}<br>
prefix = <br>
}<br>
passdb {<br>
args = username_format=%u scheme=blf-crypt
/etc/dovecot/passwd.db<br>
driver = passwd-file<br>
}<br>
plugin {<br>
sieve = <a class="moz-txt-link-freetext" href="file:~/sieve;active=~/.dovecot.sieve">file:~/sieve;active=~/.dovecot.sieve</a><br>
sieve_after = /var/mail/vmail/sieve-after<br>
sieve_before = /var/mail/vmail/sieve-before<br>
sieve_dir = ~/sieve<br>
}<br>
protocols = " imap"<br>
service auth {<br>
unix_listener /var/spool/postfix/private/dovecot-auth {<br>
group = postfix<br>
mode = 0600<br>
user = postfix<br>
}<br>
}<br>
service imap-login {<br>
inet_listener imaps {<br>
port = 993<br>
ssl = yes<br>
}<br>
}<br>
ssl_cert =
</etc/letsencrypt/live/nantes-m1.p27.eu/fullchain.pem<br>
ssl_cipher_list =
ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH<br>
ssl_client_ca_dir = /etc/ssl/certs<br>
ssl_dh = # hidden, use -P to show it<br>
ssl_key = # hidden, use -P to show it<br>
userdb {<br>
args = uid=4000 gid=4000 home=/var/mail/vmail/%d/%n<br>
driver = static<br>
}<br>
verbose_ssl = yes<br>
protocol lda {<br>
deliver_log_format = msgid=%m: %$<br>
mail_plugins = sieve<br>
postmaster_address = postmaster@{{ primary_domain }}<br>
quota_full_tempfail = yes<br>
rejection_reason = Your message to <%t> was
automatically rejected:%n%r<br>
}<br>
protocol imap {<br>
imap_client_workarounds = delay-newmail
tb-extra-mailbox-sep tb-lsub-flags<br>
mail_max_userip_connections = 20<br>
}<br>
[T] jeff@nantes-m1:~ $ <br>
[T] jeff@nantes-m1:postfix $ postconf -Mf<br>
smtp inet n - y - -
smtpd<br>
submission inet n - y - -
smtpd<br>
-o syslog_name=postfix/submission<br>
-o smtpd_tls_security_level=encrypt<br>
-o smtpd_sasl_auth_enable=yes<br>
-o smtpd_client_restrictions=<br>
-o smtpd_helo_restrictions=<br>
-o smtpd_sender_restrictions=<br>
-o smtpd_recipient_restrictions=<br>
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject<br>
-o milter_macro_daemon_name=ORIGINATING<br>
smtps inet n - y - -
smtpd<br>
-o syslog_name=postfix/smtps<br>
-o smtpd_tls_wrappermode=yes<br>
-o smtpd_sasl_auth_enable=yes<br>
-o smtpd_reject_unlisted_recipient=no<br>
-o smtpd_client_restrictions=<br>
-o smtpd_helo_restrictions=<br>
-o smtpd_sender_restrictions=<br>
-o smtpd_recipient_restrictions=<br>
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject<br>
-o milter_macro_daemon_name=ORIGINATING<br>
</tt></font><tt><font size="-1" color="#7d26cd">...</font></tt><br>
</p>
</blockquote>
<pre class="moz-signature" cols="72">--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255
<a class="moz-txt-link-freetext" href="http://p27.eu/jeff/">http://p27.eu/jeff/</a>
<a class="moz-txt-link-freetext" href="http://transport-nantes.com/">http://transport-nantes.com/</a></pre>
</body>
</html>