Hello.

I am migrating my servers to Ubuntu and have been having an issue with Dovecot authenticator service.


Exim is set up to use dovecot-auth, anticipating the question whether exim binary was compiled with support of Dovecot authenticator, it was:
---
# exim -bV
Exim version 4.86_2 #1 built 05-Apr-2016 12:21:41
Copyright (c) University of Cambridge, 1995 - 2015
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2015
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime DNSSEC PRDR OCSP Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
---

The problem is sockets Dovecot creates are somehow broken. Exim reports something like:
---
2016-09-21 14:45:26 dovecot_plain authenticator failed for *** ([***]) [***]: 435 Unable to authenticate at present: authentication socket connection error 2016-09-21 14:45:26 dovecot_login authenticator failed for *** ([***]) [***]: 435 Unable to authenticate at present: authentication socket connection error
---

and I initially thought it was wrong permissions for the socket, triple checked and they are 100% right. More than that, I temporarily chmodded it "rw" for the world as follows:

---
# ls -l /var/dovecot/auth-*
srw-rw-rw- 1 Debian-exim root  0 Aug 17 21:20 /var/dovecot/auth-client
srw------- 1 dovecot     root  0 Aug 17 21:20 /var/dovecot/auth-login
srw-rw-rw- 1 Debian-exim root  0 Aug 17 21:20 /var/dovecot/auth-master
-rw------- 1 root root 32 Aug 15 19:35 /var/dovecot/auth-token-secret.dat
srw-rw-rw- 1 dovecot     root  0 Aug 17 21:20 /var/dovecot/auth-userdb
srw------- 1 dovecot     root  0 Aug 17 21:20 /var/dovecot/auth-worker
---

and Exim reports the same problem.

What makes me think that it's Dovecot's and not Exim's problem? The fact that the socket is really broken, on the server where it's not working:
---
# socat - UNIX-CONNECT:/var/dovecot/auth-client
2016/09/22 17:58:27 socat[15192] E connect(5, AF=1 "/var/dovecot/auth-client", 26): Connection refused
---

on the server where it is working (version 2.2.13 is installed there), precisely same command:
---
# socat - UNIX-CONNECT:/var/dovecot/auth-client
VERSION 1       1
MECH    PLAIN   plaintext
MECH    LOGIN   plaintext
MECH    CRAM-MD5        dictionary      active
MECH    DIGEST-MD5      dictionary      active  mutual-auth
MECH    APOP    private dictionary      active
SPID    535
CUID    880
COOKIE  0311e84ed191fb63334819b1fc3bf2e3
DONE
---
with a different result!!!

The system:
---
 uname -a
Linux *** 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:41:41 UTC 2016 i686 i686 i686 GNU/Linux
---

Doveconf:
---
# dovecot -n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-38-generic i686 Ubuntu 16.04.1 LTS ext3
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5 digest-md5 apop
debug_log_path = /var/log/dovecot-debug.log
default_internal_user = dovenull
disable_plaintext_auth = no
first_valid_uid = 114
log_path = /var/log/dovecot.log
login_greeting = IMAP/POP3 server is ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
mail_location = maildir:/var/mail/exim/%d/%n
mail_log_prefix = "%Us(%u): "
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap pop3
service auth {
  unix_listener auth-client {
    mode = 0660
    user = Debian-exim
  }
  unix_listener auth-master {
    mode = 0600
    user = Debian-exim
  }
  user = root
}
service imap-login {
  chroot = login
  client_limit = 8
  inet_listener imap {
    address = *
    port = 143
  }
  inet_listener imaps {
    address = *
    port = 10143
  }
  process_limit = 8
  process_min_avail = 5
  service_count = 1
  user = dovenull
  vsz_limit = 64 M
}
service imap {
  drop_priv_before_exec = yes
  process_limit = 64
  vsz_limit = 2 G
}
service pop3-login {
  chroot = login
  client_limit = 8
  inet_listener pop3 {
    address = *
    port = 110
  }
  inet_listener pop3s {
    address = *
    port = 10110
  }
  process_limit = 8
  process_min_avail = 5
  service_count = 1
  user = dovenull
  vsz_limit = 64 M
}
service pop3 {
  drop_priv_before_exec = yes
  process_limit = 64
  vsz_limit = 2 G
}
ssl = no
ssl_cert = </etc/dovecot/ssl/server.crt
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </etc/dovecot/ssl/server.key
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
verbose_proctitle = yes
protocol lda {
  auth_socket_path = /var/dovecot/auth-master
  info_log_path = /var/log/dovecot-lda.log
  log_path = /var/log/dovecot-lda-errors.log
  postmaster_address = postmaster@***
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}
---


Sounds like a broken Dovecot install, doesn't it? Looks like not the case:
---
# apt-get check
Reading package lists... Done
Building dependency tree
Reading state information... Done
---

What else to check?

Reply via email to