Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote: > At 9PM +0100 on 15/12/12 Andreas Meyer wrote: > > Ben Morrow wrote: > > > > > Before you go any further, please put the virtual_mailbox_maps parameter > > > back with a map of the valid virtual addresses. Otherwise you'll become > > > a backscatter source. > > > > Do you mean the old virtual_mailbox_maps = hash:/etc/postfix/vmailbox ? > > But wouldn't that mean I have to care for two user files? vmailbox and > > the passwd-file of dovecot? > > It doesn't matter how you do it, but you need to reject invalid users > during the SMTP transaction rather than allowing the mail to bounce > later. (This is really basic stuff: have you read through the Postfix > documentation? It make this pretty clear.) Yes, this is clear to me and I also read through the dovecot-wiki a bit and especially LDA and LDA-Posfix. ;) > If you're using a passwd-file userdb in Dovecot, you need to write a > script to convert it to a Postfix map, and make sure that script gets > run whenever the source file is updated. (Makefiles are good for that > sort of thing.) Alternatively, you could switch to keeping your userdb > in an SQL or LDAP database, and have Postfix query it directly. If all > else fails, you can arrange to pass the output of 'doveadm user "*"' to > postmap, though depending on your Dovecot setup you may need to append a > domain. Thank you for your hints, Ben! I am glad I have that thing up and running at least. And I already converted the old vmailbox file that postfix used to a new one with the valid users so postfix knows them too. Thinking about SQL or LDAP database is one of the next steps I am considering. We don't have that much users and taking care of them is not that much work. Next thing is I want to implement Quota. We are running users with maildir and mboxes. And of course I want to realize sieve filtering soon or later. I am glad I got this right now with your help. And learned much again. > > Ben > Andreas
Re: [Dovecot] need help with dovecot-lda
At 9PM +0100 on 15/12/12 Andreas Meyer wrote: > Ben Morrow wrote: > > > Before you go any further, please put the virtual_mailbox_maps parameter > > back with a map of the valid virtual addresses. Otherwise you'll become > > a backscatter source. > > Do you mean the old virtual_mailbox_maps = hash:/etc/postfix/vmailbox ? > But wouldn't that mean I have to care for two user files? vmailbox and > the passwd-file of dovecot? It doesn't matter how you do it, but you need to reject invalid users during the SMTP transaction rather than allowing the mail to bounce later. (This is really basic stuff: have you read through the Postfix documentation? It make this pretty clear.) If you're using a passwd-file userdb in Dovecot, you need to write a script to convert it to a Postfix map, and make sure that script gets run whenever the source file is updated. (Makefiles are good for that sort of thing.) Alternatively, you could switch to keeping your userdb in an SQL or LDAP database, and have Postfix query it directly. If all else fails, you can arrange to pass the output of 'doveadm user "*"' to postmap, though depending on your Dovecot setup you may need to append a domain. Ben
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote: > > And finally I think I found the problem. There is a transportmap in postfix > > integrated that says: > > > > anup.devirtual > > .anup.de virtual > > > > I chanched this to > > > > anup.dedovecot > > .anup.de dovecot > > > > and mail gets delivered. Even when I comment that map, mail is > > delivered because of virtual_transport = dovecot. Mail never reached > > the service dovecot because of that transportmap. > > Before you go any further, please put the virtual_mailbox_maps parameter > back with a map of the valid virtual addresses. Otherwise you'll become > a backscatter source. Do you mean the old virtual_mailbox_maps = hash:/etc/postfix/vmailbox ? But wouldn't that mean I have to care for two user files? vmailbox and the passwd-file of dovecot? > Ben > Andreas
Re: [Dovecot] need help with dovecot-lda
At 8PM +0100 on 15/12/12 you (Andreas Meyer) wrote:
> Ben Morrow wrote:
>
> > > dovecot unix - n n - - pipe
> > >flags=DRhu user=vmail:vmail argv=/etc/postfix/script.sh ${sender}
> > >${recipient}
> >
> > OK, then I think the problem is entirely on the Postfix side: it's not
> > even attempting to deliver the mail to Dovecot. You need to ask on a
> > Postfix list.
>
> And finally I think I found the problem. There is a transportmap in postfix
> integrated that says:
>
> anup.devirtual
> .anup.de virtual
>
> I chanched this to
>
> anup.dedovecot
> .anup.de dovecot
>
> and mail gets delivered. Even when I comment that map, mail is
> delivered because of virtual_transport = dovecot. Mail never reached
> the service dovecot because of that transportmap.
Before you go any further, please put the virtual_mailbox_maps parameter
back with a map of the valid virtual addresses. Otherwise you'll become
a backscatter source.
Ben
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote:
> > dovecot unix - n n - - pipe
> >flags=DRhu user=vmail:vmail argv=/etc/postfix/script.sh ${sender}
> >${recipient}
>
> OK, then I think the problem is entirely on the Postfix side: it's not
> even attempting to deliver the mail to Dovecot. You need to ask on a
> Postfix list.
And finally I think I found the problem. There is a transportmap in postfix
integrated that says:
anup.devirtual
.anup.de virtual
I chanched this to
anup.dedovecot
.anup.de dovecot
and mail gets delivered. Even when I comment that map, mail is
delivered because of virtual_transport = dovecot. Mail never reached
the service dovecot because of that transportmap.
You are so great! Thank you all for being so patient and for your help!
Now I can go on.
>
> Ben
>
Andreas
Re: [Dovecot] need help with dovecot-lda
At 8PM +0100 on 15/12/12 you (Andreas Meyer) wrote:
> Ben Morrow wrote:
>
> > Create a script something like this
> >
> > #!/bin/sh
> >
> > echo "--- FROM [$1] TO [$2]" >>/tmp/lda-log
> > /usr/bin/id >>/tmp/lda-log
> > /usr/bin/env >>/tmp/lda-log
> > exec /usr/libexec/dovecot/dovecot-lda -f "$1" -d "$2"
> >
> > (you may need to adjust the paths to id and env; the point is to avoid
> > relying on $PATH) and change the master.cf entry to invoke
> >
> > /path/to/script ${sender} ${recipient}
> >
> > instead of dovecot-lda. Then deliver some mail and see what, if
> > anything, gets written to /tmp/lda-log.
>
> Done that, made the script executable, restarted postfix and sent
> two mails from the desktop. The stuck in the queue, no file lda-log
> in /tmp.
>
> dovecot unix - n n - - pipe
>flags=DRhu user=vmail:vmail argv=/etc/postfix/script.sh ${sender}
>${recipient}
OK, then I think the problem is entirely on the Postfix side: it's not
even attempting to deliver the mail to Dovecot. You need to ask on a
Postfix list.
Ben
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote:
> > Sending an email from the desktop results in the same error:
> >
> > # mailq
> > -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> > CB9771B3025F 559 Sat Dec 15 16:39:48 anme...@anup.de
> > (unknown user:
> > "anme...@anup.de")
> > anme...@anup.de
>
> *Right*. Now we're getting somewhere: it looks like the problem is in
> your Postfix configuration.
>
> Create a script something like this
>
> #!/bin/sh
>
> echo "--- FROM [$1] TO [$2]" >>/tmp/lda-log
> /usr/bin/id >>/tmp/lda-log
> /usr/bin/env >>/tmp/lda-log
> exec /usr/libexec/dovecot/dovecot-lda -f "$1" -d "$2"
>
> (you may need to adjust the paths to id and env; the point is to avoid
> relying on $PATH) and change the master.cf entry to invoke
>
> /path/to/script ${sender} ${recipient}
>
> instead of dovecot-lda. Then deliver some mail and see what, if
> anything, gets written to /tmp/lda-log.
Done that, made the script executable, restarted postfix and sent
two mails from the desktop. The stuck in the queue, no file lda-log
in /tmp.
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/etc/postfix/script.sh ${sender}
${recipient}
> Ben
>
Andreas
Re: [Dovecot] need help with dovecot-lda
Daniel Parthey wrote:
> Andreas Meyer wrote:
> > > > hm, what does dovecot-lda do? I think it tries to connect to
> > > > /usr/var/run/dovecot/auth-userdb ?
> > >
> > > Try to trace the open syscalls of dovecot-lda and its children:
> > >
> > > strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
> > > anme...@anup.de
> >
> > > This should give you an idea about which files
> > > dovecot-lda really tries to open.
> >
> > Can't really say there is something wrong. It seems to find everything
> > it is looking for.
>
> You can also replace the -eopen with -efile to trace all file syscalls.
>
> echo "foo" | strace -f -efile /usr/libexec/dovecot/dovecot-lda -f
> anme...@anup.de -d anme...@anup.de
# echo "foo" | strace -f -efile /usr/libexec/dovecot/dovecot-lda -f
anme...@anup.de -d anme...@anup.de
execve("/usr/libexec/dovecot/dovecot-lda", ["/usr/libexec/dovecot/dovecot-lda",
"-f", "anme...@anup.de", "-d", "anme...@anup.de"], [/* 57 vars */]) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/dovecot/tls/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
stat64("/usr/lib/dovecot/tls/i686/sse2", 0xbf901578) = -1 ENOENT (No such file
or directory)
open("/usr/lib/dovecot/tls/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/lib/dovecot/tls/i686", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/tls/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/lib/dovecot/tls/sse2", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/tls/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat64("/usr/lib/dovecot/tls", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT
(No such file or directory)
stat64("/usr/lib/dovecot/i686/sse2", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/lib/dovecot/i686", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat64("/usr/lib/dovecot/sse2", 0xbf901578) = -1 ENOENT (No such file or
directory)
open("/usr/lib/dovecot/libdovecot-lda.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libdovecot-storage.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libdovecot.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY)= 3
open("/usr/lib/dovecot/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/librt.so.1", O_RDONLY) = 3
open("/usr/lib/dovecot/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/dovecot/libcrypto.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/dovecot/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libz.so.1", O_RDONLY)= 3
open("/usr/lib/dovecot/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/var/log/dovecot-lda-errors.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE,
0600) = 8
open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) =
9
open("/usr/lib/dovecot", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 10
open("/usr/lib/dovecot/lib90_sieve_plugin.so", O_RDONLY) = 10
open("/usr/lib/dovecot/libdovecot-sieve.so.0", O_RDONLY) = 10
open("/var/log/dovecot-lda-errors.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE,
0600) = 8
open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) =
9
chdir("/var/spool/vhosts/anup.de/anmeyer") = 0
stat64("/var/spool/vhosts/anup.de/anmeyer", {st_mode=S_IFDIR|0700,
st_size=4096, ...}) = 0
open("/etc/localtime", O_RDONLY)= 11
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
lstat64("/var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve",
{st_mode=S_IFLNK|0777, st_size=25, ...}) = 0
stat64("/var/spool/vhosts/anup.de/anmeyer/.dovecot.sieve",
{st_mode=S_IFREG|0600, st_size=111, ...}) = 0
open("/var/spool/vhosts/anup.de/anmeyer/.dovecot.svbin", O_RDONLY|O_LARGEFILE)
= 11
stat64("/var/spool/vhosts/anup.de/anmeyer/tmp", {st_mode=S_IFDIR|0700,
st_size=4096, ...}) = 0
stat64("/var/spool/vhosts/anup.de/anmeyer", {st_mode=S_IFDIR|0700,
st_size=4096, ...}) = 0
stat64("/var/spool/vhosts/anup.de/anmeyer", {st_mode=S_IFDIR|0700,
st_size=4096, ...}) = 0
open("/var/spool/vhosts/anup.de/anmeyer/dovecot.index.log", O_RDWR|O_LARGEFILE)
= 12
open("/var/spool/vhosts/anup.de/anmeyer/dovecot.ind
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote: > At 5PM +0100 on 15/12/12 Daniel Parthey wrote: > > Andreas Meyer wrote: > > > I managed to su to vmail by giving it a shell. > > > # su - vmail > > > > For security reasons, you should rather not give a login shell > > to non-interactive users. > > [This is good advice.] > > > You can temporarily pass a shell to su: > > > > su -s /bin/sh - vmail > > That depends on your su. Mine won't do that. I believe your assumption > that Andreas is on Linux, and therefore has a su that does do that, is > correct, but I don't know. (I might assume that since I said earlier > 'read your system's su(1)' that it doesn't; but then again I might > not...) Yes it does. man su says so too. > > Ben >
Re: [Dovecot] need help with dovecot-lda
Andreas Meyer wrote: > > > hm, what does dovecot-lda do? I think it tries to connect to > > > /usr/var/run/dovecot/auth-userdb ? > > > > Try to trace the open syscalls of dovecot-lda and its children: > > > > strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d > > anme...@anup.de > > > This should give you an idea about which files > > dovecot-lda really tries to open. > > Can't really say there is something wrong. It seems to find everything > it is looking for. You can also replace the -eopen with -efile to trace all file syscalls. echo "foo" | strace -f -efile /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d anme...@anup.de -- https://plus.google.com/103021802792276734820
Re: [Dovecot] need help with dovecot-lda
Andreas Meyer wrote:
> > > hm, what does dovecot-lda do? I think it tries to connect to
> > > /usr/var/run/dovecot/auth-userdb ?
> >
> > Try to trace the open syscalls of dovecot-lda and its children:
> >
> > strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
> > anme...@anup.de
> >
>
> # strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
> anme...@anup.de
> open("/usr/lib/dovecot/tls/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1
> ENOENT (No such file or directory)
> open("/usr/lib/dovecot/tls/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT
> (No such file or directory)
> open("/usr/lib/dovecot/tls/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT
> (No such file or directory)
> open("/usr/lib/dovecot/tls/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> open("/usr/lib/dovecot/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT
> (No such file or directory)
> open("/usr/lib/dovecot/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> open("/usr/lib/dovecot/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> open("/usr/lib/dovecot/libdovecot-lda.so.0", O_RDONLY) = 3
> open("/usr/lib/dovecot/libdovecot-storage.so.0", O_RDONLY) = 3
> open("/usr/lib/dovecot/libdovecot.so.0", O_RDONLY) = 3
> open("/usr/lib/dovecot/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> open("/lib/libc.so.6", O_RDONLY)= 3
> open("/usr/lib/dovecot/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/lib/librt.so.1", O_RDONLY) = 3
> open("/usr/lib/dovecot/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file
> or directory)
> open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3
> open("/usr/lib/dovecot/libcrypto.so.0.9.8", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
> open("/usr/lib/dovecot/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/lib/libz.so.1", O_RDONLY)= 3
> open("/usr/lib/dovecot/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> open("/lib/libdl.so.2", O_RDONLY) = 3
> open("/lib/libpthread.so.0", O_RDONLY) = 3
> open("/var/log/dovecot-lda-errors.log",
> O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) = 6
> open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600)
> = 7
> open("/usr/lib/dovecot", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 8
> open("/usr/lib/dovecot/lib90_sieve_plugin.so", O_RDONLY) = 8
> open("/usr/lib/dovecot/libdovecot-sieve.so.0", O_RDONLY) = 8
> open("/var/log/dovecot-lda-errors.log",
> O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) = 6
> open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600)
> = 7
Of course you will need to deliver a mail via stdin.
Otherwise dovecot-lda will stall and wait for input,
it doesn't even try to connect to auth-userdb.
This might work:
echo "foo" | strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f
anme...@anup.de -d anme...@anup.de
Regards
Daniel
--
https://plus.google.com/103021802792276734820
Re: [Dovecot] need help with dovecot-lda
At 5PM +0100 on 15/12/12 Daniel Parthey wrote: > Andreas Meyer wrote: > > I managed to su to vmail by giving it a shell. > > # su - vmail > > For security reasons, you should rather not give a login shell > to non-interactive users. [This is good advice.] > You can temporarily pass a shell to su: > > su -s /bin/sh - vmail That depends on your su. Mine won't do that. I believe your assumption that Andreas is on Linux, and therefore has a su that does do that, is correct, but I don't know. (I might assume that since I said earlier 'read your system's su(1)' that it doesn't; but then again I might not...) Ben
Re: [Dovecot] need help with dovecot-lda
At 4PM +0100 on 15/12/12 you (Andreas Meyer) wrote:
> Ben Morrow wrote:
>
> > > # su - vmail
> > > vmail@delta:~> doveconf -m lda base_dir auth_socket_path
> > > base_dir = /usr/var/run/dovecot
> > > auth_socket_path = auth-userdb
> > >
> > > But I don't know how to tell dovecot-lda to listen on sockets
> > > in /usr/var/run/dovecot
> >
> > Do you mean 'connect to'? It's important to be clear.
>
> hm, what does dovecot-lda do? I think it tries to connect to
> /usr/var/run/dovecot/auth-userdb ?
Yes. It doesn't listen on any sockets at all.
> > The first thing is to see what actually happens when you invoke
> > dovecot-lda as vmail. Remember to check the logs as well as the
> > mailboxes.
>
> vmail@delta:~> echo "foo" | /usr/libexec/dovecot/dovecot-lda -f
> anme...@anup.de -d anme...@anup.de
>
> The email with body foo in it is delivered to the mailbox.
> Dec 15 16:37:27 lda(anme...@anup.de): Info: sieve: msgid=unspecified:
> stored mail into mailbox 'INBOX'
>
> Sending an email from the desktop results in the same error:
>
> # mailq
> -Queue ID- --Size-- Arrival Time -Sender/Recipient---
> CB9771B3025F 559 Sat Dec 15 16:39:48 anme...@anup.de
> (unknown user: "anme...@anup.de")
> anme...@anup.de
*Right*. Now we're getting somewhere: it looks like the problem is in
your Postfix configuration.
Create a script something like this
#!/bin/sh
echo "--- FROM [$1] TO [$2]" >>/tmp/lda-log
/usr/bin/id >>/tmp/lda-log
/usr/bin/env >>/tmp/lda-log
exec /usr/libexec/dovecot/dovecot-lda -f "$1" -d "$2"
(you may need to adjust the paths to id and env; the point is to avoid
relying on $PATH) and change the master.cf entry to invoke
/path/to/script ${sender} ${recipient}
instead of dovecot-lda. Then deliver some mail and see what, if
anything, gets written to /tmp/lda-log.
Ben
Re: [Dovecot] need help with dovecot-lda
Hello!
Daniel Parthey wrote:
> Andreas Meyer wrote:
> > Ben Morrow wrote:
> >
> > > > # su - vmail
> > > > vmail@delta:~> doveconf -m lda base_dir auth_socket_path
> > > > base_dir = /usr/var/run/dovecot
> > > > auth_socket_path = auth-userdb
> > > >
> > > > But I don't know how to tell dovecot-lda to listen on sockets
> > > > in /usr/var/run/dovecot
> > >
> > > Do you mean 'connect to'? It's important to be clear.
> >
> > hm, what does dovecot-lda do? I think it tries to connect to
> > /usr/var/run/dovecot/auth-userdb ?
>
> Try to trace the open syscalls of dovecot-lda and its children:
>
> strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
> anme...@anup.de
>
# strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
anme...@anup.de
open("/usr/lib/dovecot/tls/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/lib/dovecot/tls/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/dovecot/tls/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/dovecot/tls/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib/dovecot/i686/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/lib/dovecot/i686/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/dovecot/sse2/libdovecot-lda.so.0", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/dovecot/libdovecot-lda.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libdovecot-storage.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libdovecot.so.0", O_RDONLY) = 3
open("/usr/lib/dovecot/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY)= 3
open("/usr/lib/dovecot/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/librt.so.1", O_RDONLY) = 3
open("/usr/lib/dovecot/libssl.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/dovecot/libcrypto.so.0.9.8", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
open("/usr/lib/dovecot/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libz.so.1", O_RDONLY)= 3
open("/usr/lib/dovecot/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/var/log/dovecot-lda-errors.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE,
0600) = 6
open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) =
7
open("/usr/lib/dovecot", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 8
open("/usr/lib/dovecot/lib90_sieve_plugin.so", O_RDONLY) = 8
open("/usr/lib/dovecot/libdovecot-sieve.so.0", O_RDONLY) = 8
open("/var/log/dovecot-lda-errors.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE,
0600) = 6
open("/var/log/dovecot-lda.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0600) =
7
> This should give you an idea about which files
> dovecot-lda really tries to open.
Can't really say there is something wrong. It seems to find everything
it is looking for.
>
> Regards
> Daniel
Andreas
Re: [Dovecot] need help with dovecot-lda
Andreas Meyer wrote: > Ben Morrow wrote: > > > > # su - vmail > > > vmail@delta:~> doveconf -m lda base_dir auth_socket_path > > > base_dir = /usr/var/run/dovecot > > > auth_socket_path = auth-userdb > > > > > > But I don't know how to tell dovecot-lda to listen on sockets > > > in /usr/var/run/dovecot > > > > Do you mean 'connect to'? It's important to be clear. > > hm, what does dovecot-lda do? I think it tries to connect to > /usr/var/run/dovecot/auth-userdb ? Try to trace the open syscalls of dovecot-lda and its children: strace -f -eopen /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d anme...@anup.de This should give you an idea about which files dovecot-lda really tries to open. Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] need help with dovecot-lda
Andreas Meyer wrote: > I managed to su to vmail by giving it a shell. > # su - vmail For security reasons, you should rather not give a login shell to non-interactive users. You can temporarily pass a shell to su: su -s /bin/sh - vmail Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote:
> > # su - vmail
> > vmail@delta:~> doveconf -m lda base_dir auth_socket_path
> > base_dir = /usr/var/run/dovecot
> > auth_socket_path = auth-userdb
> >
> > But I don't know how to tell dovecot-lda to listen on sockets
> > in /usr/var/run/dovecot
>
> Do you mean 'connect to'? It's important to be clear.
hm, what does dovecot-lda do? I think it tries to connect to
/usr/var/run/dovecot/auth-userdb ?
> The first thing is to see what actually happens when you invoke
> dovecot-lda as vmail. Remember to check the logs as well as the
> mailboxes.
vmail@delta:~> echo "foo" | /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de
-d anme...@anup.de
The email with body foo in it is delivered to the mailbox.
Dec 15 16:37:27 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Sending an email from the desktop results in the same error:
# mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
CB9771B3025F 559 Sat Dec 15 16:39:48 anme...@anup.de
(unknown user: "anme...@anup.de")
anme...@anup.de
I looked at the makefiles in the sources of the installed version
of dovecot and found that dovecot-lda is like everything compiled
with
localstatedir = ${prefix}/var
rundir = ${prefix}/var/run/dovecot
statedir = ${prefix}/var/lib/dovecot
where prefix = /usr
I don't know why dovecot-lda is not connecting? to
/usr/var/run/dovecot/auth-userdb
and instead uses /var/run/dovecot. I delete /var/run/dovecot meanwhile.
>
> Ben
>
Andreas
Re: [Dovecot] need help with dovecot-lda
At 3PM +0100 on 15/12/12 you (Andreas Meyer) wrote: > Ben Morrow wrote: > > > That's not where dovecot-lda is looking, at least not according to the > > log above. Is the vmail user able to read dovecot.conf? Do you have more > > than one dovecot.conf, with different settings in? I would ask you to > > run > > > > doveconf -m lda base_dir auth_socket_path > > > > as the vmail user, but I'm not convinced you know how. > > I managed to su to vmail by giving it a shell. > > # su - vmail > vmail@delta:~> doveconf -m lda base_dir auth_socket_path > base_dir = /usr/var/run/dovecot > auth_socket_path = auth-userdb > > But I don't know how to tell dovecot-lda to listen on sockets > in /usr/var/run/dovecot Do you mean 'connect to'? It's important to be clear. The first thing is to see what actually happens when you invoke dovecot-lda as vmail. Remember to check the logs as well as the mailboxes. Ben
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote: > That's not where dovecot-lda is looking, at least not according to the > log above. Is the vmail user able to read dovecot.conf? Do you have more > than one dovecot.conf, with different settings in? I would ask you to > run > > doveconf -m lda base_dir auth_socket_path > > as the vmail user, but I'm not convinced you know how. I managed to su to vmail by giving it a shell. # su - vmail vmail@delta:~> doveconf -m lda base_dir auth_socket_path base_dir = /usr/var/run/dovecot auth_socket_path = auth-userdb But I don't know how to tell dovecot-lda to listen on sockets in /usr/var/run/dovecot > > Ben > Andreas
Re: [Dovecot] need help with dovecot-lda
Ben Morrow wrote: > At 2PM +0100 on 15/12/12 Andreas Meyer wrote: > > [Ben Morrow wrote:] > > > > > > Well, that looks OK to me; but the only way to test it is to manually > > > run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot > > > sockets directory? Does it have the right permissions? > > > > No, no such socket in /var/run/dovecot > > > > # ll > > insgesamt 4 > > srwxrwxrwx 1 root root 0 8. Jun 2012 dict-server > > drwxr-x--- 2 root dovecot 4096 22. Jun 19:58 login > > If I were to ask 'is anything listening on those sockets?' is there any > chance you could answer that? Nothing is listening on /var/run/dovecot. It must be a relict from the old version 1.x # netstat -lnp |grep dovecot tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN 25542/dovecot tcp0 0 0.0.0.0:995 0.0.0.0:* LISTEN 25542/dovecot tcp0 0 0.0.0.0:110 0.0.0.0:* LISTEN 25542/dovecot tcp0 0 0.0.0.0:143 0.0.0.0:* LISTEN 25542/dovecot tcp0 0 0.0.0.0:41900.0.0.0:* LISTEN 25542/dovecot tcp0 0 :::993 :::*LISTEN 25542/dovecot tcp0 0 :::995 :::*LISTEN 25542/dovecot tcp0 0 :::110 :::*LISTEN 25542/dovecot tcp0 0 :::143 :::*LISTEN 25542/dovecot tcp0 0 :::4190 :::*LISTEN 25542/dovecot unix 2 [ ACC ] STREAM HÖRT 3425398 24015/master private/dovecot unix 2 [ ACC ] STREAM HÖRT 3441242 25542/dovecot /usr/var/run/dovecot/login/sieve unix 2 [ ACC ] STREAM HÖRT 3441249 25542/dovecot /usr/var/run/dovecot/login/ssl-params unix 2 [ ACC ] STREAM HÖRT 3441260 25542/dovecot /usr/var/run/dovecot/login/pop3 unix 2 [ ACC ] STREAM HÖRT 3441278 25542/dovecot /usr/var/run/dovecot/login/ipc-proxy unix 2 [ ACC ] STREAM HÖRT 3441288 25542/dovecot /usr/var/run/dovecot/login/imap unix 2 [ ACC ] STREAM HÖRT 3441302 25542/dovecot /usr/var/run/dovecot/login/dns-client unix 2 [ ACC ] STREAM HÖRT 3441316 25542/dovecot /usr/var/run/dovecot/login/login unix 2 [ ACC ] STREAM HÖRT 3441246 25542/dovecot /usr/var/run/dovecot/stats unix 2 [ ACC ] STREAM HÖRT 3441253 25542/dovecot /usr/var/run/dovecot/replicator unix 2 [ ACC ] STREAM HÖRT 3441257 25542/dovecot /usr/var/run/dovecot/replication-notify unix 2 [ ACC ] STREAM HÖRT 3441268 25542/dovecot /usr/var/run/dovecot/log-errors unix 2 [ ACC ] STREAM HÖRT 3441272 25542/dovecot /usr/var/run/dovecot/lmtp unix 2 [ ACC ] STREAM HÖRT 3441276 25542/dovecot /usr/var/run/dovecot/ipc unix 2 [ ACC ] STREAM HÖRT 3441282 25542/dovecot /usr/var/run/dovecot/indexer-worker unix 2 [ ACC ] STREAM HÖRT 3441286 25542/dovecot /usr/var/run/dovecot/indexer unix 2 [ ACC ] STREAM HÖRT 3441296 25542/dovecot /usr/var/run/dovecot/doveadm-server unix 2 [ ACC ] STREAM HÖRT 3441300 25542/dovecot /usr/var/run/dovecot/dns-client unix 2 [ ACC ] STREAM HÖRT 3441306 25542/dovecot /usr/var/run/dovecot/director-admin unix 2 [ ACC ] STREAM HÖRT 3441310 25542/dovecot /usr/var/run/dovecot/dict unix 2 [ ACC ] STREAM HÖRT 3441314 25542/dovecot /usr/var/run/dovecot/config unix 2 [ ACC ] STREAM HÖRT 3441320 25542/dovecot /usr/var/run/dovecot/auth-login unix 2 [ ACC ] STREAM HÖRT 3441324 25542/dovecot /usr/var/run/dovecot/auth-client unix 2 [ ACC ] STREAM HÖRT 3441328 25542/dovecot /usr/var/run/dovecot/auth-userdb unix 2 [ ACC ] STREAM HÖRT 3441332 25542/dovecot /usr/var/run/dovecot/auth-master unix 2 [ ACC ] STREAM HÖRT 3441336 25542/dovecot /usr/var/run/dovecot/auth-worker unix 2 [ ACC ] STREAM HÖRT 3441340 25542/dovecot /usr/var/run/dovecot/anvil unix 2 [ ACC ] STREAM HÖRT 3441344 25542/dovecot /usr/var/run/dovecot/anvil-auth-penalty > > > > If the mail was handed over to dovecot-lda, it ought to be logging > > > *something*. Find out where those logs should go; if they aren't > > > appearing,
Re: [Dovecot] need help with dovecot-lda
At 2PM +0100 on 15/12/12 Andreas Meyer wrote: > [Ben Morrow wrote:] > > > > Well, that looks OK to me; but the only way to test it is to manually > > run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot > > sockets directory? Does it have the right permissions? > > No, no such socket in /var/run/dovecot > > # ll > insgesamt 4 > srwxrwxrwx 1 root root 0 8. Jun 2012 dict-server > drwxr-x--- 2 root dovecot 4096 22. Jun 19:58 login If I were to ask 'is anything listening on those sockets?' is there any chance you could answer that? > > If the mail was handed over to dovecot-lda, it ought to be logging > > *something*. Find out where those logs should go; if they aren't > > appearing, you need to fix that. Syslog is IMHO a better bet than custom > > log files. > > I have a dovecot-lda-errors.log and a dovecot-lda.log > > # cat dovecot-lda-errors.log > Dec 14 23:28:20 lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: No such file or > directory > Dec 14 23:28:20 lda: Fatal: Internal error occurred. Refer to server > log for more information. At 2PM +0100 on 15/12/12 Andreas Meyer wrote: > > I just found out the sockets of dovecot reside in /usr/var/run/dovecot OK, that's... a little bizarre. That's not where dovecot-lda is looking, at least not according to the log above. Is the vmail user able to read dovecot.conf? Do you have more than one dovecot.conf, with different settings in? I would ask you to run doveconf -m lda base_dir auth_socket_path as the vmail user, but I'm not convinced you know how. Ben
Re: [Dovecot] need help with dovecot-lda
Andreas Meyer wrote: > > Well, that looks OK to me; but the only way to test it is to manually > > run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot > > sockets directory? Does it have the right permissions? > > No, no such socket in /var/run/dovecot I just found out the sockets of dovecot reside in /usr/var/run/dovecot # ll insgesamt 16 srw--- 1 rootroot0 15. Dez 11:14 anvil srw--- 1 rootroot0 15. Dez 11:14 anvil-auth-penalty srw--- 1 rootroot0 15. Dez 11:14 auth-client srw--- 1 dovecot root0 15. Dez 11:14 auth-login srw--- 1 rootroot0 15. Dez 11:14 auth-master srw--- 1 vmail vmail 0 15. Dez 11:14 auth-userdb srw--- 1 dovecot root0 15. Dez 11:14 auth-worker srw--- 1 rootroot0 15. Dez 11:14 config srw--- 1 rootroot0 15. Dez 11:14 dict srw--- 1 rootroot0 15. Dez 11:14 director-admin srw-rw-rw- 1 rootroot0 15. Dez 11:14 dns-client srw--- 1 rootroot0 15. Dez 11:14 doveadm-server lrwxrwxrwx 1 rootroot 29 15. Dez 11:14 dovecot.conf -> /usr/etc/dovecot/dovecot.conf drwxr-xr-x 2 rootroot 4096 8. Jun 2012 empty srw-rw-rw- 1 rootroot0 15. Dez 11:14 indexer srw--- 1 dovecot root0 15. Dez 11:14 indexer-worker srw--- 1 rootroot0 15. Dez 11:14 ipc srw-rw-rw- 1 rootroot0 15. Dez 11:14 lmtp srw--- 1 rootroot0 15. Dez 11:14 log-errors drwxr-x--- 2 rootdovenull 4096 15. Dez 11:14 login -rw--- 1 rootroot6 15. Dez 11:14 master.pid -rw-r--r-- 1 rootroot 37 15. Dez 11:14 mounts srw--- 1 rootroot0 15. Dez 11:14 replication-notify prw--- 1 rootroot0 15. Dez 11:14 replication-notify-fifo srw--- 1 dovecot root0 15. Dez 11:14 replicator srw--- 1 rootroot0 15. Dez 11:14 stats prw--- 1 rootroot0 15. Dez 11:14 stats-mail the auth-userdb is there and vmail is the owner. What problem do I have that dovecot-lda does not find the users? Andreas
Re: [Dovecot] need help with dovecot-lda
Hello!
> > I already added
> >
> > service auth {
> > unix_listener auth-userdb {
> > mode = 0600
> > user = vmail # User running dovecot-lda
> > group = vmail # Or alternatively mode 0660 + dovecot-lda user in
> > this group
>
> You're supposed to understand the comments and then remove them, not
> copy them blindly without reading them.
That's ok, I'll remove the comments. But there is no auth-userdb socket
in the sockets directtory of dovecot.
> > }
> > }
> >
> > to the dovecot.conf.
>
> Well, that looks OK to me; but the only way to test it is to manually
> run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot
> sockets directory? Does it have the right permissions?
No, no such socket in /var/run/dovecot
# ll
insgesamt 4
srwxrwxrwx 1 root root 0 8. Jun 2012 dict-server
drwxr-x--- 2 root dovecot 4096 22. Jun 19:58 login
> > How does dovecot know there is a socket in
> > /var/spool/postfix/private/dovecot? And how does dovecot-lda know to
> > look there. Am I missunderstanding something?
>
> Yes, you are misunderstanding something. It works (something) like this:
>
> - A mail comes in to Postfix.
> - Postfix decides this mail is local.
> - Postfix sends the mail through /var/spool/postfix/private/dovecot
> to a Postfix pipe(8) process on the other end.
> - That pipe(8) process runs dovecot-lda, as the vmail user.
> - dovecot-lda reads dovecot.conf.
> - dovecot-lda contacts the Dovecot auth process using the
> auth-userdb socket.
> - If the user exists, it delivers the mail to their mailbox.
>
> No Dovecot process needs to know anything at all about the Postfix
> socket, it's just for internal communication between different bits of
> Postfix. Have you read the Postfix documentation?
Thank you for that explanation!
> > I am lost. I don't if the mail is handed over to dovecot-lda and if so
> > why it can't find the passwd-file.
>
> If the mail was handed over to dovecot-lda, it ought to be logging
> *something*. Find out where those logs should go; if they aren't
> appearing, you need to fix that. Syslog is IMHO a better bet than custom
> log files.
I have a dovecot-lda-errors.log and a dovecot-lda.log
# cat dovecot-lda-errors.log
Dec 14 23:28:20 lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: No such file or directory
Dec 14 23:28:20 lda: Fatal: Internal error occurred. Refer to server log for
more information.
# echo "foo" | /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
anme...@anup.de
# cat dovecot-lda.log
Dec 14 21:04:07 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 14 21:16:46 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 14 21:18:25 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 14 21:20:44 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 14 21:58:13 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 10:14:50 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 10:14:59 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 10:24:19 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 10:24:27 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 11:14:58 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 11:26:01 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 11:26:11 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
Dec 15 14:07:40 lda(anme...@anup.de): Info: sieve: msgid=unspecified: stored
mail into mailbox 'INBOX'
So the question is how do I get this auth-userdb socket?
>
> Ben
>
Andreas
Re: [Dovecot] need help with dovecot-lda
At 9PM +0100 on 14/12/12 Andreas Meyer wrote:
> Ben Morrow wrote:
> > At 5PM +0100 on 14/12/12 Andreas Meyer wrote:
> > >
> > > Some month ago I upgraded our dovecot installation from version 1.0.5
> > > to version 2.1.7 without having any trouble. Postfix is delivering
> > > email directly per virtual transport to the maildirs and mailboxes of
> > > the users in /var/spool/vhosts/domains/
> > > I set soft_bounce = yes in main.cf of postfix and delivery of mail
> > > fails with
> > >
> > > Dec 14 16:13:34 delta postfix/virtual[14082]: BBC0F1B31294:
> > > to=, relay=virtual, delay=395, delays=395/0.01/0/0.13,
> > > dsn=4.1.1, status=SOFTBOUNCE (unknown user: "x...@anup.de")
> >
> > What happens if you run
> >
> > echo "foo" | /usr/libexec/dovecot/dovecot-lda \
> > -f x...@anup.de -d x...@anup.de
> >
> > in the shell (as the vmail user)? Does it fail with exit code 67? This
> > is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know
> > how to deliver to this user'. Either x...@anup.de is not a valid address
> > at that domain, or you haven't made the auth-userdb socket available to
> > the vmail user. See http://wiki2.dovecot.org/LDA, under the section
> > 'Virtual users'.
>
> I did this in the shell:
>
> delta:/ # su vmail
> delta:/ # whoami
> root
So su didn't work. That's often the case with daemon users, because they
often don't have a login shell. Read the manpage for your system's su to
find out if you can override that, and how (I can't help you here, since
your su is probably different from mine). You may have more luck with
sudo, if you've got it installed.
> delta:/ # echo "test" | /usr/libexec/dovecot/dovecot-lda -f
> anme...@anup.de -d anme...@anup.de
>
> and the mail was delivered to the mailbox without error. Maybe the
> vmail user is the problem?
That is delivered to 'anma...@anup.de', which looks a lot more like a
real address than 'x...@anup.de'.
> When I send an email from my desktop I get this in the mail.log:
> Dec 14 21:19:42 delta postfix/virtual[16185]: A6E511B3128A:
> to=, relay=virtual, delay=0.15,
> delays=0.08/0.01/0/0.06, dsn=4.1.1, status=SOFTBOUNCE (unknown user:
> "anme...@anup.de")
So it's likely the vmail user can't read the userdb; do you not get any
logs from dovecot-lda? (You may not if Dovecot is using custom logs
rather than syslog, and vmail doesn't have write access.)
> The line of the /etc/shadow for vmail looks like this:
> vmail::13940:0:9:7:::
How is that relevant? AFAIK the login shell lives in /etc/passwd on
shadow-password systems.
At 11AM +0100 on 15/12/12 Andreas Meyer wrote:
>
> # id vmail
> uid=5000(vmail) gid=5000(vmail) Gruppen=5000(vmail)
>
> # su vmail echo "foo" | /usr/libexec/dovecot/dovecot-lda -f
> anme...@anup.de -d anme...@anup.de
> an empty email with 0 B gets delivered to the maildir of anme...@anup.de
That command-line attempts to run 'echo "foo"' as the vmail user, and
dovecot-lda as root (and I don't know if the arguments to su are
correct; on my system they wouldn't be). You *really* need to learn how
to use your operating system before you try anything relatively
complicated like setting up a mail server.
> > in the shell (as the vmail user)? Does it fail with exit code 67? This
> > is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know
> > how to deliver to this user'. Either x...@anup.de is not a valid address
> > at that domain, or you haven't made the auth-userdb socket available to
> > the vmail user. See http://wiki2.dovecot.org/LDA, under the section
> > 'Virtual users'.
>
> I already added
>
> service auth {
> unix_listener auth-userdb {
> mode = 0600
> user = vmail # User running dovecot-lda
> group = vmail # Or alternatively mode 0660 + dovecot-lda user in
> this group
You're supposed to understand the comments and then remove them, not
copy them blindly without reading them.
> }
> }
>
> to the dovecot.conf.
Well, that looks OK to me; but the only way to test it is to manually
run dovecot-lda as vmail. Is there an auth-userdb socket in your dovecot
sockets directory? Does it have the right permissions?
> How does dovecot know there is a socket in
> /var/spool/postfix/private/dovecot? And how does dovecot-lda know to
> look there. Am I missunderstanding something?
Yes, you are misunderstanding something. It works (something) like this:
- A mail comes in to Postfix.
- Postfix decides this mail is local.
- Postfix sends the mail through /var/spool/postfix/private/dovecot
to a Postfix pipe(8) process on the other end.
- That pipe(8) process runs dovecot-lda, as the vmail user.
- dovecot-lda reads dovecot.conf.
- dovecot-lda contacts the Dovecot auth process using the
auth-userdb socket.
- If the user exists, it delivers the mail to their mailbox.
No Dovecot process needs to know anything at all about the Postfix
socket, it's just for internal communication between different bits
Re: [Dovecot] need help with dovecot-lda
Hello!
Ben Morrow wrote:
> At 5PM +0100 on 14/12/12 Andreas Meyer wrote:
> > dovecot unix - n n - - pipe
> > flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> > ${sender} -d ${recipient}
> What happens if you run
>
> echo "foo" | /usr/libexec/dovecot/dovecot-lda \
> -f x...@anup.de -d x...@anup.de
# id vmail
uid=5000(vmail) gid=5000(vmail) Gruppen=5000(vmail)
# su vmail echo "foo" | /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
anme...@anup.de
an empty email with 0 B gets delivered to the maildir of anme...@anup.de
# echo "foo" | /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
anme...@anup.de
email with foo in the body is delivered to the maildir.
# delta:/var/spool/vhosts/anup.de/anmeyer/new # ll
insgesamt 4
-rw--- 1 vmail vmail 0 15. Dez 11:26 1355567160.M902698P23725.delta,S=0,W=0
-rw--- 1 vmail vmail 4 15. Dez 11:26 1355567171.M334599P23728.delta,S=4,W=5
> in the shell (as the vmail user)? Does it fail with exit code 67? This
> is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know
> how to deliver to this user'. Either x...@anup.de is not a valid address
> at that domain, or you haven't made the auth-userdb socket available to
> the vmail user. See http://wiki2.dovecot.org/LDA, under the section
> 'Virtual users'.
I already added
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail # User running dovecot-lda
group = vmail # Or alternatively mode 0660 + dovecot-lda user in this
group
}
}
to the dovecot.conf. How does dovecot know there is a socket in
/var/spool/postfix/private/dovecot? And how does dovecot-lda know
to look there. Am I missunderstanding something?
If I send an email from the desktop I have in the mail.log
Dec 15 11:35:25 delta postfix/virtual[23910]: E0BC61B3128A:
to=, relay=virtual, delay=0.18, delays=0.09/0.01/0/0.09,
dsn=4.1.1, status=SOFTBOUNCE (unknown user: "anme...@anup.de")
and the mail is stuck in the queue
# mailq
-Queue ID- --Size-- Arrival Time -Sender/Recipient---
E0BC61B3128A 559 Sat Dec 15 11:35:24 anme...@anup.de
(unknown user: "anme...@anup.de")
anme...@anup.de
I am lost. I don't if the mail is handed over to dovecot-lda and if so
why it can't find the passwd-file.
>
> Ben
>
Andreas
Re: [Dovecot] need help with dovecot-lda
Hello!
Ben Morrow wrote:
> At 5PM +0100 on 14/12/12 Andreas Meyer wrote:
> >
> > Some month ago I upgraded our dovecot installation from version 1.0.5
> > to version 2.1.7 without having any trouble. Postfix is delivering
> > email directly per virtual transport to the maildirs and mailboxes of
> > the users in /var/spool/vhosts/domains/
> >
> > Now I want to use dovecot-lda and created a new entry in the master.cf
> > of postfix.
> >
> > dovecot unix - n n - - pipe
> > flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> > ${sender} -d ${recipient}
> >
> > It is not clear to me, how the dovecot-lda is started bei dovecot and
> > you it finds the socket dovecot postfix created.
>
> The process listening on that 'dovecot' pipe is a Postfix pipe(8)
> process. When a delivery request comes in from elsewhere in Postfix, it
> invokes /usr/libexec/dovecot/dovecot-lda as a new child process. This
> new lda process will contact the dovecot-auth service if it needs to,
> but is otherwise not connected to the running Dovecot server at all.
>
> If you want Dovecot to listen for deliveries (which has some efficiency
> advantages), you want to use LMTP.
>
> > I set soft_bounce = yes in main.cf of postfix and delivery of mail fails
> > with
> >
> > Dec 14 16:13:34 delta postfix/virtual[14082]: BBC0F1B31294:
> > to=, relay=virtual, delay=395, delays=395/0.01/0/0.13,
> > dsn=4.1.1, status=SOFTBOUNCE (unknown user: "x...@anup.de")
>
> What happens if you run
>
> echo "foo" | /usr/libexec/dovecot/dovecot-lda \
> -f x...@anup.de -d x...@anup.de
>
> in the shell (as the vmail user)? Does it fail with exit code 67? This
> is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know
> how to deliver to this user'. Either x...@anup.de is not a valid address
> at that domain, or you haven't made the auth-userdb socket available to
> the vmail user. See http://wiki2.dovecot.org/LDA, under the section
> 'Virtual users'.
I did this in the shell:
delta:/ # su vmail
delta:/ # whoami
root
delta:/ # echo "test" | /usr/libexec/dovecot/dovecot-lda -f anme...@anup.de -d
anme...@anup.de
and the mail was delivered to the mailbox without error. Maybe the vmail user
is the problem?
When I send an email from my desktop I get this in the mail.log:
Dec 14 21:19:42 delta postfix/virtual[16185]: A6E511B3128A:
to=, relay=virtual, delay=0.15, delays=0.08/0.01/0/0.06,
dsn=4.1.1, status=SOFTBOUNCE (unknown user: "anme...@anup.de")
The line of the /etc/shadow for vmail looks like this:
vmail::13940:0:9:7:::
Why is root not switching to vmail? May vmail be the problem?
delta:/ # id vmail
uid=110(vmail) gid=110(vmail) Gruppen=110(vmail)
Andreas
Re: [Dovecot] need help with dovecot-lda
At 5PM +0100 on 14/12/12 Andreas Meyer wrote:
>
> Some month ago I upgraded our dovecot installation from version 1.0.5
> to version 2.1.7 without having any trouble. Postfix is delivering
> email directly per virtual transport to the maildirs and mailboxes of
> the users in /var/spool/vhosts/domains/
>
> Now I want to use dovecot-lda and created a new entry in the master.cf
> of postfix.
>
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> ${sender} -d ${recipient}
>
> It is not clear to me, how the dovecot-lda is started bei dovecot and
> you it finds the socket dovecot postfix created.
The process listening on that 'dovecot' pipe is a Postfix pipe(8)
process. When a delivery request comes in from elsewhere in Postfix, it
invokes /usr/libexec/dovecot/dovecot-lda as a new child process. This
new lda process will contact the dovecot-auth service if it needs to,
but is otherwise not connected to the running Dovecot server at all.
If you want Dovecot to listen for deliveries (which has some efficiency
advantages), you want to use LMTP.
> I set soft_bounce = yes in main.cf of postfix and delivery of mail fails with
>
> Dec 14 16:13:34 delta postfix/virtual[14082]: BBC0F1B31294:
> to=, relay=virtual, delay=395, delays=395/0.01/0/0.13,
> dsn=4.1.1, status=SOFTBOUNCE (unknown user: "x...@anup.de")
What happens if you run
echo "foo" | /usr/libexec/dovecot/dovecot-lda \
-f x...@anup.de -d x...@anup.de
in the shell (as the vmail user)? Does it fail with exit code 67? This
is EX_NOUSER, and is the standard way for LDAs to signal 'I don't know
how to deliver to this user'. Either x...@anup.de is not a valid address
at that domain, or you haven't made the auth-userdb socket available to
the vmail user. See http://wiki2.dovecot.org/LDA, under the section
'Virtual users'.
Ben
[Dovecot] need help with dovecot-lda
Hello all!
Some month ago I upgraded our dovecot installation from version 1.0.5
to version 2.1.7 without having any trouble. Postfix is delivering
email directly per virtual transport to the maildirs and mailboxes of
the users in /var/spool/vhosts/domains/
Now I want to use dovecot-lda and created a new entry in the master.cf
of postfix.
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
${sender} -d ${recipient}
It is not clear to me, how the dovecot-lda is started bei dovecot and
you it finds the socket dovecot postfix created.
The dovecot.conf looks like this;
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.22.5-31-bigsmp i686 openSUSE 10.3 (i586) ext3
auth_verbose = yes
disable_plaintext_auth = no
log_path = /var/log/dovecot1
mail_location =
mbox:/var/spool/vhosts/%d/dovecotprivate/%n:INBOX=/var/spool/vhosts/%d/%n
!include /etc/dovecot/conf.d/*.conf
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
userdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
ssl_cert = < /etc/dovecot/ssl/hostcert.pem
ssl_key = < /etc/dovecot/ssl/hostkey.pem
#verbose_ssl = yes
plugin {
quota = maildir:User quota
quota_rule = *:storage=500MB
# 10% of 1GB = 100MB
quota_rule2 = Trash:storage=+10%%
# 20% of 1GB = 200MB
# quota_rule3 = Spam:storage=+20%%
autocreate = Trash
autocreate2 = Drafts
autocreate3 = Sent
autosubscribe = Trash
autosubscribe2 = Drafts
autosubscribe3 = Sent
}
I set soft_bounce = yes in main.cf of postfix and delivery of mail fails with
Dec 14 16:13:34 delta postfix/virtual[14082]: BBC0F1B31294: to=,
relay=virtual, delay=395, delays=395/0.01/0/0.13, dsn=4.1.1, status=SOFTBOUNCE
(unknown user: "x...@anup.de")
This is the relevant part of the main.cf:
dovecot_destination_recipient_limit = 1
virtual_mailbox_domains = anup.de bit-corner.de bitcorner.de
baubetreuung-meyer.de saxelektro.de
virtual_mailbox_base = /var/spool/vhosts
#virtual_mailbox_maps = hash:/etc/postfix/vmailbox
#virtual_minimum_uid = 100
#virtual_uid_maps = static:5000
#virtual_gid_maps = static:5000
virtual_mailbox_limit = 524288000
virtual_transport = dovecot
I don't get it right. As far as I understand postfix uses virtual_transport =
dovecot
and hands the mail over to the socket dovecot. But how does dovecot know where
to look
for the socket. I am missing somthing but don't know what.
Any help is appreciated!
Andreas
