[Dovecot] 'unknown user' using dovecot LDA
Ok, one more issue to resolve.
The old server was still using the postfix/virtual for delivery, but the
new one is using the dovecot LDA.
Now, when an email generated locally by a cron job is delivered, this
shows in the log:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]: C67FD90F676B2:
uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]: C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue active)
2013-12-22T10:29:55-05:00 host dovecot: auth-worker(22365):
passwd(us...@example.com): unknown user
2013-12-22T10:29:55-05:00 host dovecot: lda(us...@example.com):
msgid=20131222152955.c67fd90f67...@smtp2.example.com: saved mail to INBOX
2013-12-22T10:29:55-05:00 host postfix/pipe[22361]: C67FD90F676B2:
to=user1+rkhunter-rep...@example.com, relay=dovecot, delay=0.06,
delays=0.02/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2: removed
The mail was delivered (as the log also clearly shows), but what is with
the 'unknown user'?
I'm not sure how I can test my maps with dovecot, but testing with
postfix shows:
# postmap -q us...@example.com mysql:/etc/postfix/maps/mysql/vmm.cf
example.com/user1/
Which is correct.
And my dovecot-sql-conf.ext contains:
driver = mysql
connect = host=localhost dbname=db_name user=dbuser password=password
default_pass_scheme = CRYPT
password_query = \
SELECT username AS user, password \
FROM mailbox WHERE username = '%u'
user_query = \
SELECT CONCAT('/var/vmail/', maildir) AS home \
FROM mailbox WHERE username = '%u'
iterate_query = SELECT username AS user FROM mailbox
I confirmed the db info is identical to what postfix is using.
Oh - and in order to make sure that all usernames are lowercased,
shouldn't I change '%u' above to '%Lu'?
Appreciate any suggestions on where to go next... thanks
--
Best regards,
*/Charles/*
Re: [Dovecot] 'unknown user' using dovecot LDA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 22-12-13 16:43, Charles Marcus wrote:
Ok, one more issue to resolve.
The old server was still using the postfix/virtual for delivery,
but the new one is using the dovecot LDA.
Now, when an email generated locally by a cron job is delivered,
this shows in the log:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]:
C67FD90F676B2: uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]:
C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue
active) 2013-12-22T10:29:55-05:00 host dovecot:
auth-worker(22365): passwd(us...@example.com): unknown user
This is an error from the passwd authentication backend, not from the
mysql one you're checking below. Seems that you have 2 auth backends
enabled in dovecot...
2013-12-22T10:29:55-05:00 host dovecot: lda(us...@example.com):
msgid=20131222152955.c67fd90f67...@smtp2.example.com: saved mail
to INBOX 2013-12-22T10:29:55-05:00 host postfix/pipe[22361]:
C67FD90F676B2: to=user1+rkhunter-rep...@example.com,
relay=dovecot, delay=0.06, delays=0.02/0/0/0.04, dsn=2.0.0,
status=sent (delivered via dovecot service)
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
removed
The mail was delivered (as the log also clearly shows), but what is
with the 'unknown user'?
I'm not sure how I can test my maps with dovecot, but testing with
postfix shows:
# postmap -q us...@example.com
mysql:/etc/postfix/maps/mysql/vmm.cf example.com/user1/
Which is correct.
And my dovecot-sql-conf.ext contains:
driver = mysql connect = host=localhost dbname=db_name user=dbuser
password=password default_pass_scheme = CRYPT password_query = \
SELECT username AS user, password \ FROM mailbox WHERE username =
'%u' user_query = \ SELECT CONCAT('/var/vmail/', maildir) AS home
\ FROM mailbox WHERE username = '%u' iterate_query = SELECT
username AS user FROM mailbox
I confirmed the db info is identical to what postfix is using.
Oh - and in order to make sure that all usernames are lowercased,
shouldn't I change '%u' above to '%Lu'?
Appreciate any suggestions on where to go next... thanks
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJStwoaAAoJEJPfMZ19VO/1MkIQAK2u3lQOUI6zHGQzoO7iNjQP
OAHmFyn/QnPSRGd7O+EAHSG6vvz6QBgf0qpUSym8nPu+jDaG564eZwqfQu1cIa2c
uerz0ZDYk8hu4XqKHP83c/A5SsoG8QbmO0LTwr3wSSvmvOS4G1agMqpZt2r5r2pG
aiAbHgQYWbp906F0absak/W4XAIJltqiIxQ1QcFhhXjovmiQTxugiCgx7RhxY5dx
Li1KWzGZbl9cANQvUn8Sy7UIkYtu40qcZn150DYq3iKKT2cA18PSSPA8Rur/zigT
vidhIB+h0p+qNlGKs1rUlKifX2fD9JhGa/GinotBi33PTZPsTzVzYESgBYR9/nFH
ekgraAJ+xHva2K0dKartzzddHvweAub0PxXn4YZw5X4fxYyITGuWqDBsB2Pn38XW
xQRjWQ2nnjNH7YHrCiwAcykU71jT6kYJwSBp1SxkWRHlk9HTDPKH0P+SRJJ03Bri
2CfkutX8GNVNXlME2G1yqDhV03XOPziEwdRUSB5t2jgZWrMYTE21zfpLLLUYhNKa
JYnShmpEkRk9VpGquk1fCTMZNtTIomdcqwtfd0r0cPwXFx2KVTBJfkvwR8CCX850
QgiwlTARaLrF8VVT9ujLP2uBieoeDOIJOEAFs86BxQVmLqBkZJVn3raJikhzoHJo
pxe1lAFyeF5C7zjD1i5x
=rG+d
-END PGP SIGNATURE-
Re: [Dovecot] 'unknown user' using dovecot LDA
On 2013-12-22 10:49 AM, Tom Hendrikx t...@whyscream.net wrote:
On 22-12-13 16:43, Charles Marcus wrote:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]:
C67FD90F676B2: uid=0 from=newsrv+rkhun...@example.com
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]:
C67FD90F676B2:
message-id=20131222152955.c67fd90f67...@smtp2.example.com
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue
active) 2013-12-22T10:29:55-05:00 host dovecot:
auth-worker(22365): passwd(us...@example.com): unknown user
This is an error from the passwd authentication backend, not from the
mysql one you're checking below. Seems that you have 2 auth backends
enabled in dovecot...
Ah, right you are, thanks!
Missed that (it was staring me in the face) - doveconf -n shows:
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
One thing about dovecots config I've learned during this process... it
is confusing sometimes to determine where any given setting is coming
from, given the number of different default config files..
Grepping of course will help you find it, but it would be nice if there
was some way to simplify this...
Maybe cut down on the number of different config files (ie, combine all
of the different auth-* files into one)?
Or maybe a verbose flag you could pass to doveconf -n - ie, 'doveconf
-nv' - that would sort the output based on the config file that each
group of settings came from, with a comment above each group of
settings, ie:
doveconf -nv
...
# from /etc/dovecot/conf.d/auth-system.conf.ext
userdb {
driver = passwd
}
# from /etc/dovecot/conf.d/auth-sql.conf.ext
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
But, like I said, it isn't all that difficult to find them so not a huge
deal.
Anyway, problem solved - thanks again Tom...
--
Best regards,
*/Charles/*
Re: [Dovecot] 'unknown user' using dovecot LDA
Am 22.12.2013 17:24, schrieb Charles Marcus:
One thing about dovecots config I've learned during this process... it is
confusing sometimes to determine where
any given setting is coming from, given the number of different default
config files..
Grepping of course will help you find it, but it would be nice if there was
some way to simplify this...
Maybe cut down on the number of different config files
you are free to use only one config file as below and
a second one /etc/dovecot/sql.conf referred there
contains the sensible autentication configuration
hence my RPM-SPEC does not include a single config file
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3
# configure ssl
ssl= yes
ssl_cert = /etc/postfix/certs/localhost.pem
ssl_key= /etc/postfix/certs/localhost.pem
ssl_cipher_list=
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
ssl_prefer_server_ciphers = yes
ssl_parameters_regenerate = 0
# configure imap-proxy
service imap-login {
inet_listener imap {
address= **.**.**.**
port = 143
}
inet_listener imaps {
address= **.**.**.**
port = 993
}
vsz_limit= 128M
service_count= 0
process_min_avail= 1
process_limit= 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address= **.**.**.**
port = 110
}
inet_listener pop3s {
address= **.**.**.**
port = 995
}
vsz_limit= 128M
service_count= 0
process_min_avail= 1
process_limit= 1
client_limit = 200
}
# default settings
imap_capability= IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %k
login_log_format = %{login_status}: %s
mail_max_userip_connections= 100
auth_mechanisms= CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN
PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility= mail
# authentication process
auth_worker_max_count = 50
auth_cache_size= 1024
auth_cache_ttl = 600
auth_cache_negative_ttl= 600
auth_username_chars=
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl= no
# configure proxy-database
passdb {
driver= sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver= static
args = static uid=1 gid=1 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group= postfix
}
}
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] 'unknown user' using dovecot LDA
On 2013-12-22 11:29 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 22.12.2013 17:24, schrieb Charles Marcus: One thing about dovecots config I've learned during this process... it is confusing sometimes to determine where any given setting is coming from, given the number of different default config files.. Grepping of course will help you find it, but it would be nice if there was some way to simplify this... Maybe cut down on the number of different config files you are free to use only one config file as below and a second one /etc/dovecot/sql.conf referred there contains the sensible autentication configuration I know this, and indeed I do this myself. I wasn't talking about your RPM-SPEC file, I was talking about the numerous dovecot config files that are installed in a new default installation. It is very confusing for people new to dovecot (I didn't have any major problems, because I'm not new, but installing it fresh gave me a new perspective). -- Best regards, */Charles/*
