[Dovecot] Problem with virtual user mailbox initialization

2013-06-22 Thread Denis Kasak 
Hello,

I'm trying to set up a postfix/dovecot server where postfix hands over
incoming mail to dovecot using lmtp virtual transport via a Unix
socket. Dovecot is then supposed to write the mail to
/var/mail/// using a virtual users setup. It seems to
work except for failing when the mailbox is supposed to be initially
created:

Jun 22 03:25:04 lmtp(2400, dka...@foo.org): Error: user
dka...@foo.org: Initialization failed: Namespace '':
mkdir(/var/mail/foo.org/dkasak) failed: Permission denied
(euid=5000(postman) egid=5000(postman) missing +w perm: /var/mail,
we're not in group 6(mail), dir owned by 0:6 mode=0775)

As can be seen from the error message, I've set mail_uid and mail_gid
to account/group postman. /var/mail/ is empty and owned by root:mail
so I've also set mail_privileged_group = mail. I was under the
impression that mail_privileged_group is used precisely for these
situations (when dotlocking or initial creation of the mailbox fail
due to insufficient privileges), but it still doesn't work. If I
either set mail_gid = mail, or set mail_access_groups = mail, or
create foo.org/ owned by postman:postman by hand, it works as
expected.

Here is the complete configuration:

# 2.2.2: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE-p4 i386  ufs
base_dir = /var/run/dovecot/
mail_gid = postman
mail_location = maildir:/var/mail/%d/%n/:LAYOUT=fs
mail_privileged_group = mail
mail_uid = postman
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service imap-login {
  inet_listener imap {
port = 143
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
  }
}
ssl = required
ssl_cert =

[Dovecot] Getting NTLM authentication for Postfix SMTP clients to work

2013-06-22 Thread Matthew Larsen 
I'm trying to get NTLM authentication working with Dovecot to authenticate
Postfix SMTP clients.

I can authenticate postfix smtp clients using the plain text login
mechanism through winbind.  However, using the NTLM mechanism gives me an
error in my maillog that says:
 "dovecot: auth: winbind(?,10.20.2.0): user not authenticated:
NT_STATUS_UNSUCCESSFUL".

At this point, I'm rather stuck.  It appears PAM and winbind work for
authenticating with AD because it works with the plain text mechanism, but
I'm missing something with the NTLM authentication method.

Any suggestions as to what I've got wrong, or other logging I can turn up /
examine that might shed some light on this?

When I use the LOGIN mechanism I see this in the mail logging and the
message is relayed:

Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: connect from
nvit01b.mydomain.com[10.20.2.**0]
Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: auth client connected
(pid=1501)
Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=**smtp#011nologin#011lip=10.20.**4
.12#011rip=10.20.2.0#011resp=**AG[...snip...]g==
Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0):
lookup service=dovecot
Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: pam(myusername,10.20.2.0):
#1/1 style=1 msg=Password:
Jun 21 13:12:58 SBSMTPNV05 dovecot: auth: Debug: client out:
OK#0111#011user=myusername
Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: 54EAF8059B: client=
nvit01b.mydomain.com[**10.20.2.0], sasl_method=PLAIN,
sasl_username=myusername
Jun 21 13:12:58 SBSMTPNV05 postfix/cleanup[1504]: 54EAF8059B: message-id=<
51C4B3C8.30008@**domain1.com <51c4b3c8.30...@domain1.com>>
Jun 21 13:12:58 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: from=<
some...@domain1.com>, size=2700, nrcpt=1 (queue active)
Jun 21 13:12:58 SBSMTPNV05 postfix/smtpd[1501]: disconnect from
nvit01b.mydomain.com[10.20.2.**0]
Jun 21 13:12:59 SBSMTPNV05 postfix/smtp[1505]: 54EAF8059B: to=<
some...@gmail.com>,
relay=gmail-smtp-in.l.google.**com[74.125.25.27]:25,
delay=1.2, delays=0.23/0.04/0.16/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK
1371845579 wf5si3786287pab.138 - gsmtp)
Jun 21 13:12:59 SBSMTPNV05 postfix/qmgr[1499]: 54EAF8059B: removed

I also see this in the secure log:

Jun 21 13:12:58 SBSMTPNV05 auth: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=myusername rhost=10.20.2.0
 user=myusername
Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): getting
password (0x0010)
Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): pam_get_item
returned a password
Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:auth): user
'myusername' granted access
Jun 21 13:12:58 SBSMTPNV05 auth: pam_winbind(dovecot:account): user
'myusername' granted access

However, when I switch the mechanism to NTLM in the Thurnderbird MUA I see
this:

Jun 21 13:15:46 SBSMTPNV05 postfix/smtpd[1506]: connect from
nvit01b.mydomain.com[10.20.2.**0]
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/**libauthdb_ldap.so
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/**libdriver_sqlite.so
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/**libmech_gssapi.so
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: auth client connected
(pid=1506)
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in:
AUTH#0111#011NTLM#011service=**smtp#011nologin#011lip=10.20.**4.
12#011rip=10.20.2.0#011resp=**TlRMT[...snip...]A=
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client out:
CONT#0111#011TlRMT[[...snip...**]A
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: Debug: client in:
CONT#0111#011TlRMT[...snip...]**A=
Jun 21 13:15:46 SBSMTPNV05 dovecot: auth: winbind(?,10.20.2.0): user not
authenticated: NT_STATUS_UNSUCCESSFUL
Jun 21 13:15:48 SBSMTPNV05 postfix/smtpd[1506]: warning:
nvit01b.mydomain.com[10.20.2.**0]: SASL NTLM authentication failed:
TlRMT[...snip...]A
Jun 21 13:15:48 SBSMTPNV05 dovecot: auth: Debug: client out: FAIL#0111
Jun 21 13:15:49 SBSMTPNV05 postfix/smtpd[1506]: disconnect from
nvit01b.mydomain.com[10.20.2.**0]

with nothing in the secure log and I don't see anything show up in the
winbind logs either.



I've reviewed these pages as reference, and I'm not sure what I'm missing:
http://wiki2.dovecot.org/**HowTo/ActiveDirectoryNtlm
http://wiki2.dovecot.org/**Authentication/Mechanisms/NTLM
http://www.dovecot.org/list/**dovecot/2008-December/035630.**html
http://www.dovecot.org/list/**dovecot/2010-February/046763.**html
http://blog.al-sh

Re: [Dovecot] Config for master user in dovecot 1.1.20

2013-06-22 Thread Reindl Harald 

Am 22.06.2013 09:32, schrieb Noel Butler:
> especially to those who are new or stuck on certain versions 
> due to policies which you do not write or have any input on 

well and in this case you refer to LTS distributions and
the one who is responsible and the commercial support which
is the reason to stick on a outdated version are the ones
to ask, they get paid for..



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Config for master user in dovecot 1.1.20

2013-06-22 Thread Reindl Harald 

Am 22.06.2013 09:32, schrieb Noel Butler:
>> well, i have *zero* understanding for people using for years
>> not supported software on public machines, well if this
>> makes me to an asshole so it be - period
>>
> some may not know better

how comes?

http://www.dovecot.org/ starts at the top with

Mon Jun 17 00:42:32 EEST 2013
Released v2.2.3.

> and do NOT deserve to be spoken down at 
> by some caustic fuckwit like you

"why in the world is someone installing 1.1 in 2013
on a new server while current version is 2.2.3" is
spoken down?

laughable!

> you of course are always welcome to have a say in a polite term to
> newbies etc assisting them by politely explaining why its best to not
> use such version or whatever

how comes that most mailing-lists are full of gorgeous girls
starting to cry after ervy not beloved word?



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Config for master user in dovecot 1.1.20

2013-06-22 Thread Edwardo Garcia 
I agree completely, I for one am also very sick of Harald's venomous
rhetoric on this list.  I am surprised that a moderator has not banned
Harald or officially warned him.

I am not one for such language, but I spent only five minutes googling
Harald, and I see what you have meant, perhaps as you alluded to, sometimes
you need to speak baby talk, to talk to baby.



On Sat, Jun 22, 2013 at 5:32 PM, Noel Butler  wrote:

> /me lowers myself to harrys level coz he might understand it
>
> only harry needs to read my reply, no one else should as your ears may
> burn :)
>
> On Sat, 2013-06-22 at 04:12 +0200, Reindl Harald wrote:
>
> >
> > Am 22.06.2013 03:02, schrieb Nick Edwards:
> > > Save your breath, Harald is just a complete abrasive jagoff, on this
> > > and every other list, I know for a fact that he is one step from being
> > > banned off the apache lists
> >
> > you know for a fact *what*?
> >
> > there are very very few posts from me on the apache lists and
> > now come one and show me a abusive one or do yourself a favour
> > and be quiet
> >
> > well, i have *zero* understanding for people using for years
> > not supported software on public machines, well if this
> > makes me to an asshole so it be - period
> >
> >
>
>
>
>
> be an asshole to yourself then idiot and keep your fucking mouth SHUT if
> you have nothing helpful to say, especially to those who are new or
> stuck on certain versions due to policies which you do not write or have
> any input on (thank christ), some may not know better and do NOT deserve
> to be spoken down at by some caustic fuckwit like you
>
> you of course are always welcome to have a say in a polite term to
> newbies etc assisting them by politely explaining why its best to not
> use such version or whatever - otherwise, fuck off and dont say a word
> to them, assholes like you give lists a bad name, sure I am NOT innocent
> in some respects to this, but at least I only attack the trolls and
> ranting idiots (like you, now),  but you however, attack anyone, and
> theres no excuse for THAT.
>
>

[Dovecot] use Alternative Storage as a cloud mail service

2013-06-22 Thread ♥ NiNJA ♂ 
Hi all

I'm trying to create a mail service provider

I like to know is it possible to have some servers as storage servers
And automatically put email datas on the servers
Something like having 3 servers , If server two get full , Automatically
use server three

If it's possible give me some solutions to use

I like to use CentOS OS on my servers

Thanks in advance

Re: [Dovecot] Calling dovecot-lda from within Antispam pipe script (bash) seems to have no effect

2013-06-22 Thread e-frog 

On 21.06.2013 21:54, wrote Ben Johnson:



write(2, "\1\00429770 user sa-training@exampl"..., 139^A^D29770 user
sa-train...@example.com: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied

It seems the issue here is that "root" is the only user who is allowed
to read Dovecot's configuration file. Presumably, Dovecot, like most
services, is started as "root" and then drops its permissions to
least-required once started.



You can change owner and mode for /var/run/dovecot/config with the 
following entry in 10-master.conf:


service config {
  unix_listener config {
mode = 0600
user = vmail
  }
}

More details can be found here: http://wiki2.dovecot.org/Services

/e-frog

Re: [Dovecot] Config for master user in dovecot 1.1.20

2013-06-22 Thread Noel Butler 
/me lowers myself to harrys level coz he might understand it

only harry needs to read my reply, no one else should as your ears may
burn :)

On Sat, 2013-06-22 at 04:12 +0200, Reindl Harald wrote:

> 
> Am 22.06.2013 03:02, schrieb Nick Edwards:
> > Save your breath, Harald is just a complete abrasive jagoff, on this
> > and every other list, I know for a fact that he is one step from being
> > banned off the apache lists
> 
> you know for a fact *what*?
> 
> there are very very few posts from me on the apache lists and
> now come one and show me a abusive one or do yourself a favour
> and be quiet
> 
> well, i have *zero* understanding for people using for years
> not supported software on public machines, well if this
> makes me to an asshole so it be - period
> 
> 




be an asshole to yourself then idiot and keep your fucking mouth SHUT if
you have nothing helpful to say, especially to those who are new or
stuck on certain versions due to policies which you do not write or have
any input on (thank christ), some may not know better and do NOT deserve
to be spoken down at by some caustic fuckwit like you

you of course are always welcome to have a say in a polite term to
newbies etc assisting them by politely explaining why its best to not
use such version or whatever - otherwise, fuck off and dont say a word
to them, assholes like you give lists a bad name, sure I am NOT innocent
in some respects to this, but at least I only attack the trolls and
ranting idiots (like you, now),  but you however, attack anyone, and
theres no excuse for THAT.

<>

signature.asc
Description: This is a digitally signed message part