Re: [Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28

2007-04-10 Thread Jason Warner
Timo,

I really want to thank you for taking the time to look at this. I'm a newbie
with a little Linux experience, so I'm in charge of the mail server. It
makes it nice to deal with someone who really knows what they are doing.

 -Original Message-
 From: Timo Sirainen [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, April 10, 2007 8:46 AM
 To: Jason Warner
 Cc: 'Jason Warner'; dovecot@dovecot.org
 Subject: Re: [Dovecot] Connection refused with auth-master after
 upgradingto Dovecot 1.0 rc 28
 
 On Mon, 2007-04-09 at 08:45 -0600, Jason Warner wrote:
 Apr  2 12:56:32 mail deliver([EMAIL PROTECTED]):
 net_connect(/var/run/dovecot/auth-master) failed: Connection
refused
   
Delete this file. Restart Dovecot. Does it get recreated?
   
When I delete the file and restart Dovecot it is recreated.
  
   Does this then happen every time when running deliver? Does netstat
   show that dovecot-auth is listening in that path?
 
  When running deliver from the command line, I do not get the error. The
  error only appears when deliver is run from Postfix.
 
 And you gave deliver -d parameter when running from command line? If it
 works from there but not from Postfix, then the problem has something to
 do with how deliver is started. Did you try running as the same user as
 what Postfix runs it with?

When I run deliver with the -d parameter, it does deliver a message to the
intended user. I've tried just about everything I know how to do with the
Dovecot LDA in the master.cf config file for Postfix. Here is the line as it
stands now:

# Dovecot LDA
dovecot   unix  -   n   n   -   -   pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d
${recipient}

That line worked just fine up until the update. After some looking, we were
running 1.0 rc 15 so this step up to 28 was quite a move. Fortunately, the
mail server is working with our virtual setup, but our vacation message
setup relied on the sieve portions of the Dovecot LDA. Thanks again for
taking a look at this.

 
  Netstat shows the following when running.
 
  unix  2  [ ACC ] STREAM LISTENING 255526 private/dovecot
  unix  2  [ ACC ] STREAM LISTENING 1176428
  /var/run/dovecot/auth-master
 
 So it should be accepting connections.
 
  It appears that the auth-master is running. How would I check to make
 sure
  that it is listening and responding properly to requests?
 
 There really isn't any other way than to run deliver. auth_debug=yes
 will also log something whenever deliver is run and dovecot-auth sees
 something.




Re: [Dovecot] Connection refused with auth-master after upgradingto Dovecot 1.0 rc 28

2007-04-10 Thread Jason Warner


 -Original Message-
 From: Timo Sirainen [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, April 10, 2007 9:24 AM
 To: Jason Warner
 Cc: 'Jason Warner'; dovecot@dovecot.org
 Subject: RE: [Dovecot] Connection refused with auth-master after
 upgradingto Dovecot 1.0 rc 28
 
 On Tue, 2007-04-10 at 09:11 -0600, Jason Warner wrote:
 
  When I run deliver with the -d parameter, it does deliver a message to
  the
  intended user. I've tried just about everything I know how to do with
  the
  Dovecot LDA in the master.cf config file for Postfix. Here is the line
  as it
  stands now:
 
  # Dovecot LDA
  dovecot   unix  -   n   n   -   -   pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d
  ${recipient}
 
 So what about running deliver as vmail?
 
 sudo su vmail -s /usr/libexec/dovecot/deliver -d [EMAIL PROTECTED]
 
 What OS do you use? Do you use SELinux or anything like that?

Sorry, I forgot to mention that when I tried the -d parameter, I was running
as the vmail user and everything went just fine.

We're running Fedora Core 6. I've disabled SELinux on our mail box. There
have been SELinux updates recently. I'm not sure if they would affect our
mail server with SELinux disabled.





Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28

2007-04-10 Thread Jason Warner
 On 10.4.2007, at 19.30, Jason Warner wrote:
 
   write(6, [EMAIL PROTECTED]..., 55) = 55
 ..
  write(6, [EMAIL PROTECTED]..., 54) = 54
 
 Your original error was: net_connect(/var/run/dovecot/auth-master)
 failed: Connection refused. However here both of them were
 successfully connected to, and this shows that the authentication
 handshake was successfully sent. So I think it wrote a different
 error message to Dovecot's logs this time.

I'm afraid that I've tampered with stuff so much on this server that things
have changed from when I originally posted. 

Apr 10 10:12:14 mail postfix/smtpd[562]: A7F1B168734:
client=mail.domain.com[127.0.0.1]
Apr 10 10:12:14 mail postfix/cleanup[496]: A7F1B168734:
message-id=[EMAIL PROTECTED]
Apr 10 10:12:14 mail postfix/qmgr[452]: A7F1B168734: from=[EMAIL PROTECTED],
size=2600, nrcpt=1 (queue active)
Apr 10 10:12:14 mail postfix/smtp[464]: E4B351686E4: to=[EMAIL PROTECTED],
relay=127.0.0.1[127.0.0.1]:10024, delay=7, delays=0.22/0/0.01/6.8,
dsn=2.6.0, status=sent (250 2.6.0 Ok, id=31657-06, from MTA: 250 2.0.0 Ok:
queued as A7F1B168734)
Apr 10 10:12:15 mail dovecot: auth(default): file auth-request.c: line 474
(auth_request_lookup_credentials_callback): assertion failed:
(request-state == AUTH_REQUEST_STATE_PASSDB)
Apr 10 10:12:15 mail dovecot: auth(default): Raw backtrace: dovecot-auth
[0x806bb91] - dovecot-auth [0x806baac] - dovecot-auth [0x80552ce] -
dovecot-auth [0x805f2bd] - dovecot-auth [0x805f684] - dovecot-auth
[0x805906b] - dovecot-auth(io_loop_handler_run+0x110) [0x806ef30] -
dovecot-auth(io_loop_run+0x1c) [0x806e27c] - dovecot-auth(main+0x2fe)
[0x805a51e] - /lib/libc.so.6(__libc_start_main+0xdc) [0x673f2c] -
dovecot-auth {0x8050ba1]
Apr 10 10:12:15 mail dovecot: child 31532 (auth) killed with signal 6
Apr 10 10:12:15 mail postfix/pipe[563]: A7F1B168734: to=[EMAIL PROTECTED],
relay=dovecot, delay=0.75, delays=0.24/0.06/0/0.45, dsn=4.3.0,
status=deferred (temporary failure)

This looks like the auth fails due to some error, but I'm not sure what.

Apr 10 10:13:55 mail postfix/qmgr[864]: A7F1B168734: from=[EMAIL PROTECTED],
size=2600, nrcpt=1 (queue active)
Apr 10 10:13:55 mail postfix/pipe[890]: A7F1B168734: to=[EMAIL PROTECTED],
relay=dovecot, delay=101, delays=101/0.02/0/0.11, dsn=2.0.0, status=sent
(delivered via dovecot service)
Apr 10 10:13:55 mail postfix/qmgr[864]: A7F1B168734: removed

At this point, it looks like there was a retry and the dovecot service
delivers the mail, but the mail disappears into thin air. The problem is
that I have a ton of mail flooding the server and errors are overwritten
before I can take a look at them. I wasn't even able to compare the same
mail being sent in the delivery logs because by the time I stopped the
logging more mail had come into the system.




Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28

2007-04-10 Thread Jason Warner


 -Original Message-
 From: Timo Sirainen [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, April 10, 2007 11:45 AM
 To: Dovecot Mailing List
 Cc: Jason Warner; 'Jason Warner'
 Subject: Re: [Dovecot] Connection refused with auth-master
 afterupgradingto Dovecot 1.0 rc 28
 
 On 10.4.2007, at 20.35, Timo Sirainen wrote:
 
  On 10.4.2007, at 20.22, Jason Warner wrote:
 
  Apr 10 10:12:15 mail dovecot: auth(default): file auth-request.c:
  line 474
  (auth_request_lookup_credentials_callback): assertion failed:
  (request-state == AUTH_REQUEST_STATE_PASSDB)
 
  Oh. So the connection refused happens because dovecot-auth crashes.
  Now this is beginning to make sense. The easiest way to fix this is
  to add allow_all_users to userdb static's args. I'll try to figure
  out why this crash is happening.

Adding allow_all_users to my userdb static args gets rid of the previous
error message, but now the logs contain this message:

Apr 10 11:48:28 mail deliver([EMAIL PROTECTED]): setgid(999) failed: Operation
not permitted
Apr 10 11:48:28 mail postfix/pipe[17576]: 95FC916872D: to=[EMAIL PROTECTED],
relay=dovecot, delay=0.31, delays=0.26/0.02/0/0.02, dsn=2.0.0, status=sent
(delivered via dovecot service)

999 is the gid of my vmail user.

 
 Do you have core file in Dovecot's base_dir (/var/run/dovecot/ or /
 usr/local/var/run/dovecot/ probably)? If so, could you do:
 
 gdb /path/to/dovecot-auth /path/to/core
 bt full
 fr 4
 p *request
 
 (I think fr 4 is correct to give a usable output for p *request, if
 it just says No symbol try with different fr numbers. It's anyway
 the one that bt full shows auth_request_lookup_credentials_callback()
 being in)
 

I couldn't find a core dump file in the base_dir (/var/run/dovecot). Is
there a way to force a core dump?





Re: [Dovecot] Connection refused with auth-master afterupgradingto Dovecot 1.0 rc 28

2007-04-10 Thread Jason Warner
 On 10.4.2007, at 21.33, Jason Warner wrote:
 
  I still didn't get a core dump in /var/run/dovecot. Should I be
  looking
  somewhere else? That is the directory that the base_dir variable is
  set to
  in my dovecot.conf file.
 
 Well, another way would be to attach gdb directly into dovecot-auth
 while it's still running:
 
 gdb attach `pidof dovecot-auth`
 cont
 (wait for crash)
 bt full
 fr 4
 p *request
 
 Anyway I should be able to figure out the assert by looking at the
 code too. Just a bit more difficult, since a couple of minutes wasn't
 enough. :)

Here's the best I could do:

(gdb) bt full
#0  0x004b9402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00686d40 in raise () from /lib/libc.so.6
No symbol table info available.
#2  0x00688591 in abort () from /lib/libc.so.6
No symbol table info available.
#3  0x0806bb9a in i_error ()
No symbol table info available.
#4  0x0806baac in i_panic ()
No symbol table info available.
#5  0x080552ce in auth_request_lookup_credentials_callback ()
No symbol table info available.
#6  0x0805f2bd in passdb_cache_init ()
No symbol table info available.
#7  0x0805f684 in passdb_cache_init ()
No symbol table info available.
#8  0x0805906b in db_ldap_connect ()
No symbol table info available.
#9  0x0806ef30 in io_loop_handler_run ()
No symbol table info available.
#10 0x0806e27c in io_loop_run ()
No symbol table info available.
#11 0x0805a51e in main ()
No symbol table info available.

It looks like a stack trace, but the p *request just gives No symbol table
info available for all 11 integers.

 
  I tried this with both the allow_all_users set and without it set.
  That was
  the fix though. By adding allow_all_users to my userdb static args,
  everything is running just fine.
 
 Only problem with that is that it doesn't know if the user exists or
 not. So depending on how you've set up permissions, it's possible
 that it delivers mails to unknown users as well, creating the
 directories if needed..

That is a problem. I'll go back to Postfix's virtual delivery method until I
don't have to use the allow_all_users flag.




Re: [Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28

2007-04-03 Thread Jason Warner

Timo,

Thanks for your time.

On 4/2/07, Timo Sirainen [EMAIL PROTECTED] wrote:

On Mon, 2007-04-02 at 13:10 -0600, Jason Warner wrote:
 Fedora pushed out an update to Dovecot 1.0 rc 28 today. After
 upgrading, mail isn't delivered to local recipients. My log file is
 full of error messages similar to the following:

 Apr  2 12:56:32 mail deliver([EMAIL PROTECTED]):
 net_connect(/var/run/dovecot/auth-master) failed: Connection refused

Delete this file. Restart Dovecot. Does it get recreated?


When I delete the file and restart Dovecot it is recreated.



 I'm including some snippets from my dovecot.conf file that pertain to
 the auth-master file:

dovecot -n shows what Dovecot really uses. It might show something
different than what you thought you had.





Here is the output from dovecot -n:

[EMAIL PROTECTED] dovecot]# /usr/local/sbin/dovecot -c /etc/dovecot.conf -n
# /etc/dovecot.conf
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/dovecot/certs/pop3.pem
ssl_key_file: /etc/pki/dovecot/private/pop3.pem
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
default_mail_env: maildir:/home/vmail/mail/%n
mail_location: maildir:/home/vmail/mail/%n
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
auth default:
 passdb:
   driver: ldap
   args: /etc/dovecot-ldap.conf
 userdb:
   driver: static
   args: uid=502 gid=502 home=/home/vmail/mail/%n
mail=maildir:/home/vmail/mail/%n/
 socket:
   type: listen
   client:
   master:
 path: /var/run/dovecot/auth-master
 mode: 384
 user: vmail
 group: mail


Some other information that I've learned might be helpful in helping
to troubleshoot this problem:

1. I'm using Postfix and delivering mail to virtual users.
2. The problem presents itself when using the Dovecot LDA. If I go
back to my old virtual settings (not using the Dovecot LDA) then mail
is delivered again.
3. The Dovecot LDA is added with this line in my master.cf for Postfix:
# Dovecot LDA
dovecot   unix  -   n   n   -   -   pipe
 flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}


[Dovecot] Connection refused with auth-master after upgrading to Dovecot 1.0 rc 28

2007-04-02 Thread Jason Warner

Fedora pushed out an update to Dovecot 1.0 rc 28 today. After
upgrading, mail isn't delivered to local recipients. My log file is
full of error messages similar to the following:

Apr  2 12:56:32 mail deliver([EMAIL PROTECTED]):
net_connect(/var/run/dovecot/auth-master) failed: Connection refused

I'm including some snippets from my dovecot.conf file that pertain to
the auth-master file:

protocol lda {
 # Address to use when sending rejection mails.
 postmaster_address = [EMAIL PROTECTED]

 mail = maildir:/home/vmail/mail/%n

 # Hostname to use in various parts of sent mails, eg. in Message-Id.
 # Default is the system's real hostname.
 #hostname =

 # Support for dynamically loadable plugins. mail_plugins is a space separated
 # list of plugins to load.
 #mail_plugins =
 #mail_plugin_dir = /usr/lib/dovecot/lda
 mail_plugins = cmusieve
 mail_plugin_dir = /usr/lib/dovecot/lda

 # Binary to use for sending mails.
 #sendmail_path = /usr/lib/sendmail

 # UNIX socket path to master authentication server to find users.
 auth_socket_path = /var/run/dovecot/auth-master
 #auth_socket_path = /home/vmail/mail/auth-master
}

 socket listen {
   master {
 # Master socket provides access to userdb information. It's typically
 # used to give Dovecot's local delivery agent access to userdb so it
 # can find mailbox locations.
 path = /var/run/dovecot/auth-master
 #path = /home/vmail/mail/auth-master
 mode = 0600
 # Default user/group is the one who started dovecot-auth (root)
 user = vmail
 group = mail
   }
   #client {
 # The client socket is generally safe to export to everyone. Typical use
 # is to export it to your SMTP server so it can do SMTP AUTH lookups
 # using it.
 #path = /var/run/dovecot/auth-client
 #mode = 0660
   #}
 }

I have been beating my head against this trying to change the
permissions to 0777, changing the directory of the socket, changing
the auth user, and just about anything else I can find in any thread
that relates to this error. Any help would be greatly appreciated.