December 29, 2025 at 3:28 PM, "Ethan Merrill via dovecot" <[email protected] mailto:[email protected]?to=%22Ethan%20Merrill%20via%20dovecot%22%20%3Cdovecot%40dovecot.org%3E > wrote:
> > Hello, I hope this is the right mailing list to send questions to. Please > direct me where to go if it is not. Thanks. > > --- > > I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot is > v2.4.1. I have thus far been able to successfully configure the server for > smtp and imap support for my primary domain (we'll say `[email protected]` who > is a linux user with a home folder). I have been even been able to configure > postfix to have virtual mailboxes and aliases, and from ssh I can can even > see that the mail gets delivered to the correct place. However, I am > struggling to set up dovecot to authenticate a virtual mailbox user (we'll > say `[email protected]` who only has a virtual mailbox). > > [This documentation > page](https://doc.dovecot.org/2.4.2/core/config/auth/mutltiple.html) > describes the process to configure multiple authentication databases. It > describes being able to use multiple `passdb` and `userdb` sections in order > to authenticate dovecot users. Based upon what it suggested, I tried this > configuration: > > > > > ## Snippet from /etc/dovecot/dovecot.conf ## > > passdb passwd-file { > > # So example.net => /etc/dovecot/passwd/example.net > > passwd_file_path = /etc/dovecot/passwd/%{user | domain} > > } > > # Fall thru to PAM for unix users > > passdb pam { > > } > > > > userdb passwd-file { > > passwd_file_path = /etc/dovecot/passwd/%{user | domain} > > } > > # Fall thru to /etc/passwd for unix users > > userdb passwd { > > } > > > > ## Snippet from /etc/dovecot/passwd/example.net ## > > > > [email protected]:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support:: > > > > mailto:[email protected]:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support:: > > > This is the configuration I landed on that hypothetically checks multiple > databases for authentication that allows at least `[email protected]` to still > login with Thunderbird and do email stuff. However it does not authenticate > `[email protected]`. The biggest difference between my config and the example > is that they use a `sql` database while I am trying the `passwd-file` > database. In principle this seems like it should work, unless I am > understanding the dovecot docs or have made my passwd file incorrectly. I > even tried reversing the order of `userdb` and `passdb` sections to see if it > would help to no avail. > > [This > thread](https://dovecot.org/mailman3/archives/list/[email protected]/thread/VMXU2QUERJ43Y6KFQU5YBPVTZAW7LQV6/#7F5XM6F6F3SWOUU637CFUPZ65JMONZY4) > seems to address a similar issue, and more or less has the same > configuration setup suggested as the one in the snippet above. It's also from > 2006 so the API looks kinda different from the current docs. > > [This > thread](https://dovecot.org/mailman3/archives/list/[email protected]/thread/YO3DFDRDDOSMTHXZV7KPQDFVSPSJ24J2/#3LEUQ5GKUFEEOKBR47J3UVUR6M7XJ5S3) > is from 2013 addressing a similar issue, but despite again different API it > translates to more or less what the snippet above shows. > > Here is the journalctl output from when I tried to login as > `[email protected]`: > > > > > # journalctl -xeu dovecot | tail > > Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): check > > pass; user unknown > > Dec 29 11:38:19 example.com auth[4719]: pam_unix(dovecot:auth): > > authentication failure; logname= uid=0 euid=0 tty=dovecot > > [email protected] rhost=10.0.0.1 > > Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): check > > pass; user unknown > > Dec 29 11:38:28 example.com auth[4719]: pam_unix(dovecot:auth): > > authentication failure; logname= uid=0 euid=0 tty=dovecot > > [email protected] rhost=10.0.0.1 > > Dec 29 11:41:19 example.com dovecot[4700]: imap-login: Login aborted: > > Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): > > user=<[email protected]>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, TLS, > > session=<z8Tj3hlHkLxJMmuL> > > > The last message referring to "Inactivity" is because at that point fail2ban > blocked my IP, but before that it was consistent with results I have been > getting. > > I'm at an absolute loss. I feel like I've trawled every doc I could find, > every config file involved in the setup process, all the Stack Exchange > answers that seem to exist. Honestly it baffles me to see that even what > looks like the same setup as official documentation, it just doesn't... work? > Can anybody point to me what is going wrong? > > Thanks for reading, > ~ Ethan Merrill > Hello, I hope this is the right mailing list to send questions to. Please > direct me where to go if it is not. Thanks. > --- > I am setting up a postfix/dovecot email server on a Debian 13 VPS. Dovecot > is v2.4.1. I have thus far been able to successfully configure the server > for smtp and imap support for my primary domain (we'll say > `[email protected]` who is a linux user with a home folder). I have been > even been able to configure postfix to have virtual mailboxes and aliases, > and from ssh I can can even see that the mail gets delivered to the > correct place. However, I am struggling to set up dovecot to authenticate > a virtual mailbox user (we'll say `[email protected]` who only has a > virtual mailbox). > [1]This documentation page describes the process to configure multiple > authentication databases. It describes being able to use multiple `passdb` > and `userdb` sections in order to authenticate dovecot users. Based upon > what it suggested, I tried this configuration: > > ## Snippet from /etc/dovecot/dovecot.conf ## > passdb passwd-file { > # So [2]example.net => /etc/dovecot/passwd/example.net > passwd_file_path = /etc/dovecot/passwd/%{user | domain} > } > # Fall thru to PAM for unix users > passdb pam { > } > userdb passwd-file { > passwd_file_path = /etc/dovecot/passwd/%{user | domain} > } > # Fall thru to /etc/passwd for unix users > userdb passwd { > } > ## Snippet from /etc/dovecot/passwd/example.net ## > > [3][email protected]:$y$j9...hash...:800:800::/var/postfix/virtual/example.net/support:: > > This is the configuration I landed on that hypothetically checks multiple > databases for authentication that allows at least `[email protected]` to > still login with Thunderbird and do email stuff. However it does not > authenticate `[email protected]`. The biggest difference between my config > and the example is that they use a `sql` database while I am trying the > `passwd-file` database. In principle this seems like it should work, > unless I am understanding the dovecot docs or have made my passwd file > incorrectly. I even tried reversing the order of `userdb` and `passdb` > sections to see if it would help to no avail. > [4]This thread seems to address a similar issue, and more or less has the > same configuration setup suggested as the one in the snippet above. It's > also from 2006 so the API looks kinda different from the current docs. > [5]This thread is from 2013 addressing a similar issue, but despite again > different API it translates to more or less what the snippet above shows. > Here is the journalctl output from when I tried to login as > `[email protected]`: > > # journalctl -xeu dovecot | tail > Dec 29 11:38:19 [6]example.com auth[4719]: pam_unix(dovecot:auth): check > pass; user unknown > Dec 29 11:38:19 [7]example.com auth[4719]: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot > [8][email protected] rhost=10.0.0.1 > Dec 29 11:38:28 [9]example.com auth[4719]: pam_unix(dovecot:auth): check > pass; user unknown > Dec 29 11:38:28 [10]example.com auth[4719]: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot > [11][email protected] rhost=10.0.0.1 > Dec 29 11:41:19 [12]example.com dovecot[4700]: imap-login: Login > aborted: Inactivity (auth failed, 2 attempts in 180 secs) (auth_failed): > user=<[13][email protected]>, method=LOGIN, rip=10.0.0.1, lip=10.0.0.2, > TLS, session=<z8Tj3hlHkLxJMmuL> > > The last message referring to "Inactivity" is because at that point > fail2ban blocked my IP, but before that it was consistent with results I > have been getting. > I'm at an absolute loss. I feel like I've trawled every doc I could find, > every config file involved in the setup process, all the Stack Exchange > answers that seem to exist. Honestly it baffles me to see that even what > looks like the same setup as official documentation, it just doesn't... > work? Can anybody point to me what is going wrong? > Thanks for reading, > ~ Ethan Merrill > > References I simply define my virtual domains in Postfix: # ============================== # VIRTUAL DOMAINS # ============================== # virtual_alias_domains = new.domain virtual_alias_maps = hash:/etc/postfix/virtual Then, in /etc/postfix/virtual, I add the alias: [email protected] newuser And that’s it. Could you share your doveconf -n? _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
