[Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
Hi, I did the upgrade frpom 1.2.x to 2.2.10 and had some warnings/errors on a very few accounts/mailboxes. All of them where permission related and solved. Dovecot rocks again. But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. There is a homedirectory and the permissions are set like on all other accounts. The username is quite long (35 characters) but an other one with 34 is working fine. And before the upgrade there was no error. Thnaks for any help or hint. Regards . Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
G?tz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. And the server logs says ...? Maybe the '-' is not one of the allowed characters (is there a missing 'e' at the end?) Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
Am 27.02.14 09:31, schrieb Joseph Tam: G?tz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. And the server logs says ...? Maybe the '-' is not one of the allowed characters (is there a missing 'e' at the end?) Oops missed something may be, but I dont see anything in the dovecot.log or syslogs. The '-' is allowed as we do have other accounts with that character and there is no typo. May be i can increase the logging level ... /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Feb 2014, Götz Reinicke - IT Koordinator wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. Is above error the only error in the log? There is a homedirectory and the permissions are set like on all other accounts. The username is quite long (35 characters) but an other one with 34 is working fine. I do not have such long names ... I suggest to turn on mail_debug, then you see all paths a.s.o. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUw76OXD1/YhP6VMHAQKAHggApKCLQNsJudvrU3Y+YliFeqX6BgCXLfZU nQZ3ctdR+JZcOtbF+W1+Cxdq74gGtluFL0wFnkWiiQ7b77pJ8D8QaIFmA8U8We1I rci/3ia2+7lklYaOnI59kF/jW7gP+It1x/pM+plP4h/OTaiGygpfByUu2Lb23Lo/ BnPBQxtdDnPzfBMtkan7vWoVD1Y9GTjJecpoEY7R9/CexxSan9Ug0otu6sI1KCGC 5uCrj+fRYDUeTHTvKa5Q1YBY/O8Dx8/WrBXWAc4vZhnCPP57w8o0jXuihpghTzNN 66UvIqRLRK54j4DB1fV1RW4XWV99kAaKwv6SukJfwJLvh02OsfeC7w== =Dzhn -END PGP SIGNATURE-
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
Am 27.02.14 09:41, schrieb Steffen Kaiser: On Thu, 27 Feb 2014, Götz Reinicke - IT Koordinator wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. Is above error the only error in the log? Yes, thats the only log for about 8 hours +- now. There is a homedirectory and the permissions are set like on all other accounts. The username is quite long (35 characters) but an other one with 34 is working fine. I do not have such long names ... I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature
[Dovecot] Dovecot2 vs. AD, Inactivity during authentication
Hi, I'm trying to setup Dovecot2 for o IMAP client access o LDA for postfix mail delivery (with SIEVE) ... on a FreeBSD host. The FreeBSD server has no users (by intention), so I've set up a virtual mail domain, using LDAP lookups in Postfix. So far so good. Mail delivers into the proper mailbox. But I'm stuck getting Dovecot to authenticate. User- and passwd DB's are set up for LDAP lookups to AD, using an authenticated bind (the AD server offers no anonymous binds, yet). I've enabled all the debugging I can find, but my logs have little information to offer. Any help in getting me a step further would be much appreciated. In particular, I'd like to learn how do diagnose these userdb/passdb issues properly. Here's what I see in the logs: Feb 27 12:25:49 mail.info ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=r/ERi2HzQAB/AAAB Feb 27 12:26:42 mail.err ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,r/ERi2HzQAB/AAAB): Request 74099.1 timed out after 225 secs, state=1 This logging is related to the folloging IMAP session: ponyboy% telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a login js suppressed * OK Waiting for authentication process to respond.. * BYE Disconnected for inactivity during authentication. Connection closed by foreign host. Here's my config: $ dovecot -n # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE amd64 ufs auth_debug = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes first_valid_gid = 1000 first_valid_uid = 1000 imap_client_workarounds = delay-newmail last_valid_gid = 1000 last_valid_uid = 1000 mail_gid = 1000 mail_location = maildir:/var/mail/on2it/%Ln mail_uid = 1000 maildir_very_dirty_syncs = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/on2it-ldap-users.cfg driver = ldap } protocols = imap service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } } shutdown_clients = no ssl = no userdb { args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg driver = ldap } valid_chroot_dirs = /var/mail/on2it $ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg hosts = dc2.office.on2it.net ldap_version = 3 base = dc=office,dc=on2it,dc=net scope=subtree auth_bind = yes dn = [suppressed] dnpass = [suppressed] pass_attrs = sAMAccountName=user user_attrs = \ =home=/var/mail/on2it/%{ldap:sAMAccountName}, \ =mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName} user_filter = ((ObjectClass=person)(sAMAccountName=%u)) pass_filter = ((ObjectClass=person)(sAMAccountName=%u)) iterate_attrs = sAMAccountName=user iterate_filter = (objectClass=person) $ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg lrwxr-xr-x 1 root wheel 20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg - on2it-ldap-users.cfg signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot2 vs. AD, Inactivity during authentication
Quoth Jeroen Scheerder (27 Feb 2014, 12:38): Here's what I see in the logs: Feb 27 12:25:49 mail.info ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=r/ERi2HzQAB/AAAB Feb 27 12:26:42 mail.err ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,r/ERi2HzQAB/AAAB): Request 74099.1 timed out after 225 secs, state=1 Logging to file instead of syslog, I see a bit more: Feb 27 12:45:27 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Feb 27 12:45:27 auth: Debug: Wrote new auth token secret to /var/run/dovecot/auth-token-secret.dat Feb 27 12:45:27 auth: Debug: auth client connected (pid=74241) Feb 27 12:45:31 auth: Debug: client in: AUTH1 PLAIN service=imap secured session=9QHH22HzYgB/AAABlip=127.0.0.1 rip=127.0.0.1 lport=143 rport=64354 resp=hidden Feb 27 12:45:31 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): bind search: base=dc=office,dc=on2it,dc=net filter=((ObjectClass=person)(sAMAccountName=js)) Feb 27 12:48:27 imap-login: Info: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 176 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=9QHH22HzYgB/AAAB Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js; sAMAccountName unused Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js Feb 27 12:49:16 auth: Error: PLAIN(js,127.0.0.1,9QHH22HzYgB/AAAB): Request 74241.1 timed out after 225 secs, state=1 Feb 27 12:49:16 auth: Debug: client in: CANCEL 1 Feb 27 12:49:18 auth: Debug: client passdb out: FAIL1 user=js temp Using ldapsearch on this very host, I have verified that this particular ldap query, with the same authenticated bind, actually works: ponyboy% time ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w suppressed \ -H ldap://dc2.office.on2it.net -b dc=office,dc=on2it,dc=net -D suppressed -s sub \ '((ObjectClass=person)(sAMAccountName=js))' sAMAccountName dn: CN=Jeroen Scheerder,OU=Users,OU=Netherlands,OU=ON2IT,DC=office,DC=on2it,DC=net sAMAccountName: js # refldap://DomainDnsZones.office.on2it.net/DC=DomainDnsZones,DC=office,DC=on2it,DC=net # refldap://ForestDnsZones.office.on2it.net/DC=ForestDnsZones,DC=office,DC=on2it,DC=net # refldap://office.on2it.net/CN=Configuration,DC=office,DC=on2it,DC=net # pagedresults: cookie= ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w [...] -H0.00s user 0.00s system 19% cpu 0.019 total signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
On 2/27/2014 3:48 AM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: Am 27.02.14 09:41, schrieb Steffen Kaiser: On Thu, 27 Feb 2014, Götz Reinicke - IT Koordinator wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. Is above error the only error in the log? Yes, thats the only log for about 8 hours +- now. There is a homedirectory and the permissions are set like on all other accounts. The username is quite long (35 characters) but an other one with 34 is working fine. I do not have such long names ... I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. doveconf -n output? (should have provided that in the first email)
[Dovecot] maildir quota divergence
Hello; We are using maildir quotas and have found differences in many users in respect to what system command are showing and doveadm quotas. For example, four user test, we have: doveadm quota get -u test Quota name TypeValue Limit% STORAGE 98066 102400 95 MESSAGE 883 -0 But if we check user mail_location with du system command we get he is using 70458 Kb. We are running dovecot 2.1.17 ¿any clue? Thanks in advance.
Re: [Dovecot] maildir quota divergence
An addition. It might be related to a recent upgrade from 2.0 branch to 2.1.17 Thanks in advance. El 27/02/2014 14:12, Juan Carlos Sanchez escribió: Hello; We are using maildir quotas and have found differences in many users in respect to what system command are showing and doveadm quotas. For example, four user test, we have: doveadm quota get -u test Quota name TypeValue Limit% STORAGE 98066 102400 95 MESSAGE 883 -0 But if we check user mail_location with du system command we get he is using 70458 Kb. We are running dovecot 2.1.17 ¿any clue? Thanks in advance. -- -- Juan Carlos Sanchez Hernandez Responsable de Seguridad y Correo Electronico Servicio de Planificacion Informatica y Comunicaciones Universidad Politecnica de Madrid Rectorado Avda. Ramiro de Maeztu 7 28040 Madrid --
Re: [Dovecot] maildir quota divergence
On Thu Feb 27 14:12:19 2014, Juan Carlos Sanchez wrote: We are using maildir quotas and have found differences in many users in respect to what system command are showing and doveadm quotas. For example, four user test, we have: doveadm quota get -u test Quota name TypeValue Limit % STORAGE 98066 102400 95 MESSAGE 883 - 0 But if we check user mail_location with du system command we get he is using 70458 Kb. We are running dovecot 2.1.17 ¿any clue? Please show us your doveconf -n. There are a lot of possibilities, it can even be correct (if you use dbox and the user makes lots of copies of his mails). Yours Jost Krieger -- | jost.krieger+...@ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machineat RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere.| | Lao Tse, Tao Te King 81 |
[Dovecot] Dovecot Migration: Retrieving/Logging POP/IMAP Passwords in Plaintext
Hi List I'm currently in the process of migrating my dovecot imap/pop users to a new server and have to extract their passwords in order to import them into the new system (different password encryption schemes). I've tried enabling auth_* debug parameters in my dovecot.conf in the hope that this would result in logging plaintext passwords to the dovecot log. However dovecot does not log the passwords in plaintext under any debugging configuration. My question: Is there any other configuration of dovecot that would allow me to capture POP/IMAP passwords at a successful login time? Dovecot version: 1.0.7 (from dovecot-1.0.7-7.el5_7.1 rpm) The output of dovecot -n is: --- # 1.0.7: /etc/dovecot.conf info_log_path: /var/log/dovecot.debug verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: mbox:~:INBOX=~/Mailbox mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 auth default: mechanisms: plain login verbose: yes debug: yes debug_passwords: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/run/dovecot/auth-client mode: 438 --- My dovecot.conf is as follows: -- info_log_path = /var/log/dovecot.debug verbose_ssl = yes mail_location = mbox:~:INBOX=~/Mailbox mail_debug = yes protocol imap { } protocol pop3 { } protocol lda { postmaster_address = postmas...@example.com } auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { mechanisms = plain login passdb pam { } userdb passwd { } user = root socket listen { client { path = /var/run/dovecot/auth-client mode = 0666 } } } dict { } plugin { } --- Many thanks in advance! Traiano
Re: [Dovecot] Dovecot Migration: Retrieving/Logging POP/IMAP Passwords in Plaintext
On 2/27/2014 8:47 AM, Traiano Welcome trai...@gmail.com wrote: Dovecot version: 1.0.7 (from dovecot-1.0.7-7.el5_7.1 rpm) No other response is possible except: UPGRADE. 1.x has been unsupported forfar too long for anyone to waste time on it. Best regards, Charles
Re: [Dovecot] Dovecot Migration: Retrieving/Logging POP/IMAP Passwords in Plaintext
Hi Charles Thanks for your response: On Thu, Feb 27, 2014 at 4:06 PM, Charles Marcus cmar...@media-brokers.comwrote: On 2/27/2014 8:47 AM, Traiano Welcome trai...@gmail.com wrote: Dovecot version: 1.0.7 (from dovecot-1.0.7-7.el5_7.1 rpm) No other response is possible except: UPGRADE. 1.x has been unsupported forfar too long for anyone to waste time on it. I agree. Once upgraded to a reasonably recent version, though, what configuration would I use to log plaintext passwords, then ? Best regards, Charles
Re: [Dovecot] Dovecot Migration: Retrieving/Logging POP/IMAP Passwords in Plaintext
On 2/27/2014 9:20 AM, Traiano Welcome trai...@gmail.com wrote: I agree. Once upgraded to a reasonably recent version, though, what configuration would I use to log plaintext passwords, then ? http://wiki2.dovecot.org/Logging Scroll down to the bottom... -- Best regards, Charles
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
Am 27.02.14 13:27, schrieb Charles Marcus: On 2/27/2014 3:48 AM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: Am 27.02.14 09:41, schrieb Steffen Kaiser: On Thu, 27 Feb 2014, Götz Reinicke - IT Koordinator wrote: But on one mailbox I do get an error: Error: user rechnnugseingang-animationsinstitut: Initialization failed: Initializing mail storage from mail_location setting failed Error: Invalid user settings. Refer to server log for more information. Is above error the only error in the log? Yes, thats the only log for about 8 hours +- now. There is a homedirectory and the permissions are set like on all other accounts. The username is quite long (35 characters) but an other one with 34 is working fine. I do not have such long names ... I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. doveconf -n output? [root@mail ~]# doveconf -n # 2.2.10: /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (2148) doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2151) # OS: Linux 2.6.18-371.4.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.10 (Tikanga) auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:~/:INBOX=/var/mail/%u mail_privileged_group = mail passdb { driver = pam } protocols = imap pop3 service auth { user = root } service imap-login { process_limit = 1024 process_min_avail = 10 service_count = 1 } service imap { process_limit = 1024 vsz_limit = 1 G } service pop3-login { process_limit = 1024 process_min_avail = 10 service_count = 1 } service pop3 { process_limit = 1024 vsz_limit = 1 G } ssl_ca = /etc/pki/tls/certs/ca-bundle_all.crt ssl_cert = /etc/pki/tls/certs/mail_filmakademie_de.crt ssl_cipher_list = ALL:!LOW:!SSLv2 ssl_key = /etc/pki/tls/private/mail_filmakademie_de.key userdb { driver = passwd } protocol imap { mail_max_userip_connections = 20 } -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] maildir quota divergence
Here it goes # 2.1.17: /usr/local/etc/dovecot/dovecot.conf # OS: SunOS 5.10 sun4u ufs auth_cache_negative_ttl = 0 auth_cache_size = 1000 k auth_cache_ttl = 2 hours auth_master_user_separator = * auth_verbose = yes base_dir = /var/run/dovecot disable_plaintext_auth = no info_log_path = /var/log/mail/dovecot_info.log log_path = /var/log/mail/dovecot.log mail_gid = vmail mail_location = maildir:/buzones/%1Mn/%n/correo mail_plugins = quota mail_privileged_group = mail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace inbox { inbox = yes location = mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /path_here/file driver = passwd-file master = yes pass = yes } passdb { args = /usr/local/etc/dovecot-ldap.conf driver = ldap } plugin { quota = maildir quota_rule = *:storage=100M quota_rule2 = Trash:storage=+20M quota_rule3 = SPAM:ignore quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_global_dir = /path_here/ zlib_save = gz zlib_save_level = 6 } protocols = imap pop3 sieve lmtp service anvil { client_limit = 4611 } service auth { client_limit = 10852 unix_listener auth-client { mode = 0660 } unix_listener auth-master { mode = 0666 } unix_listener auth-userdb { mode = 0777 } user = root } service imap-login { process_min_avail = 4 service_count = 0 } service imap { process_limit = 4096 } service lmtp { client_limit = 50 executable = lmtp -L process_min_avail = 20 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve_deprecated { port = 2000 } process_limit = 1024 } service managesieve { process_limit = 1536 } service pop3-login { process_limit = 1024 } service pop3 { process_limit = 1536 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = vmail } ssl_ca = /path/file.pem ssl_cert = /path/file.pem ssl_key = /path/file.pem userdb { args = home=/buzones/%1Mn/%n allow_all_users=yes driver = static } userdb { driver = prefetch } userdb { args = /usr/local/etc/dovecot-ldap.conf driver = ldap } protocol lda { auth_socket_path = /var/run/dovecot/auth-master info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib sendmail_path = /usr/lib/sendmail } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 mail_plugins = quota imap_quota zlib } protocol pop3 { mail_max_userip_connections = 5 mail_plugins = quota zlib pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_reuse_xuidl = yes } protocol lmtp { info_log_path = /var/log/mail/dovecot_deliver.log log_path = /var/log/mail/dovecot_deliver.log mail_plugins = quota sieve zlib sendmail_path = /usr/lib/sendmail } El 27/02/2014 14:30, Jost Krieger escribió: Please show us your doveconf -n. -- -- Juan Carlos Sanchez Hernandez Responsable de Seguridad y Correo Electronico Servicio de Planificacion Informatica y Comunicaciones Universidad Politecnica de Madrid Rectorado Avda. Ramiro de Maeztu 7 28040 Madrid --
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Götz Reinicke - IT Koordinator wrote: Am 27.02.14 09:41, schrieb Steffen Kaiser: I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. But you'll see lines with home= mail= a.s.o. Are these settings correct? Maybe, post them, too. - -- Steffen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUw9ib3D1/YhP6VMHAQJLzgf/YzhiwRXvJ+2ntinaFPLEEgBKp5lcah7m 6j+ElZgf1c0ChsJF0V6GOTsYw7UbioLPug+Y0g0i1Sw7+LQO1991xn9OQkD+z1X0 JmaOokoZY/uaHcAZ2+v1s475Ha6HBZd853YGylgvshlo90dqSmcUquHwcTfr0XqT pzPaM8lb663iT8WIw7xQIePWmA5zJA7hEbAMTHmxYUmtcmbyphNzaWXLlEKl9qx1 bBBJdhHbAsCmT7GsgfcQgW1NTvtWoQe+ZCwRC7KOvUPpZaqy1vArMmkubyOPjmUe Za7/0OX1s7dNVEbJMGGcKuG9yPdtr8bYzXZHnLkP+D2LMvsc023YXw== =KLkd -END PGP SIGNATURE-
Re: [Dovecot] maildir quota divergence
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Juan Carlos Sanchez wrote: Hello; We are using maildir quotas and have found differences in many users in respect to what system command are showing and doveadm quotas. For example, four user test, we have: doveadm quota get -u test Quota name TypeValue Limit % STORAGE 98066 102400 95 MESSAGE 883 - 0 But if we check user mail_location with du system command we get he is using 70458 Kb. We are running dovecot 2.1.17 ¿any clue? Did you already tried: doveadm quota recalc -u user? Did you started du right in Maildir? Use: cd .../Maildir du -cs cur new .*/{cur,new} in order to count message files only. You do not seem to have activated the hardlink feature. If you did, you need to count each link, too. untested size in KB: find cur new .*/{cur,new} -type f -printf '%k\n' | \ awk ' END { print n } { n=n+$1 } ' - -- Steffen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEVAwUBUw9kiHD1/YhP6VMHAQLh7Af/U4gqXDaE/9wJOdp/KvpIX9CvJIUPuX8L Is/iAS2U/vLbZgh2o26NIsOfd+4cr+uR1OIrtPeUjDkvxFL17qo4SaZf0Sn8TTX5 BVX2b2OG1M6k+cxRmt+mV3UeRAzvzSoKUIhXTju7QbwcIG/SL1w8pCyLrBPIK0w1 O7sPl+eR2cF9cvY5M1pmfb+CBc/p1djn2bkeOT4lZf8BjRSqTxUbNP7HXIT9743A vGBjCi7HsDSKHK4EaDlmtgsH3q9L5MtJQzL0ScDEcghzedhfsk4vf/96ipmhnfAQ dXuBgWrztaNyNKxpg0IkHWlA7nUS9IWLEz6EjHG17yxuI/jRhHEnLQ== =9aHd -END PGP SIGNATURE-
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
Am 27.02.14 17:06, schrieb Steffen: Götz Reinicke - IT Koordinator wrote: Am 27.02.14 09:41, schrieb Steffen Kaiser: I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. But you'll see lines with home= mail= a.s.o. Are these settings correct? Maybe, post them, too. I just realised, that I used just a basic configuration (from the migration); I just added and started with the big conf.d and added my setting. There is still the same problem/error in the log, but with some more text: E.g. the rechnungseingang-finanzbuchhaltung looks like: Feb 27 16:59:55 imap(rechnungseingang-finanzbuchhaltung): Debug: Effective uid=3473, gid=1182, home=/home/misc_accounts/rechnungseingang-finanzbuchhaltung Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Debug: Effective uid=3474, gid=1182, home= Feb 27 17:02:11 auth-worker(19896): Debug: pam(rechnungseingang-animationsinstitut,172.17.25.85): lookup service=dovecot Feb 27 17:02:11 auth-worker(19896): Debug: pam(rechnungseingang-animationsinstitut,172.17.25.85): #1/1 style=1 msg=Password: Feb 27 17:02:11 auth: Debug: client passdb out: OK 1 user=rechnungseingang-animationsinstitut Feb 27 17:02:11 auth-worker(19896): Debug: passwd(rechnungseingang-animationsinstitut,172.17.25.85): lookup Feb 27 17:02:11 auth: Debug: master userdb out: USER3536191489 rechnungseingang-animationsinstitut system_groups_user=rechnungseingang-animationsinstitut uid=3474 gid=1182homeauth_token=58932681706c22720023a40104779c049ae2ac42 Feb 27 17:02:11 imap-login: Info: Login: user=rechnungseingang-animationsinstitut, method=PLAIN, rip=172.17.25.85, lip=193.196.129.3, mpid=21531, TLS, session=dAWscWXzyQCsERlV Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Debug: Effective uid=3474, gid=1182, home= Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/:INBOX=/var/mail/rechnungseingang-animationsinstitut Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Error: user rechnungseingang-animationsinstitut: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/:INBOX=/var/mail/rechnungseingang-animationsinstitut Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Error: Invalid user settings. Refer to server log for more information. -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Dovecot2 vs. AD, Inactivity during authentication
Hi, have you verified from you AD logs that dovecot is sending the same thing as your ldapsearch? -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca On Thu, 2014-02-27 at 12:58 +0100, Jeroen Scheerder wrote: Quoth Jeroen Scheerder (27 Feb 2014, 12:38): Here's what I see in the logs: Feb 27 12:25:49 mail.info ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=r/ERi2HzQAB/AAAB Feb 27 12:26:42 mail.err ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,r/ERi2HzQAB/AAAB): Request 74099.1 timed out after 225 secs, state=1 Logging to file instead of syslog, I see a bit more: Feb 27 12:45:27 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Feb 27 12:45:27 auth: Debug: Wrote new auth token secret to /var/run/dovecot/auth-token-secret.dat Feb 27 12:45:27 auth: Debug: auth client connected (pid=74241) Feb 27 12:45:31 auth: Debug: client in: AUTH1 PLAIN service=imap secured session=9QHH22HzYgB/AAABlip=127.0.0.1 rip=127.0.0.1 lport=143 rport=64354 resp=hidden Feb 27 12:45:31 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): bind search: base=dc=office,dc=on2it,dc=net filter=((ObjectClass=person)(sAMAccountName=js)) Feb 27 12:48:27 imap-login: Info: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 176 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=9QHH22HzYgB/AAAB Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js; sAMAccountName unused Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js Feb 27 12:49:16 auth: Error: PLAIN(js,127.0.0.1,9QHH22HzYgB/AAAB): Request 74241.1 timed out after 225 secs, state=1 Feb 27 12:49:16 auth: Debug: client in: CANCEL 1 Feb 27 12:49:18 auth: Debug: client passdb out: FAIL1 user=js temp Using ldapsearch on this very host, I have verified that this particular ldap query, with the same authenticated bind, actually works: ponyboy% time ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w suppressed \ -H ldap://dc2.office.on2it.net -b dc=office,dc=on2it,dc=net -D suppressed -s sub \ '((ObjectClass=person)(sAMAccountName=js))' sAMAccountName dn: CN=Jeroen Scheerder,OU=Users,OU=Netherlands,OU=ON2IT,DC=office,DC=on2it,DC=net sAMAccountName: js # refldap://DomainDnsZones.office.on2it.net/DC=DomainDnsZones,DC=office,DC=on2it,DC=net # refldap://ForestDnsZones.office.on2it.net/DC=ForestDnsZones,DC=office,DC=on2it,DC=net # refldap://office.on2it.net/CN=Configuration,DC=office,DC=on2it,DC=net # pagedresults: cookie= ldapsearch -o ldif-wrap=no -x -LLL -E pr=200/noprompt -w [...] -H0.00s user 0.00s system 19% cpu 0.019 total
Re: [Dovecot] Dovecot Migration: Retrieving/Logging POP/IMAP Passwords in Plaintext
On Thu, Feb 27, 2014 at 4:32 PM, Charles Marcus cmar...@media-brokers.comwrote: On 2/27/2014 9:20 AM, Traiano Welcome trai...@gmail.com wrote: I agree. Once upgraded to a reasonably recent version, though, what configuration would I use to log plaintext passwords, then ? http://wiki2.dovecot.org/Logging Scroll down to the bottom... From the wiki: auth_debug_passwords=yes does everything that auth_debug=yes does, but it also removes password hiding (but only if you are not using PAM, since PAM errors aren't written to Dovecot's own logs). Looks like upgrading won't help either, as I'm using pam: --- passdb pam { } userdb passwd { } --- -- Best regards, Charles
Re: [Dovecot] Quota-Status issue
Thanks for the help. For some reason I couldn't find the dovecot log before, but there it was staring me in the face, haha. Here's the error I was getting: Feb 27 14:55:06 auth-worker(30525): Error: sql(t...@example.com): User query failed: Unknown column 'mailbox.enablequota-status' in 'where clause' Feb 27 14:55:06 quota-status: Error: user t...@example.com: Auth USER lookup failed Looks like it was missing a column in the table. Was able to fix it by adding: ALTER TABLE vmail.umailbox ADD `enablequota-status` tinyint(1) DEFAULT 1 AFTER `enablelib-storage`; Now it works as expected! printf recipient=t...@example.com\nsize=12304\n\n | nc 127.0.0.1 12340 action=552 5.2.2 Mailbox is full Once again, thanks for the help. Everything is working smoothly now. On Mon, Feb 24, 2014 at 5:56 PM, Charles Sprickman sp...@bway.net wrote: On Feb 20, 2014, at 5:12 PM, Cyberonic Turbo wrote: Following this guide: http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I can't seem to get it to work, as soon as I add the smtpd_recipient_restrictions setting to postfix I can no longer send mail at all. I get the message SMTP Error (450): Failed to add recipient postmas...@example.com (4.7.1 : Recipient address rejected: Internal error occurred. Refer to server log for more information.). I googled around and found this command to test the quota-status service: printf recipient=postmaster at example.com\nsize=1234\n\n | nc 127.0.0.1 12340 It seems to always return the quota_status_nouser message. I'm really stumped here. What logs do I need to check for errors and does anyone have any experience with this? I'm not an expert, I just followed the same guide a few days ago while preparing to front an old vpopmail system with postfix. It did work for me. Before moving on to enabling the check in postfix, verify that the dovecot side is working. Your example test should work, I did the same here: [root@util-b /usr/local/etc/postfix]# printf recipient=c...@test.bway.net\nsize=12304\n\n | nc mbox.i 25001 action=DUNNO [root@util-b /usr/local/etc/postfix]# printf recipient=c...@test.bway.net\nsize=1234\n\n | nc mbox.i 25001 action=552 5.2.2 Mailbox is full If that fails for you, examine the dovecot log. In my case, I did have to provide the full path to the quota-status binary and dovecot complained about not being able to find it. Make sure you actually have quota-status installed. Full dovecot snippet for this below: # report quota to postfix # see http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ plugin { quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full } service quota-status { executable = /usr/local/libexec/dovecot/quota-status -p postfix inet_listener { address = 10.x.x.19 # In my case I want it listening on a particular IP port = 25001 } client_limit = 5 } If the dovecot portion is working, then move on to your postfix logs... Charles I'm running Dovect 2.2.10 with Postfix 2.6.6 Here's my dovecot -n result: # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * log_path = /var/log/dovecot.log mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/ mail_plugins = quota mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users-password driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl auth_socket_path = /var/run/dovecot/auth-master autocreate = INBOX autocreate2 = Sent autocreate3 = Trash autocreate4 = Drafts autocreate5 = Junk autosubscribe = INBOX autosubscribe2 = Sent autosubscribe3 = Trash autosubscribe4 = Drafts autosubscribe5 = Junk quota = dict:user::proxy::quotadict quota_grace = 10%% quota_rule = *:storage=1G quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning
[Dovecot] Converting old emails to compressed format
Hello, I know this question has already been asked, but I would really like a solution here as I tried all I could find on the wiki or mail archives I am now running dovecot 2.2.12 Compression works fine for new mails, so zlib works Mails are currently stored using dbox So I tried for testing dsync -D -v mirror -u user -m Archives dbox:~/temp dsync -o plugin/zlib_save=xz -D -v mirror -u user -m Archives dbox:~/temp dsync -o plugin/zlib_save= -D -v mirror -u user -m Archives dbox:~/temp dsync -o plugin/zlib_save= -D -v mirror -u user -m Archives maildir:~/temp dsync -o plugin/zlib_save=xz -D -v mirror -u user -m Archives maildir:~/temp And also converting again those maildir messages to dbox (just in case it wouldn't work from dbox format) And also with backup instead of mirror None of this actually works, mails are indeed copied, but not compressed So I am wondering if there is a way to compress those mails? Thank you smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
G?tz Reinicke writes: mail_location = mbox:~/:INBOX=/var/mail/%u ... Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/:INBOX=/var/mail/rechnungseingang-animationsinstitut Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Error: user rechnungseingang-animationsinstitut: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/:INBOX=/var/mail/rechnungseingang-animationsinstitut Hmm, I don't have a trialing '/' in my mail_location, so maybe you can try leaving it off too just to check. mbox:~:INBOX=/var/mail/%u Also, is your home directory well defined in your userdb? Check output of doveadm user rechnungseingang-animationsinstitut Joseph Tam jtam.h...@gmail.com
[Dovecot] Logging authentication failures when Dovecot's auth service used to authenticate postfix smtpd
Hello, tl;dr: Is there a way to get dovecot's auth to log failed smtp authentications without having to switch on auth_verbose? postfix version 2.11.0 and dovecot version 2.2.12 I'm currently migrating my postfix+courier to postfix+dovecot and so far it's working as expected. Except for logging smtp login failures. Despite Postfix logging successful authentications (see sample below), it doesn't log failed smtp logins. Feb 25 22:28:53 mailer2 postfix/submission[20274]: C981B20198: client=A-B-C-D.*.net[A.B.C.D]:63107, sasl_method=PLAIN, sasl_username=j...@example.net And since my postfix setup authenticates virtual users through Dovecot's auth, I thought maybe dovecot could report smtp login failures the same way it reports imap and pop3 login failures. Below is a sample extracted from info_log_path after several imap and pop3 login failures. (Obviously the IP 255 is made up and irrelevant for this mater). # begin extract /var/log/dovecot-info.log 2014-02-27 21:14:26 auth: Info: passwd-file(j...@example.net,255.255.255.255,Y0lbzmnzfwAuQV80): Password mismatch 2014-02-27 21:16:46 auth: Info: passwd-file(foobar,255.255.255.255,Y0lbzmnzfwAuQV80): unknown user 2014-02-27 21:52:00 auth: Info: passwd-file(f...@example.net,255.255.255.255,0Su6VGrzGwAuQV80): unknown user 2014-02-27 21:53:35 auth: Info: plain(?,255.255.255.255,0Su6VGrzGwAuQV80): Empty username 2014-02-27 21:53:55 auth: Info: plain(?,255.255.255.255,0Su6VGrzGwAuQV80): Username character disallowed by auth_username_chars: 0x5c (username: \0) 2014-02-27 22:08:05 auth: Info: plain(?,255.255.255.255): invalid input 2014-02-27 22:09:36 auth: Info: passwd-file(j...@example.net,255.255.255.255): Password mismatch 2014-02-27 22:09:53 auth: Info: login(?,255.255.255.255): Empty username # end extract I've tried adding -L -o info_log_path=/var/log/dovecot-info.log to the both auth and auth-worker services but that yield nothing. --% auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log log_timestamp = %Y-%m-%d %H:%M:%S passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/virtual_users driver = passwd-file } userdb { args = username_format=%u /etc/dovecot/virtual_users default_fields = uid=vmail gid=vmail driver = passwd-file override_fields = home=/home/vmail/%d/%u result_failure = return-fail result_internalfail = return-fail } service auth-worker { executable = auth -w -L -o info_log_path=/var/log/dovecot-info.log } service auth { executable = auth -L -o info_log_path=/var/log/dovecot-info.log unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix user = postfix mode = 0660 } } service lmtp { executable = lmtp -L -o info_log_path=/var/log/dovecot-info.log unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix user = postfix mode = 0660 } } --% The relevant postfix config is ... smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth virtual_transport = lmtp:unix:private/dovecot-lmtp
Re: [Dovecot] Dovecot2 vs. AD, Inactivity during authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Feb 2014, Jeroen Scheerder wrote: passdb { args = /usr/local/etc/dovecot/on2it-ldap-users.cfg driver = ldap } userdb { args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg driver = ldap } $ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg hosts = dc2.office.on2it.net ldap_version = 3 base = dc=office,dc=on2it,dc=net scope=subtree auth_bind = yes dn = [suppressed] dnpass = [suppressed] pass_attrs = sAMAccountName=user user_attrs = \ =home=/var/mail/on2it/%{ldap:sAMAccountName}, \ =mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName} you must not use home dir == mail dir, search list about what wired things can happen, if you do. But this has nothing to do with your auth problem. user_filter = ((ObjectClass=person)(sAMAccountName=%u)) pass_filter = ((ObjectClass=person)(sAMAccountName=%u)) iterate_attrs = sAMAccountName=user iterate_filter = (objectClass=person) $ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg lrwxr-xr-x 1 root wheel 20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg - on2it-ldap-users.cfg Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js; sAMAccountName unused Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,9QHH22HzYgB/AAAB): result: sAMAccountName=js This puzzles me, sAMAccountName unused should mean that Dovecot does not use the attribute, which contradicts the definition of pass_attrs. Do you have wiered characters in/around the line pass_attrs = sAMAccountName=user? Maybe a Windows linebreak ^M / \r or something? A Unicode non-breakable space? Did you stopped, killed any remaining Dovecot processes and restarted Dovecot - just to be sure? Maybe, add sAMAccountName=user to user_attrs, too. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUxA7WXD1/YhP6VMHAQKX4ggA1Zn7M3ADyVmqxtYT3aiNW429RiFLnKrX ql8YZUS+ZPAKP7aBzEFZqUFKc3UkP9yR6QfZPoJC/x3DJqnKZZTW6dJl2vDkXVth KUA1OotQVE21E85mbZR8zUYwKGl05saYwJb/4HpfP56xX8PbaItAUPISwPa5LAYK aShfHZ/dD0Qq49eEMqa/ErG/3ntUQfD162UCiKMspUh91i4enEt1WQ2j4cSRN3BV iSwx3U337uFYyUCqAhiUG7dtHU8CH2GD6RNFM/m3JXYZWg91zgKveBNJ4pGzV8mU bb5pJ2KAhUQIjXnCgZrSSVIkgUr6KOMr0gkztACNvwhm78TF45WAbg== =Y/0n -END PGP SIGNATURE-
Re: [Dovecot] Error Initializing mail storage ... after upgrading to 2.2.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Feb 2014, Götz Reinicke - IT Koordinator wrote: Am 27.02.14 17:06, schrieb Steffen: Götz Reinicke - IT Koordinator wrote: Am 27.02.14 09:41, schrieb Steffen Kaiser: I suggest to turn on mail_debug, then you see all paths a.s.o. Switched it on, but there are no more error messages. But you'll see lines with home= mail= a.s.o. Are these settings correct? Maybe, post them, too. I just realised, that I used just a basic configuration (from the migration); I just added and started with the big conf.d and added my setting. There is still the same problem/error in the log, but with some more text: E.g. the rechnungseingang-finanzbuchhaltung looks like: Feb 27 16:59:55 imap(rechnungseingang-finanzbuchhaltung): Debug: Effective uid=3473, gid=1182, home=/home/misc_accounts/rechnungseingang-finanzbuchhaltung Feb 27 17:02:11 imap(rechnungseingang-animationsinstitut): Debug: Effective uid=3474, gid=1182, home= list=yes, subscriptions=yes location=mbox:~/:INBOX=/var/mail/rechnungseingang-animationsinstitut See that next Info line: Home directory not set for user. Can't expand ~/ for mail root dir in: ~/ In contrast to rechnungseingang-finanzbuchhaltung your userdb does not return no home dir for rechnungseingang-animationsinstitut, therefore your mail_location ~/ expands to the root directory /. You have to correct your userdb. Maybe you need to clean the cache: doveadm auth cache flush - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUxA8zHD1/YhP6VMHAQLexQgAjIEJcpptztDfWUt+P/T5jOC6GNgZLGKw BqCLrlwfmFFmSKiwqrNee2mSTjIHtAE15doeBrTclh1Hhmdgq+rdRNydBc6TRbXe eXqZujdutDJPL1iZdNP3yT1p1lALKNPlqIraey7URUTQqSRwMymDmjHF4woY2VR4 wYnZb+PCcgWhIgLykTaV7gu7L1jVwzf7mH9liFZkTjOt0zHYzOXZ1jJ+K3X7TvBA jLQmxUp0ygCmAgd1Wl10El5e5RxMyZXvCOGiF++Rv4TJAJSxer1hgzSSY9EEv6wM kN3qkcGfXlmySYwNihk4Cf4xqqKryr364EIkBlEmYli5VLvxpY8WLg== =RgoZ -END PGP SIGNATURE-