Re: Dovecot and Postfix - dovecot doesn't create sockets
Oh sorry. I didn't see that it was a question. We ve got a ROOT-Server. I decided for SuSe 13.1 as operating system. The basic configuration has the package libselinux1 installed. After your post I installed with zypper selinux-tools in the hope they come with a utility for checking whats going on. Besides in /var/spool/postfix/private are sockets with owner postfix:postfix - Am 13.06.2014 16:02, schrieb Reindl Harald: Am 13.06.2014 15:53, schrieb Bernd Weber: Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. It only doesn't create the sockets, I have in the service section of 10-master.conf Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message you still did not answer if you have SELinux or something like that running or how your FS permissions recursive down from /var/spool are - something just prevents dovecot to create the files which is not dovecot itself i googled that for you: http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245
Re: Dovecot and Postfix - dovecot doesn't create sockets
On Fre, 2014-06-13 at 15:53 +0200, Bernd Weber wrote: > Thank you very much for your advice, but that error of postfx I got from > the error-log. Dovecot doesn't complain. It only doesn't create the > sockets, I have in the service section of 10-master.conf There should be more somewhere with "permission denied" or similar somewhere - the more useful programs log everything possibly strange. Additionally you could start 'dovecot' under "strace" - e.g. `strace -o dovecot.strace ...` and look for the socket() sys-calls for an error. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds
Re: Dovecot and Postfix - dovecot doesn't create sockets
Am 13.06.2014 15:53, schrieb Bernd Weber: > Thank you very much for your advice, but that error of postfx I got from the > error-log. Dovecot doesn't complain. > It only doesn't create the sockets, I have in the service section of > 10-master.conf > > Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: > >> On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: >> [...] >>> Problem: Sockets /var/spool/postfix/private/auth and >>> /var/spool/postfix/private/dovecot-lmtp are not created >>> >>> The only error message I get comes from postfix: no auth (SASL) founhd. >>> Takes np wonder, the s ockets don't exist. Any help is welcome. >> Look in the log files for the error message you still did not answer if you have SELinux or something like that running or how your FS permissions recursive down from /var/spool are - something just prevents dovecot to create the files which is not dovecot itself i googled that for you: http://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory#comment-33245 signature.asc Description: OpenPGP digital signature
Re: Dovecot and Postfix - dovecot doesn't create sockets
Thank you very much for your advice, but that error of postfx I got from the error-log. Dovecot doesn't complain. It only doesn't create the sockets, I have in the service section of 10-master.conf Am 13.06.2014 15:36, schrieb Bernd Petrovitsch: Hi! On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] Problem: Sockets /var/spool/postfix/private/auth and /var/spool/postfix/private/dovecot-lmtp are not created The only error message I get comes from postfix: no auth (SASL) founhd. Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message. Bernd
Re: Dovecot and Postfix - dovecot doesn't create sockets
Hi! On Fre, 2014-06-13 at 11:54 +0200, Bernd Weber wrote: [...] > Problem: Sockets /var/spool/postfix/private/auth and > /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. > Takes np wonder, the s ockets don't exist. Any help is welcome. Look in the log files for the error message. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds
Re: [Dovecot] doveadm index - Bug or expected behaviour?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Jun 2014, Bruno Galindro da Costa wrote: My ldap config is using the variable %d in base search for domain replacement when dovecot will search for users in LDAP. Its works fine for dovecot operation. But, for doveadm index, not. It ignores that variable and tries to pass a base search without domain. So, the search will not working. This is the command: # doveadm -v index -A INBOX This is my config: # cat /etc/dovecot/dovecot-ldap-userdb.conf hosts = 10.0.0.1 tls = no auth_bind = no ldap_version = 3 base = ou=%d,ou=mail,ou=services,dc=domain scope = subtree deref = never user_filter = (& (cn=%n)(objectclass=nisMailAlias)(ContaAtiva=TRUE) ) user_attrs = cn=rfc822mailmember,EmailQuota=quota_rule=*:storage=%$M,EmailQuotaSpecial=quota_rule=*:storage=%$M,eduPersonPrincipalName=eppn Do you use rfc822mailmember and eppn somewhere? They are no Dovecot field names, IMHO. Same question applies to EmailQuota and EmailQuotaSpecial as they both expand to quota_rule. iterate_filter = (&(objectclass=nisMailAlias)(ContaAtiva=TRUE)(!(EmailQuota=0))) iterate_attrs = rfc822mailmember=user Does rfc822mailmember contain the domain? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5r7KHz1H7kL/d9rAQJtdwf/Z9dG1F16zPtRLyKnBWZM/G2hnrwhP43+ bWoVzcsRxSaP1U/Wku+mOsgJT+4tH/KjOgZHxgKn+/O91zlRWwQJwOGn+t3Qq+lH L3uiW0iZ93rvEbfTXYyxiSutJNCRMjVv9CU6ZfuR7wo0mqUhu6PNE4mJYplQ65ym 1nS1w2HTkCf+BixDJg1ZZ5vsW44T+da18dSu3bqzdWOEGybuJDknNk6W2hLjElQk oyxi5KISWzIimB7UJom1577I3Xzt7II6wOf/Wq9Rqg4jNn6Fwmy4lFuDcSScv9H+ GGC3TvtqmVLbOgEYkRSKgnx2MBpoXln1IhRTmpH6dPO97E3WCq9YGQ== =q2h+ -END PGP SIGNATURE-
Re: Dovecot and Postfix - dovecot doesn't create sockets
Am 13.06.2014 11:54, schrieb Bernd Weber: > Problem: Sockets /var/spool/postfix/private/auth and > /var/spool/postfix/private/dovecot-lmtp are not created > > The only error message I get comes from postfix: no auth (SASL) founhd. Takes > np wonder, the s ockets don't exist. > Any help is welcome. not a dovecot problem look for SELinux, Capabilities and whatever SMACK signature.asc Description: OpenPGP digital signature
Dovecot and Postfix - dovecot doesn't create sockets
Hi,
Problem: Sockets /var/spool/postfix/private/auth and
/var/spool/postfix/private/dovecot-lmtp are not created
The only error message I get comes from postfix: no auth (SASL) founhd.
Takes np wonder, the s ockets don't exist. Any help is welcome.
Thanks.
Bernd
doveconf:
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.10-11-default x86_64 openSUSE 13.1 (x86_64) ext4
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm =
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname =
auth_krb5_keytab =
auth_last_valid_uid = 0
auth_master_user_separator =
auth_mechanisms = plain login
auth_proxy_self =
auth_realms =
auth_socket_path = /var/run/dovecot/auth-client
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot/
config_cache_size = 1 M
debug_log_path = /var/log/dovecot.log
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
-l%{lock_timeout} -n%{namespace}
first_valid_gid = 1
first_valid_uid = 500
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send =
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_ca_dir =
imapc_ssl_verify = yes
imapc_user = %u
import_environment = TZ LISTEN_PID LISTEN_FDS
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = *, ::
lmtp_address_translate =
lmtp_proxy = no
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot zu Diensten.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
session=<%{session}>
login_trusted_networks =
mail_access_groups =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = yes
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid = vmail
mail_home =
mail_location = maildir:/var/vmail/%d/%n:LAYOUT=fs
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib64/dovecot/modules
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group = vmail
mail_save_crlf = no
mail_shared_explicit_inbox = yes
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid = vmail
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = dotlock fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = no
special_use = \Drafts
}
mai
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:20, schrieb Reuben Farrelly: > On 13/06/2014 8:09 PM, Nick Edwards wrote: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >> >> I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that. > > Actually you're both incorrect - this isn't a PIX/ASA specific thing and it > does work that way on IOS routers in > certain configurations. A Cisco IOS router (800/1800/1900 etc) running > recent code will do this if you have a PAT > rule translating port 53 from outside to inside. > > This isn't a configuration that is that common, and it is annoying when you > run into it, but it's not something you > can have happen "by accident" since you have to specifically configure port > 53 to be NATted in to observe this > behaviour. It's also easy to turn off (TBH I don't know why it's not off by > default, but that's a separate matter). > > It doesn't impact normal outbound/dynamic NAT which is what most people use. > > I haven't tried 1:1 static NATs so can't verify if it works that way in that > situation, though we are running 1:1 static NAT and it is enabled by default in that situation that's what i am talking the whole time, nobody does single port-forwardings in a server environment and *yes* you can have happen this "by accident" simply by have non Cisco hardware before with the same 1:1 NAT and then get a Cisco device due switch from bundeled DSL lines to glasfiber signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
On 13/06/2014 8:09 PM, Nick Edwards wrote: On 6/11/14, Jost Krieger wrote: On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP I believe that Cisco equipment will do such things, but I doubt it's the routers. Unless you plug a firewall card in. I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or any ASR do that. Actually you're both incorrect - this isn't a PIX/ASA specific thing and it does work that way on IOS routers in certain configurations. A Cisco IOS router (800/1800/1900 etc) running recent code will do this if you have a PAT rule translating port 53 from outside to inside. This isn't a configuration that is that common, and it is annoying when you run into it, but it's not something you can have happen "by accident" since you have to specifically configure port 53 to be NATted in to observe this behaviour. It's also easy to turn off (TBH I don't know why it's not off by default, but that's a separate matter). It doesn't impact normal outbound/dynamic NAT which is what most people use. I haven't tried 1:1 static NATs so can't verify if it works that way in that situation, though. Reuben <>
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:17, schrieb Reindl Harald: > Am 13.06.2014 12:09, schrieb Nick Edwards: >> On 6/11/14, Jost Krieger wrote: >>> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >>> Cisco routers by default mangle DNS traffic, break zone transfers or even put befor all CNAME blocks a $TTL 0 line never appeared on the master until you disable DNS ALG for UDP and TCP >>> >>> I believe that Cisco equipment will do such things, but I doubt it's the >>> routers. Unless you plug a firewall card in. >>> >> >> think he means junk like PIX, I've never seen a 7200, 7300, 10K, or >> any ASR do that > > http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html > > and even the small Cisco 6 years ago supplied by our ISP > did the same - most likely you just don't realize it if > you are not hoster of public nameservers and have one of > them in front of and one behind the NAT here you go: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9.html and here you go to disable this dumb behavior: no ip nat service alg udp dns no ip nat service alg tcp dns signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
Am 13.06.2014 12:09, schrieb Nick Edwards: > On 6/11/14, Jost Krieger wrote: >> On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: >> >>> Cisco routers by default mangle DNS traffic, break zone transfers >>> or even put befor all CNAME blocks a $TTL 0 line never appeared >>> on the master until you disable DNS ALG for UDP and TCP >> >> I believe that Cisco equipment will do such things, but I doubt it's the >> routers. Unless you plug a firewall card in. >> > > think he means junk like PIX, I've never seen a 7200, 7300, 10K, or > any ASR do that http://www.2mul.com/c/en/us/products/routers/2921-integrated-services-router-isr/index.html and even the small Cisco 6 years ago supplied by our ISP did the same - most likely you just don't realize it if you are not hoster of public nameservers and have one of them in front of and one behind the NAT signature.asc Description: OpenPGP digital signature
Re: Subject tag [Dovecot] is gone
On 6/11/14, Jost Krieger wrote: > On Wed Jun 11 12:03:24 2014, Reindl Harald wrote: > >> Cisco routers by default mangle DNS traffic, break zone transfers >> or even put befor all CNAME blocks a $TTL 0 line never appeared >> on the master until you disable DNS ALG for UDP and TCP > > I believe that Cisco equipment will do such things, but I doubt it's the > routers. Unless you plug a firewall card in. > I think he means junk like PIX, I've never seen a 7200, 7300, 10K, or any ASR do that.
