I'm still trying to fix this problem. Hopefully someone can help. I've upgraded dovecot to 2.3.3 # dovecot --version 2.3.3 (dcead646b)
That didn't help. Next I switched 10-auth.conf to use a local password file (instead of LDAP) ======================================= # cache all authentication results for one hour auth_cache_size = 10M auth_cache_ttl = 1 hour auth_cache_negative_ttl = 1 hour # only use plain username/password auth - OK since everything is over TLS auth_mechanisms = plain passdb { driver = passwd-file args = scheme=ssha username_format=%n /usr/local/etc/dovecot/passwd } userdb { driver = passwd-file args = username_format=%n /usr/local/etc/dovecot/passwd } ====================================== The /usr/local/etc/dovecot/passwd file is in the following format userA:{SSHA}hashhhhhhhhh:1000:1000::/home/userA Authentication works, and mail gets delivered. But I'm still getting the same intermitted errors. Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Also tried disabling the cache in 10-auth.conf, at no avail. I'm a bit at loss :( Regards, J. de Meijer > Hi, > > I'm getting errors with my IMAP setup. > Basically, everything seems to work. > Mail is delivered nicely from Postfix to Dovecot via LMTP. Dovecot does > the authentication to LDAP (also for Postfix). Users are able to send mail > via authenticated submission (Postfix) and login into IMAP and POP. > > However, IMAP connections are dropped frequently with an "ERROR: > Connection dropped by IMAP server.". After pressing reload on the webmail, > or refreshing in the client might help for a short period. So it fails > intermittently. > > The errors in the maillog are below. It seems to be mixing up users kind > of randomly. I think when multiple connections are made at the same time. > Did a lot of searching, put couldn't find an answer to this problem. All I > can find is related to LDA, which I'm not using. > > Any help would be appreciated. > > Errors from the log: > Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: > Fatal: setgid(1012(userD) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1012(userD) instead of 1011(userA)) > Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009><recJguF2NMpUUoaT>: > Fatal: setgid(1012(userD) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1012(userD) instead of 1011(userA)) > Sep 28 00:03:26 mailserver dovecot: imap(userD)<12807><8T0iguF2NspUUoaT>: > Fatal: setgid(1012(userD) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1012(userD) instead of 1011(userA)) > Sep 28 00:06:59 mailserver dovecot: imap(userD)<15661><UcfOjuF2OcpUUoaT>: > Fatal: setgid(1012(userD) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1012(userD) instead of 1011(userA)) > Sep 28 00:07:54 mailserver dovecot: imap(userA)<45614><NVkakuF2xO5UUoaT>: > Fatal: setgid(1011(userA) from userdb lookup) failed with > euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not > permitted (This binary should probably be called with process group set to > 1011(userA) instead of 1012(userD)) > Sep 28 00:08:08 mailserver dovecot: imap(userF)<45055><AWjtkuF2J/ptSCYM>: > Fatal: setgid(1033(userF) from userdb lookup) failed with > euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not > permitted (This binary should probably be called with process group set to > 1033(userF) instead of 1012(userD)) > Sep 28 00:08:08 mailserver dovecot: imap(userF)<46412><87ntkuF2JvptSCYM>: > Fatal: setgid(1033(userF) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1033(userF) instead of 1011(userA)) > Sep 28 00:08:08 mailserver dovecot: imap(userF)<44858><0nXzkuF2KfptSCYM>: > Fatal: setgid(1033(userF) from userdb lookup) failed with > euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not > permitted (This binary should probably be called with process group set to > 1033(userF) instead of 1012(userD)) > Sep 28 00:08:14 mailserver dovecot: imap(userF)<36517><v/NHk+F2K/ptSCYM>: > Fatal: setgid(1033(userF) from userdb lookup) failed with > euid=1017(userC), gid=1017(userC), egid=1017(userC): Operation not > permitted (This binary should probably be called with process group set to > 1033(userF) instead of 1017(userC)) > Sep 28 00:08:36 mailserver dovecot: imap(userF)<10531><wpKdlOF2MfptSCYM>: > Fatal: setgid(1033(userF) from userdb lookup) failed with > euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not > permitted (This binary should probably be called with process group set to > 1033(userF) instead of 1011(userA)) > > # dovecot --version > 2.3.2.1 (0719df592) > > # 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.2 (7704de5e) > # OS: FreeBSD 11.2-RELEASE amd64 > # Hostname: mailserver > auth_cache_size = 10 M > auth_debug = yes > imap_idle_notify_interval = 29 mins > mail_debug = yes > mail_fsync = never > mail_location = maildir:~/Maildir > mail_plugins = " fts fts_solr" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace inbox { > inbox = yes > location = > mailbox Archive { > auto = subscribe > special_use = \Archive > } > mailbox Drafts { > auto = create > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > } > passdb { > args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > fts = solr > fts_autoindex = yes > fts_solr = url=http://127.0.0.1:8983/solr/dovecot/ > recipient_delimiter = + > sieve = file:~/sieve;active=~/.dovecot.sieve > sieve_after = /usr/local/etc/dovecot/sieve-after.d > sieve_before = /usr/local/etc/dovecot/sieve-before.d > sieve_quota_max_storage = 50M > } > protocols = imap pop3 lmtp sieve > service auth { > client_limit = 1600 > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > address = 127.0.0.1, ::1 > } > process_min_avail = 3 > service_count = 1 > } > service imap { > process_min_avail = 3 > service_count = 256 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > address = 127.0.0.1, ::1 > } > service_count = 1 > } > ssl = required > ssl_cert = </usr/local/etc/ssl/mail.example.com.dovecot.crt > ssl_cipher_list = > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > ssl_prefer_server_ciphers = yes > userdb { > args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext > driver = ldap > } > protocol lda { > mail_fsync = optimized > mail_plugins = " fts fts_solr sieve" > } > protocol imap { > mail_max_userip_connections = 50 > mail_plugins = " fts fts_solr imap_sieve" > } > protocol lmtp { > lmtp_save_to_detail_mailbox = yes > mail_fsync = optimized > mail_plugins = " fts fts_solr quota sieve" > postmaster_address = webmas...@example.com > } > > In /usr/local/etc/dovecot/dovecot-ldap.conf.ext: > hosts = localhost > dn = cn=reader,ou=Roles,dc=example,dc=com > dnpass = secretpassword > auth_bind = yes > base = ou=People,dc=example,dc=com > deref = never > scope = subtree > user_attrs = uid=uid,homeDirectory=home,uidNumber=uid,gidNumber=gid > user_filter = (&(objectClass=posixAccount)(uid=%n)) > pass_attrs = uid=user,userPassword=password > pass_filter = (&(objectClass=posixAccount)(uid=%u)) > default_pass_scheme = SSHA > > dovecot-ldap-user.conf.ext is the same as dovecot-ldap.conf.ext > > # freebsd-version > 11.2-RELEASE-p3 > > Everything is installed from ports.