Re: [Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory

[Iain M Conochie]

John Dubchak wrote:


On Jan 23, 2008, at 4:27 AM, Iain M Conochie wrote:

Then I am a bit stuck. That was how I got it working for LDAP to be 
honest.


What kind of usernames are your users using to login with? Is it 
[EMAIL PROTECTED] or just user?


[EMAIL PROTECTED]

Thanks,
John

What do you have as your user_query then? You may need to use

WHERE userid = '%n' AND domain = '%d'

instead of

WHERE userid = '%u'

perhaps?

Iain

Re: [Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory

[Iain M Conochie]

John Dubchak wrote:

Hi,

I've been working on configuring a new 
Postfix+Dovecot+Cyrus-SASL+Postgres server to perform multi-domain 
virtual hosting with non-unix accounts.  I believe I have everything 
working correctly and have tested both the SASL portion and POP 
authentication through telnet and all works as expected, with one 
exception.


When I authenticate using POP3:

# telnet mail.host 110
Trying 192.168.XXX.XXX...
Connected to mail.host.
Escape character is '^]'.
+OK Dovecot ready.
user [EMAIL PROTECTED]
+OK
pass secret
+OK Logged in.
-ERR No INBOX for user.

And the maillog reports the following:

Jan 21 13:42:32 mail.host dovecot: pop3-login: Login: user=user1, 
method=PLAIN, rip=192.168.XXX.XXX, lip=192.168.XXX.XXX
Jan 21 13:42:32 mail.host dovecot: POP3(user1): 
mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: 
Permission denied
Jan 21 13:42:32 mail.host dovecot: POP3(user1): 
mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: 
Permission denied
Jan 21 13:42:32 mail.host dovecot: POP3(user1): Couldn't open INBOX: 
Internal error occurred. Refer to server log for more information. 
[2008-01-21 13:42:32]
Jan 21 13:42:32 mason dovecot: POP3(user1): No INBOX for user top=0/0, 
retr=0/0, del=0/0, size=0


The directory structures for the virtual mailboxes are:

/var/spool/virtual_mailbox/domain1.com/user1
/var/spool/virtual_mailbox/domain2.com/user1

And the entire tree from virtual_mailbox down is owned by 
vuser:vuser.  The directories have permissions 700.


What I believe is happening is that Dovecot is trying to use the uid 
and gid of user1, who doesn't have a system account, rather than 
vuser's when writing to the virtual_mailbox folders.  I'm not sure how 
I can configure Dovecot to use the vuser information.

if vuser has uid and gid of 5000

Have the userdb part of the dovecot config set to

userdb static {

   args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n 
allow_all_users=yes


}

instead of using the

userdb sql {

}

That should see you right. However, beware there may be security issues 
allowing one user to write to all mailboxes.


regards

Iain



Here is my dovecot.conf:

-
protocols = imap pop3
listen = [*]
disable_plaintext_auth = no
syslog_facility = mail

mail_location = maildir:/var/spool/virtual_mailbox/%h

# Default umask to use for mail files and directories.
#umask = 0077

protocol imap {
}

protocol pop3 {
}

protocol lda {
  postmaster_address = [EMAIL PROTECTED]
}

auth_debug_passwords = yes
auth_debug = yes
auth_verbose = yes
auth default {
  # SQL database
  passdb sql {
args = /etc/dovecot-sql.conf
  }

  userdb sql {
args = /etc/dovecot-sql.conf
  }

  user = root
}
-

Any insight will be appreciated, I've been working on this non-stop 
for several days now and can't seem to figure it out.


Thanks,
John

Re: [Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory

[John Dubchak]

On Jan 22, 2008, at 4:34 AM, Iain M Conochie wrote:




if vuser has uid and gid of 5000

Have the userdb part of the dovecot config set to

userdb static {

  args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n  
allow_all_users=yes


}

instead of using the

userdb sql {

}

That should see you right. However, beware there may be security  
issues allowing one user to write to all mailboxes.




Ian,

Thanks for the reply.  However, when I make the change, %d (domain) is  
not getting populated.  I am expecting:


/var/spool/virtual_mailbox/domain1.com/user1

But I get:

/var/spool/virtual_mailbox//user1

And the query I use in the logs returns:

client out: OK  1   user=user1 domain=domain1.com

Where does Dovecot get the %d value when it tries to expand it?

Thanks,
John

Re: [Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory

[Iain M Conochie]

John Dubchak wrote:


On Jan 22, 2008, at 4:34 AM, Iain M Conochie wrote:




if vuser has uid and gid of 5000

Have the userdb part of the dovecot config set to

userdb static {

  args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n 
allow_all_users=yes


}

instead of using the

userdb sql {

}

That should see you right. However, beware there may be security 
issues allowing one user to write to all mailboxes.




Ian,

Thanks for the reply.  However, when I make the change, %d (domain) is 
not getting populated.  I am expecting:


/var/spool/virtual_mailbox/domain1.com/user1

But I get:

/var/spool/virtual_mailbox//user1


In the sql auth file what is

pass_attrs

set to?

Iain



And the query I use in the logs returns:

client out: OK1user=user1 domain=domain1.com

Where does Dovecot get the %d value when it tries to expand it?

Thanks,
John