dovecot - Aug 2009 - User Auth

Hello all,

I am new to the mailing list and I'm in the process of setting up a
LAMP + mail server. I have configured my MTA (Postfix) to deliver
messages to:

/var/spool/mail/vhosts/domain.tld/name

I have configured Dovecot as follows:

--
# 1.2.2: /usr/local/etc/dovecot.conf
protocols: imap imaps pop3
ssl: no
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_location: mbox:/var/spool/mail/vhosts/%d:INBOX=/var/spool/mail/vhosts/%d/%n
mail_debug: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
lda:
  postmaster_address: postmaster at example.com
auth default:
  debug: yes
  passdb:
    driver: passwd-file
    args: /etc/passwd.dovecot
  userdb:
    driver: passwd
--

Password excepted, my passwd.dovecot file containing a single virtual
user looks like:

richard:{plain}password:504:505::/home/vmail

The uid/gid is the same as used by Postfix (a dedicated vmail
user/group). That user/group owns the mbox I am trying to manipulate
in this example. When I attempt to login via telnet on port 110 I get
the error:

+OK Dovecot ready.
user richard at richardaharwood.com
+OK
pass password
-ERR Authentication failed.

It seems to dislike the fact I specify the domain as part of the login
username. If I repeat and login as: user richard - I am authenticated,
however I get the error:

-ERR [IN-USE] Couldn't open INBOX: Internal error occurred. Refer to
server log for more information.

Tailing the maillog, I see the following:

Aug  8 17:19:01 richardaharwood dovecot: auth(default): client in:
AUTH 1       PLAIN   service=pop3    secured lip=83.170.110.193
rip=83.170.110.193      lport=110       rport=58115     resp=<hidden>
Aug  8 17:19:01 richardaharwood dovecot: auth(default):
passwd-file(richard,83.170.110.193): lookup: user=richard
file=/etc/passwd.dovecot
Aug  8 17:19:01 richardaharwood dovecot: auth(default): client out: OK
 1       user=richard
Aug  8 17:19:01 richardaharwood dovecot: auth(default): master in:
REQUEST      4       3603    1
Aug  8 17:19:01 richardaharwood dovecot: auth(default):
passwd(richard,83.170.110.193): lookup
Aug  8 17:19:01 richardaharwood dovecot: auth(default): master out:
USER        4       richard system_groups_user=richard      uid=500
gid=500 home=/home/richard
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard): Effective
uid=500, gid=500, home=/home/richard
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard): mbox:
data=/var/spool/mail/vhosts/:INBOX=/var/spool/mail/vhosts//richard
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard): fs:
root=/var/spool/mail/vhosts, index=, control=,
inbox=/var/spool/mail/vhosts//richard
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard):
open(/var/spool/mail/vhosts//richard) failed: Permission denied
(euid=500(richard) egid=500(richard) missing +x perm:
/var/spool/mail/vhosts/)
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard): Couldn't open
INBOX: Internal error occurred. Refer to server log for more
information. [2009-08-08 17:19:01]
Aug  8 17:19:01 richardaharwood dovecot: POP3(richard): Couldn't open
INBOX top=0/0, retr=0/0, del=0/0, size=0
Aug  8 17:19:01 richardaharwood dovecot: pop3-login: Login:
user=<richard>, method=PLAIN, rip=83.170.110.193, lip=83.170.110.193,
secured

Assuming I could login with richard at richardaharwood.com, I should
imagine Dovecot will successfully find the inbox, which is located at
/var/spool/mail/vhosts/richardaharwood.com/richard in this example.

I also notice the effective uid/gid is not that specified in the
passwd file? The uid/gid appears to be that of my own ssh account
which is not connected to the mail account that I wish to simply
access as a virtual user. Would anyone be kind enough to point me in
the right direction?

In a nutshell, where am I going wrong with my authentication? This is
a basic setup for the time being, until I get my head around it, but
any pointers would be really appreciated. Have spent quite a few hours
but I don't feel much closer to getting to the bottom of it! :)

Many thanks,
Richard

On Sat, 2009-08-08 at 17:40 +0100, Richard Harwood wrote:
> /var/spool/mail/vhosts/domain.tld/name
> mail_location:
mbox:/var/spool/mail/vhosts/%d:INBOX=/var/spool/mail/vhosts/%d/%n
With above configuration all users within the domain share all their
non-INBOX mailboxes. Is this really what you wanted?
>   passdb:
>     driver: passwd-file
>     args: /etc/passwd.dovecot
>   userdb:
>     driver: passwd
> --
> 
> Password excepted, my passwd.dovecot file containing a single virtual
> user looks like:
> 
> richard:{plain}password:504:505::/home/vmail
Then you should configure dovecot to use userdb passwd-file { .. }
instead of using userdb passwd (which uses your /etc/passwd).

Also don't make home directory shared across users. Instead I'd do
something like:

home = /var/spool/mail/vhosts/domain.tld/name

mail_location = mbox:~/mail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090809/97db4074/attachment-0002.bin>