Re: Unable to see virtual users
I'm still very confused, but I have finally gotten it to recognize all users. What changed from my previous message is that I deleted the static userdb, and added the system user to the /etc/dovecot/users file (but not to the passdb /etc/dovecot/passwd). Oddly, I had to set uid:gid and homedir for each entry in /etc/dovecot/users even though I have these set to default values (default_fields = uid=vmail gid=vmail home=/local/mnt/home/%n). I'm still confused about the static userdb, as well as if I need to configure in /etc/postfix/main.cf both the mailbox_command to use dovecot-lda and the virtual_transport = dovecot service. -- Randall Gellens Opinions are personal;facts are suspect;I speak for myself only -- Randomly selected tag: --- (If you can't hear me, it's because I'm in parentheses)
Re: Unable to see virtual users
One more piece of the puzzle: the explanatory comment text in /etc/dovecot/conf.d/auth-system.conf.ext: # LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do # the user verification another way, you can add allow_all_users=yes to # the args in which case the passdb lookup is skipped. This explains why the static userdb prevented the system user from being recognized, since it was in PAM not /etc/passwd. -- Randall Gellens Opinions are personal;facts are suspect;I speak for myself only -- Randomly selected tag: --- The first ninety percent of the task takes ninety percent of the time, and the last ten percent takes the other ninety percent.
Re: Unable to see virtual users
Thanks very much; please see in-line for clarification questions.
At 8:22 AM +0100 11/28/14, Steffen Kaiser wrote:
On Thu, 27 Nov 2014, Randall Gellens wrote:
I'm still having trouble getting users accepted by postfix + dovecot.
I suppose in your system + virtual user mix, you should use LMTP:
http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
So Dovecot handles the difference itself.
I have postfix set to use dovecot-lda as the delivery agent, which I
thought would make postfix let dovecot handle the differences. I
also thought if I used LMTP then I can't also use dovecot-lda and
Sieve. Can you help me understand?
userdb {
args = uid=vmail gid=vmail home=/local/mnt/home/%n
driver = static
}
userdb {
driver = passwd
}
The static userdb does hide the passwd userdb, because it hits for
all users. You should change the order.
What I have in /etc/dovecot/conf.d/10-auth.conf is:
--
passdb {
driver = passwd-file
# args = scheme=SHA1 /etc/dovecot/passwd
# args = username_format=%n /etc/dovecot/users
args = username_format=%n /etc/dovecot/passwd
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/local/mnt/home/%n
}
!include auth-system.conf.ext
--
What I have in /etc/dovecot/conf.d/auth-system.conf.ext is:
--
passdb {
driver = pam
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=n]
# [cache_key=key] [service name]
#args = dovecot
args = username_format=%n
}
userdb {
# doc/wiki/AuthDatabase.Passwd.txt
driver = passwd
# [blocking=no]
#args =
# Override fields from passwd
#override_fields = home=/home/virtual/%u
}
--
So, in /etc/dovecot/conf.d/10-auth.conf the passwd-file userdb is
before the static one, yet 'doveconf -n' reports them the other way
around. I think the system user is not in the system /etc/passwd
file anyway, the sytem user is verified using PAM.
Sorry for being so confused.
--
Randall Gellens
Opinions are personal;facts are suspect;I speak for myself only
-- Randomly selected tag: ---
Algol was a great improvement on most of its successors.
--C.A.R Hoare
Re: Unable to see virtual users
I'm still having trouble getting users accepted by postfix + dovecot.
I have a few (10) virtual users configured in a passwd-style file in
/etc/dovecot/users. I can verify that dovecot sees those users and
can authenticate them using 'doveadm' as well as IMAP.
I also have one system user configured via PAM. I can verify that
dovecot sees this user and can authenticate using 'doveadm' as well
as IMAP.
I configured the 'dovecot' service in /etc/postfix/master.cf and set
/etc/postfix/main.cf to use it to deliver virtual mail, per the
dovecot wiki. I also set the postfix local delivery command to
dovecot-lda per the dovecot wiki.
I first tried telling postfix to not check local users by setting in
/etc/postfix/main.cf:
local_recipient_maps =
With this setup, mail is received and delivered for the system user,
but mail to virtual users is bounced with 'unknown user':
postfix/local ... relay=local ... status=bounced (unknown user: test)
So then I tried to tell postfix that it had virtual users by
configuring them in /etc/postfix/virtual_users and creating a hash
using 'postmap' and then in /etc/postfix/main.cf setting
local_recipient_maps = proxy:unix:passwd.byname
hash:/etc/postfix/virtual_users $alias_maps
This made no difference at all. Mail to virtual users still bounces
with 'unknown user' while mail to the system user is delivered.
So then I set 'mydestination' to an empty string in
/etc/postfix/main.cf and set 'virtual_mailbox_domains' to the string
that had been in 'mydestination', and set 'mydestination' to an empty
string.
With this setup, mail to virtual users is delivered, but mail to the
system user bounces with 'unknown user':
dovecot: auth: passwd-file(randy): unknown user
dovecot: auth: passwd-file(randy@domain): unknown user
dovecot: auth-worker(12538): passwd(randy@domain): unknown user
postfix/pipe[12548]: ... to=randy@domain, relay=dovecot ...
status=bounced (user unknown)
My dovecot config:
--
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4
auth_verbose = yes
first_valid_gid = 120
first_valid_uid = 112
log_timestamp = %Y-%m-%d %H:%M:%S
mail_location = mdbox:/local/mnt/mail/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%n /etc/dovecot/passwd
driver = passwd-file
}
passdb {
args = username_format=%n
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = randy@domain
protocols = imap sieve pop3
ssl_cert = /etc/dovecot/dovecot.pem
ssl_key = /etc/dovecot/private/dovecot.pem
userdb {
args = uid=vmail gid=vmail home=/local/mnt/home/%n
driver = static
}
userdb {
driver = passwd
}
--
My postfix config:
--
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
dovecot_destination_recipient_limit = 1
local_recipient_maps = proxy:unix:passwd.byname
hash:/etc/postfix/virtual_users $alias_maps
mailbox_command = /usr/lib/dovecot/dovecot-lda -f $SENDER -a
$RECIPIENT -d $USER
mailbox_size_limit = 0
mydestination =
myhostname = ocean.qualcomm.com
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relayhost = mailhost.qualcomm.com
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks
permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_mailbox_domains = domain, ocean, localhost
virtual_transport = dovecot
--
--
Randall Gellens
Opinions are personal;facts are suspect;I speak for myself only
-- Randomly selected tag: ---
Attaccabottonai (ah-TAHKA-bo-TONE-eye; Italian; noun): a doleful bore
who buttonholes people and tells sad, pointless tales.
Re: Unable to see virtual users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 27 Nov 2014, Randall Gellens wrote:
I'm still having trouble getting users accepted by postfix + dovecot.
I suppose in your system + virtual user mix, you should use LMTP:
http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
So Dovecot handles the difference itself.
userdb {
args = uid=vmail gid=vmail home=/local/mnt/home/%n
driver = static
}
userdb {
driver = passwd
}
The static userdb does hide the passwd userdb, because it hits for all
users. You should change the order.
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHgiznz1H7kL/d9rAQLiYggAmpHjMckaMLks8kYcxZ0/WSAsamIwO5G9
VnlKVClnQuE7XDZXYYpXYp5aspfUMPy4sOO22tXkFFG5lcrm9B25t24xbEzhiuG0
TB35PbAMO5It69V5VjGrqZciSoB36Oys0/Zy+SXEUJRgPrruvyp/V7N5/ht1BzZ2
7ee+h7xTzLHaHBsQXJ6cHfXIrh3ljKyE8EbrV6xuIVf1fmGPAscVKjgcj9wCuawE
0qRMOCFLlUjd2STcCFF18s/IpWRx9jkEht4adnq2JFvRdk6GTCCVHnH5xl8X2jTf
7c3GbVHxjxrpQsqePxnK/bJznh0WcA5SYNV9kVfKtbMLK7ftdPxaQw==
=C8Y0
-END PGP SIGNATURE-
Re: Unable to see virtual users
On 21 Nov 2014, at 09:44, Randall Gellens dove...@randy.pensive.org wrote:
I have a new Dovecot v2.2.9 installation and am having trouble
getting virtual users recognized.
I don't see anything obviously wrong in your config. Set auth_debug=yes and see
what the logs say. Also while testing try also disabling pam+passwd before you
get the passwd-file working, just in case that makes debugging easier.
As an aside, when I copied the sample config entries from
http://wiki2.dovecot.org/UserDatabase it got config errors:
userdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/users
default_fields = uid=vmail gid=vmail
override_fields =
skip = never
result_failure = continue
result_internalfail = continue
result_success = return-ok
}
The 'skip', 'result_failure', etc. entries all generated config
errors as being unknown. Since these were just explicitly setting
config variables to their default values, I deleted them. It does
seem odd that the config sample from the Wiki generated errors though.
The wiki mentions also a bit below that they exist only in v2.2.10 and newer
versions. I added now a comment line about that also.
Unable to see virtual users
I have a new Dovecot v2.2.9 installation and am having trouble
getting virtual users recognized.
Also, the example configuration listed on the Wiki generates config errors.
Note that I haven't tried running dovecot yet, I wanted to verify
that the config looked good first.
First, my configuration. I'm trying to use /etc/dovecot/users as my
combined userdb and passdb file, with all users having a UID/GID of
vmail, and a home directory of /local/mnt/home/user
--
$ sudo doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-39-generic x86_64 Ubuntu 14.04.1 LTS ext4
auth_verbose = yes
log_timestamp = %Y-%m-%d %H:%M:%S
mail_location = mdbox:/local/mnt/mail/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%n /etc/dovecot/users
driver = passwd-file
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = ra...@qti.qualcomm.com
protocols = imap sieve pop3
ssl_cert = /etc/dovecot/dovecot.pem
ssl_key = /etc/dovecot/private/dovecot.pem
userdb {
args = username_format=%n /etc/dovecot/users
default_fields = uid=vmail gid=vmail home=/local/mnt/home/%n
driver = passwd-file
}
userdb {
driver = passwd
}
--
Next, my /etc/dovecot/users file:
$ cat /etc/dovecot/users
fred:x
test:{SSHA}amehbJZYxKWuIbywINVNWxKcPrWi27a+
poptest2:x
poptest3:x
--
If I ask dovecot what it knows about user 'test' it says the user
doesn't exist:
$ sudo doveadm user test
field valueuserdb lookup: user test doesn't exist
--
If I ask about a user in /etc/passwd, it finds it:
$ sudo doveadm user nobody
field value
uid 65534
gid 65534
home/nonexistent
mailmdbox:/local/mnt/mail/nobody
system_groups_user nobody
--
As an aside, when I copied the sample config entries from
http://wiki2.dovecot.org/UserDatabase it got config errors:
userdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/users
default_fields = uid=vmail gid=vmail
override_fields =
skip = never
result_failure = continue
result_internalfail = continue
result_success = return-ok
}
The 'skip', 'result_failure', etc. entries all generated config
errors as being unknown. Since these were just explicitly setting
config variables to their default values, I deleted them. It does
seem odd that the config sample from the Wiki generated errors though.
--
Randall Gellens
Opinions are personal;facts are suspect;I speak for myself only
-- Randomly selected tag: ---
The difference between stupidity and genius is that genius has its limits.
--Albert Einstein
