Re: Dovecot and Postfix - dovecot doesn't create sockets
Oh sorry. I didn't see that it was a question. We ve got a ROOT-Server. I decided for SuSe 13.1 as operating system. The basic configuration has the package libselinux1 installed. After your post I installed with zypper selinux-tools in the hope they come with a utility for checking whats going on. Besides in /var/spool/postfix/private are sockets with owner postfix:postfix - Am 13.06.2014 16:02, schrieb Reindl Harald: Am 13.06.2014 15:53, schrieb Bernd Weber: Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. It only doesn't create the sockets, I have in the service section of 10-master.conf Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message you still did not answer if you have SELinux or something like that running or how your FS permissions recursive down from /var/spool are - something just prevents dovecot to create the files which is not dovecot itself i googled that for you: http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245
Re: Dovecot and Postfix - dovecot doesn't create sockets
On Fre, 2014-06-13 at 15:53 +0200, Bernd Weber wrote: > Thank you very much for your advice, but that error of postfx I got from > the error-log. Dovecot doesn't complain. It only doesn't create the > sockets, I have in the service section of 10-master.conf There should be more somewhere with "permission denied" or similar somewhere - the more useful programs log everything possibly strange. Additionally you could start 'dovecot' under "strace" - e.g. `strace -o dovecot.strace ...` and look for the socket() sys-calls for an error. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds
Re: Dovecot and Postfix - dovecot doesn't create sockets
Am 13.06.2014 15:53, schrieb Bernd Weber: > Thank you very much for your advice, but that error of postfx I got from the > error-log. Dovecot doesn't complain. > It only doesn't create the sockets, I have in the service section of > 10-master.conf > > Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: > >> On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: >> [...] >>> Problem: Sockets /var/spool/postfix/private/auth and >>> /var/spool/postfix/private/dovecot-lmtp are not created >>> >>> The only error message I get comes from postfix: no auth (SASL) founhd. >>> Takes np wonder, the s ockets don't exist. Any help is welcome. >> Look in the log files for the error message you still did not answer if you have SELinux or something like that running or how your FS permissions recursive down from /var/spool are - something just prevents dovecot to create the files which is not dovecot itself i googled that for you: http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245 signature.asc Description: OpenPGP digital signature
Re: Dovecot and Postfix - dovecot doesn't create sockets
Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. It only doesn't create the sockets, I have in the service section of 10-master.conf Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: Hi! On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message. Bernd
Re: Dovecot and Postfix - dovecot doesn't create sockets
Hi! On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] > Problem: Sockets /var/spool/postfix/private/auth and > /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. > Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds
Re: [Dovecot] doveadm index - Bug or expected behaviour?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Jun 2014, Bruno Galindro da Costa wrote: My ldap config is using the variable %d in base search for domain replacement when dovecot will search for users in LDAP. Its works fine for dovecot operation. But, for doveadm index, not. It ignores that variable and tries to pass a base search without domain. So, the search will not working. This is the command: # doveadm -v index -A INBOX This is my config: # cat /etc/dovecot/dovecot-ldap-userdb.conf hosts = 10.0.0.1 tls = no auth_bind = no ldap_version = 3 base = ou=%d,ou=mail,ou=services,dc=domain scope = subtree deref = never user_filter = (& (cn=%n)(objectclass=nisMailAlias)(ContaAtiva=TRUE) ) user_attrs = cn=rfc822mailmember,EmailQuota=quota_rule=*:storage=%$M,EmailQuotaSpecial=quota_rule=*:storage=%$M,eduPersonPrincipalName=eppn Do you use rfc822mailmember and eppn somewhere? They are no Dovecot field names, IMHO. Same question applies to EmailQuota and EmailQuotaSpecial as they both expand to quota_rule. iterate_filter = (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) iterate_attrs = rfc822mailmember=user Does rfc822mailmember contain the domain? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5r7KHz1H7kL/d9rAQJtdwf/Z9dG1F16zPtRLyKnBWZM/G2hnrwhP43+ bWoVzcsRxSaP1U/Wku+mOsgJT+4tH/KjOgZHxgKn+/O91zlRWwQJwOGn+t3Qq+lH L3uiW0iZ93rvEbfTXYyxiSutJNCRMjVv9CU6ZfuR7wo0mqUhu6PNE4mJYplQ65ym 1nS1w2HTkCf+BixDJg1ZZ5vsW44T+da18dSu3bqzdWOEGybuJDknNk6W2hLjElQk oyxi5KISWzIimB7UJom1577I3Xzt7II6wOf/Wq9Rqg4jNn6Fwmy4lFuDcSScv9H+ GGC3TvtqmVLbOgEYkRSKgnx2MBpoXln1IhRTmpH6dPO97E3WCq9YGQ== =q2h+ -END PGP SIGNATURE-
Re: Dovecot and Postfix - dovecot doesn't create sockets
Am 13.06.2014 11:54, schrieb Bernd Weber: > Problem: Sockets /var/spool/postfix/private/auth and > /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. Takes > np wonder, the s ockets don't exist. > Any help is welcome. not a dovecot problem look for SELinux, Capabilities and whatever SMACK signature.asc Description: OpenPGP digital signature
Dovecot and Postfix - dovecot doesn't create sockets
Hi, Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Thanks. Bernd doveconf: # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.11.10-11-default x86_64 openSUSE 13.1 (x86_64) ext4 auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = yes auth_debug_passwords = yes auth_default_realm = auth_failure_delay = 2 secs auth_first_valid_uid = 500 auth_gssapi_hostname = auth_krb5_keytab = auth_last_valid_uid = 0 auth_master_user_separator = auth_mechanisms = plain login auth_proxy_self = auth_realms = auth_socket_path = /var/run/dovecot/auth-client auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot/ config_cache_size = 1 M debug_log_path = /var/log/dovecot.log default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_proxy_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} first_valid_gid = 1 first_valid_uid = 500 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_ca_dir = imapc_ssl_verify = yes imapc_user = %u import_environment = TZ LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = *, :: lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot zu Diensten. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_trusted_networks = mail_access_groups = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = yes mail_fsync = optimized mail_full_filesystem_access = no mail_gid = vmail mail_home = mail_location = maildir:/var/vmail/%d/%n:LAYOUT=fs mail_log_prefix = "%s(%u): " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib64/dovecot/modules mail_plugins = mail_prefetch_count = 0 mail_privileged_group = vmail mail_save_crlf = no mail_shared_explicit_inbox = yes mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = vmail mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 2 M mmap_disable = no namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = no special_use = \Drafts } mai
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:20, schrieb Reuben Farrelly: > On 13/06/2014 8:09 PM, Nick Edwards wrote: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >> >> I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that. > > Actually you're both incorrect - this isn't a PIX/ASA specific thing and it > does work that way on IOS routers in > certain configurations. A Cisco IOS router (800/1800/1900 etc) running > recent code will do this if you have a PAT > rule translating port 53 from outside to inside. > > This isn't a configuration that is that common, and it is annoying when you > run into it, but it's not something you > can have happen "by accident" since you have to specifically configure port > 53 to be NATted in to observe this > behaviour. It's also easy to turn off (TBH I don't know why it's not off by > default, but that's a separate matter). > > It doesn't impact normal outbound/dynamic NAT which is what most people use. > > I haven't tried 1:1 static NATs so can't verify if it works that way in that > situation, though we are running 1:1 static NAT and it is enabled by default in that situation that's what i am talking the whole time, nobody does single port-forwardings in a server environment and *yes* you can have happen this "by accident" simply by have non Cisco hardware before with the same 1:1 NAT and then get a Cisco device due switch from bundeled DSL lines to glasfiber signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
On 13/06/2014 8:09 PM, Nick Edwards wrote: On 6/11/14, Jost Krieger wrote: On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP I believe that Cisco equipment will do such things, but I doubt it's the routers. Unless you plug a firewall card in. I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or any ASR do that. Actually you're both incorrect - this isn't a PIX/ASA specific thing and it does work that way on IOS routers in certain configurations. A Cisco IOS router (800/1800/1900 etc) running recent code will do this if you have a PAT rule translating port 53 from outside to inside. This isn't a configuration that is that common, and it is annoying when you run into it, but it's not something you can have happen "by accident" since you have to specifically configure port 53 to be NATted in to observe this behaviour. It's also easy to turn off (TBH I don't know why it's not off by default, but that's a separate matter). It doesn't impact normal outbound/dynamic NAT which is what most people use. I haven't tried 1:1 static NATs so can't verify if it works that way in that situation, though. Reuben <>
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:17, schrieb Reindl Harald: > Am 13.06.2014 12:09, schrieb Nick Edwards: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >>> >> >> think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that > > http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html > > and even the small Cisco 6 years ago supplied by our ISP > did the same - most likely you just don't realize it if > you are not hoster of public nameservers and have one of > them in front of and one behind the NAT here you go: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html and here you go to disable this dumb behavior: no ip nat service alg udp dns no ip nat service alg tcp dns signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:09, schrieb Nick Edwards: > On 6/11/14, Jost Krieger wrote: >> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >> >>> Cisco routers by default mangle DNS traffic, break zone transfers >>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>> on the master until you disable DNS ALG for UDP and TCP >> >> I believe that Cisco equipment will do such things, but I doubt it's the >> routers. Unless you plug a firewall card in. >> > > think he means junk like PIX, I've never seen a 7200, 7300, 10K, or > any ASR do that http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html and even the small Cisco 6 years ago supplied by our ISP did the same - most likely you just don't realize it if you are not hoster of public nameservers and have one of them in front of and one behind the NAT signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
On 6/11/14, Jost Krieger wrote: > On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: > >> Cisco routers by default mangle DNS traffic, break zone transfers >> or even put befor all CNAME blocks a $TTL 0 line never appeared >> on the master until you disable DNS ALG for UDP and TCP > > I believe that Cisco equipment will do such things, but I doubt it's the > routers. Unless you plug a firewall card in. > I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or any ASR do that.