Ran Talbott
2010-Dec-26 03:49 UTC
[Dovecot] Dovecot 1.2.12 + Postfix + virtual domains: delivering to system users
As mentioned in my previous posting, I've set up a mailserver for a domain of Winboxen, authenticated through Active Directory. After some struggles, I finally got that working. But I also need to receive emails for a few system users on the mailserver (like postmaster, and a couple of accounts set up for maintaining the system). I thought, based on the way I read the documentation, that I could just add a "userdb passwd", ahead of the "userdb ldap", and deliver would find their home directory maildirs. The virtual users would fail the passwd search, fall through to the LDAP check, and deliver would drop their mail into their maildirs in the /var/mailstore tree. I knew the system users wouldn't be able to login to the IMAP server, but this isn't a concern. Instead, the system users' mail got bounced, after an auth check via the "master" socket (from Postfix, I guess: it's a transient process) whose details don't get logged. And the virtual users' lookups (done by deliver) returned made-up UIDs and GIDs, and maildir locations (/home/<realm>/<username>) completely different from what the LDAP lookup normally returns (/var/mailstore/<username>). So what am I missing here? I managed to work around this by adding the system users to the Postfix virtual.db, but it would be nice to not need to do that. It would also be nice to neable the system users to check email by logging in to the IMAP serve, but I'm reluctant to even try that after the way delivery went completely wonky. Thanks, Ran
Timo Sirainen
2010-Dec-30 10:52 UTC
[Dovecot] Dovecot 1.2.12 + Postfix + virtual domains: delivering to system users
On Sat, 2010-12-25 at 20:49 -0700, Ran Talbott wrote:> As mentioned in my previous posting, I've set up a mailserver for a domain of > Winboxen, authenticated through Active Directory. After some struggles, I > finally got that working. But I also need to receive emails for a few system > users on the mailserver (like postmaster, and a couple of accounts set up > for maintaining the system). > > I thought, based on the way I read the documentation, that I could just add > a "userdb passwd", ahead of the "userdb ldap", and deliver would find their > home directory maildirs. The virtual users would fail the passwd search, > fall through to the LDAP check, and deliver would drop their mail into their > maildirs in the /var/mailstore tree. I knew the system users wouldn't be > able to login to the IMAP server, but this isn't a concern.Yes, sounds right.> Instead, the system users' mail got bounced, after an auth check via > the "master" socket (from Postfix, I guess: it's a transient process) whose > details don't get logged. And the virtual users' lookups (done by deliver) > returned made-up UIDs and GIDs, and maildir locations > (/home/<realm>/<username>) completely different from what the LDAP lookup > normally returns (/var/mailstore/<username>).I've no idea why that would happen. dovecot -n output and logs with auth_debug=yes + mail_debug=yes would be helpful. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20101230/8f64a02c/attachment-0002.bin>
Ran Talbott
2010-Dec-31 09:18 UTC
[Dovecot] Dovecot 1.2.12 + Postfix + virtual domains: delivering to system users
I've tested with 3 different configurations, using 3 users:
ran - a Linux system user that's in the postfix "virtual.db"
vmail - a system user _not_ in virtual.db
testing.testing - a Windoze user with no Linux account
All 3 configurations have passdb ldap and userdb ldap.
First config has no userdb or passdb for the Linux users. Second config adds
userdb passwd. Both work the same:
Mail to vmail bounces
Mail to ran is delivered OK to /home/ran/maildir
Mail to testing.testing goes to /var/mailstore//testing.testing/Maildir
But testing.testing mail _should_ go
to /var/mailstore/<domain>/testing.testing/Maildir. As mentioned in my
earlier email, %d doesn't seem to work with LDAP queries.
The third config adds passdb shadow.
Mail to vmail bounces
Mail to ran is delivered OK to /home/ran/maildir
Mail to testing.testing tries to go to /home/testing.testing/Maildir. This
delivery attempt fails because the manufactured Linux uid and gid are
wrong. But it's also the wrong directory.
In a nutshel: it appears Dovecot can't deliver to sysem users at all
(Postfix
is taking care of "ran"), and the mere presence of a "passdb
shadow" causes
the DAP lookups to go awry.
Here's the dovecot -n and mail.log for configuration 1 (email addresses in
all
logs have been obscured by replacing domain name):
# 1.2.12: dovecot.conf.9
# OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.10 ext4
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_uid: 501
mail_gid: 501
mail_location: maildir:/var/mailstore/%d/%n/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
lda:
postmaster_address: mail.server at lawleytechsupport.info
hostname: lawleytechsupport.info
auth default:
mechanisms: plain login
username_format: %Ln
verbose: yes
debug: yes
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
Dec 30 19:25:30 IBMUBUNTU1 dovecot: last message repeated 2 times
Dec 30 19:25:30 IBMUBUNTU1 dovecot: auth(default): Killed with signal 15 (by
pid=1 uid=0 code=kill)
Dec 30 19:25:30 IBMUBUNTU1 dovecot: dovecot: Killed with signal 15 (by pid=1
uid=0 code=kill)
Dec 30 19:25:30 IBMUBUNTU1 dovecot: Dovecot v1.2.12 starting up (core dumps
disabled)
Dec 30 19:25:36 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24878
Dec 30 19:25:36 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24877
Dec 30 19:25:36 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24879
Dec 30 19:26:57 IBMUBUNTU1 postfix/smtpd[24884]: connect from
fed1rmmtao105.cox.net[68.230.241.41]
Dec 30 19:26:57 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24884
Dec 30 19:26:57 IBMUBUNTU1 postfix/smtpd[24884]: NOQUEUE: reject: RCPT from
fed1rmmtao105.cox.net[68.230.241.41]: 550 5.1.1 <vmail at yyy.yyy>:
Recipient
address rejected: User unknown in virtual mailbox table;
from=<embed-mobile at xxx.xxx> to=<vmail at yyy.yyy> proto=ESMTP
helo=<fed1rmmtao105.cox.net>
Dec 30 19:26:57 IBMUBUNTU1 postfix/smtpd[24884]: disconnect from
fed1rmmtao105.cox.net[68.230.241.41]
Dec 30 19:27:11 IBMUBUNTU1 postfix/smtpd[24884]: connect from
fed1rmmtao105.cox.net[68.230.241.41]
Dec 30 19:27:11 IBMUBUNTU1 postfix/smtpd[24884]: 3E63A101F19:
client=fed1rmmtao105.cox.net[68.230.241.41]
Dec 30 19:27:11 IBMUBUNTU1 postfix/cleanup[24889]: 3E63A101F19:
message-id=<201012301925.44033.embed-mobile at xxx.xxx>
Dec 30 19:27:11 IBMUBUNTU1 postfix/qmgr[19282]: 3E63A101F19:
from=<embed-mobile at xxx.xxx>, size=1361, nrcpt=1 (queue active)
Dec 30 19:27:11 IBMUBUNTU1 postfix/smtpd[24884]: disconnect from
fed1rmmtao105.cox.net[68.230.241.41]
Dec 30 19:27:11 IBMUBUNTU1 postfix/local[24890]: 3E63A101F19:
to=<ran at localhost>, orig_to=<ran at yyy.yyy>, relay=local,
delay=0.28,
delays=0.23/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Dec 30 19:27:11 IBMUBUNTU1 postfix/qmgr[19282]: 3E63A101F19: removed
Dec 30 19:27:25 IBMUBUNTU1 postfix/smtpd[24884]: connect from
fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 19:27:25 IBMUBUNTU1 postfix/smtpd[24884]: 1DA90101F19:
client=fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 19:27:25 IBMUBUNTU1 postfix/cleanup[24889]: 1DA90101F19:
message-id=<201012301925.57821.embed-mobile at xxx.xxx>
Dec 30 19:27:25 IBMUBUNTU1 postfix/qmgr[19282]: 1DA90101F19:
from=<embed-mobile at xxx.xxx>, size=1409, nrcpt=1 (queue active)
Dec 30 19:27:25 IBMUBUNTU1 dovecot: auth(default): master in:
USER#0111#011testing.testing at yyy.yyy#011service=deliver
Dec 30 19:27:25 IBMUBUNTU1 dovecot: auth(default): ldap(testing.testing): user
search: base=dc=lawley, dc=local scope=subtree filter=(&(objectClass=user)
(samaccountname=testing.testing)) fieldsDec 30 19:27:25 IBMUBUNTU1 dovecot:
auth(default): ldap(testing.testing):
result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)=
givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)=
whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)=
uSNCreated(?unknown?)= uSNChanged(?unknown?)= name(?unknown?)=
objectGUID(?unknown?)= userAccountControl(?unknown?)=
primaryGroupID(?unknown?)= objectSid(?unknown?)= sAMAccountName(?unknown?)=
sAMAccountType(?unknown?)= userPrincipalName(?unknown?)=
objectCategory(?unknown?)Dec 30 19:27:25 IBMUBUNTU1 dovecot: auth(default):
master out:
USER#0111#011testing.testing#011home=/var/mailstore//testing.testing.
=uid=501#011gid=501#011mail=maildir:/var/mailstore//testing.testing/Maildir/
Dec 30 19:27:25 IBMUBUNTU1 postfix/smtpd[24884]: disconnect from
fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 19:27:25 IBMUBUNTU1 dovecot: deliver(testing.testing):
msgid=<201012301925.57821.embed-mobile at xxx.xxx>: saved mail to INBOX
Dec 30 19:27:25 IBMUBUNTU1 postfix/pipe[24891]: 1DA90101F19:
to=<testing.testing at yyy.yyy>, relay=dovecot, delay=0.36,
delays=0.23/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot
service)
Dec 30 19:27:25 IBMUBUNTU1 postfix/qmgr[19282]: 1DA90101F19: removed
**********************************************************************
Here's the dovecot -n and mail.log for configuration 2:
# 1.2.12: dovecot.conf.11
# OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.10 ext4
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_uid: 501
mail_gid: 501
mail_location: maildir:/var/mailstore/%d/%n/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
lda:
postmaster_address: mail.server at lawleytechsupport.info
hostname: lawleytechsupport.info
auth default:
mechanisms: plain login
username_format: %Ln
verbose: yes
debug: yes
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: passwd
args: mail=maildir:~/Maildir
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
Dec 30 19:18:39 IBMUBUNTU1 postfix/smtpd[24843]: connect from
fed1rmmtao102.cox.net[68.230.241.44]
Dec 30 19:18:39 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24843
Dec 30 19:18:39 IBMUBUNTU1 postfix/smtpd[24843]: NOQUEUE: reject: RCPT from
fed1rmmtao102.cox.net[68.230.241.44]: 550 5.1.1 <vmail at yyy.yyy>:
Recipient
address rejected: User unknown in virtual mailbox table;
from=<embed-mobile at xxx.xxx> to=<vmail at yyy.yyy> proto=ESMTP
helo=<fed1rmmtao102.cox.net>
Dec 30 19:18:39 IBMUBUNTU1 postfix/smtpd[24843]: disconnect from
fed1rmmtao102.cox.net[68.230.241.44]
Dec 30 19:18:54 IBMUBUNTU1 postfix/smtpd[24843]: connect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 19:18:54 IBMUBUNTU1 postfix/smtpd[24843]: 636DD101F22:
client=fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 19:18:54 IBMUBUNTU1 postfix/cleanup[24848]: 636DD101F22:
message-id=<201012301917.17808.embed-mobile at xxx.xxx>
Dec 30 19:18:54 IBMUBUNTU1 postfix/qmgr[19282]: 636DD101F22:
from=<embed-mobile at xxx.xxx>, size=1362, nrcpt=1 (queue active)
Dec 30 19:18:54 IBMUBUNTU1 postfix/smtpd[24843]: disconnect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 19:18:54 IBMUBUNTU1 postfix/local[24849]: 636DD101F22:
to=<ran at localhost>, orig_to=<ran at yyy.yyy>, relay=local,
delay=0.31,
delays=0.26/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Dec 30 19:18:54 IBMUBUNTU1 postfix/qmgr[19282]: 636DD101F22: removed
Dec 30 19:19:02 IBMUBUNTU1 postfix/smtpd[24843]: connect from
fed1rmmtao106.cox.net[68.230.241.40]
Dec 30 19:19:03 IBMUBUNTU1 postfix/smtpd[24843]: 047FA101F22:
client=fed1rmmtao106.cox.net[68.230.241.40]
Dec 30 19:19:03 IBMUBUNTU1 postfix/cleanup[24848]: 047FA101F22:
message-id=<201012301917.31815.embed-mobile at xxx.xxx>
Dec 30 19:19:03 IBMUBUNTU1 postfix/qmgr[19282]: 047FA101F22:
from=<embed-mobile at xxx.xxx>, size=1408, nrcpt=1 (queue active)
Dec 30 19:19:03 IBMUBUNTU1 dovecot: auth(default): master in:
USER#0111#011testing.testing at yyy.yyy#011service=deliver
Dec 30 19:19:03 IBMUBUNTU1 dovecot: auth(default): ldap(testing.testing): user
search: base=dc=lawley, dc=local scope=subtree filter=(&(objectClass=user)
(samaccountname=testing.testing)) fieldsDec 30 19:19:03 IBMUBUNTU1 dovecot:
auth(default): ldap(testing.testing):
result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)=
givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)=
whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)=
uSNCreated(?unknown?)= uSNChanged(?unknown?)= name(?unknown?)=
objectGUID(?unknown?)= userAccountControl(?unknown?)=
primaryGroupID(?unknown?)= objectSid(?unknown?)= sAMAccountName(?unknown?)=
sAMAccountType(?unknown?)= userPrincipalName(?unknown?)=
objectCategory(?unknown?)Dec 30 19:19:03 IBMUBUNTU1 dovecot: auth(default):
master out:
USER#0111#011testing.testing#011home=/var/mailstore//testing.testing.
=uid=501#011gid=501#011mail=maildir:/var/mailstore//testing.testing/Maildir/
Dec 30 19:19:03 IBMUBUNTU1 postfix/smtpd[24843]: disconnect from
fed1rmmtao106.cox.net[68.230.241.40]
Dec 30 19:19:03 IBMUBUNTU1 dovecot: deliver(testing.testing):
msgid=<201012301917.31815.embed-mobile at xxx.xxx>: saved mail to INBOX
Dec 30 19:19:03 IBMUBUNTU1 postfix/pipe[24850]: 047FA101F22:
to=<testing.testing at yyy.yyy>, relay=dovecot, delay=0.56,
delays=0.46/0.01/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot
service)
Dec 30 19:19:03 IBMUBUNTU1 postfix/qmgr[19282]: 047FA101F22: removed
**********************************************************************
Here's the dovecot -n and mail.log for configuration 3:
# 1.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.35-23-generic-pae i686 Ubuntu 10.10 ext4
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_uid: 501
mail_gid: 501
mail_location: maildir:/var/mailstore/%d/%n/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
lda:
postmaster_address: mail.server at lawleytechsupport.info
hostname: lawleytechsupport.info
auth default:
mechanisms: plain login
username_format: %Ln
verbose: yes
debug: yes
passdb:
driver: shadow
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: passwd
args: mail=maildir:/home/%n/Maildir
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
Dec 30 08:02:20 IBMUBUNTU1 postfix/cleanup[23693]: 502151009C7:
message-id=<20101230150220.502151009C7 at mail.lawleytechsupport.info>
Dec 30 08:02:20 IBMUBUNTU1 postfix/qmgr[19282]: 502151009C7:
from=<root at yyy.yyy>, size=409, nrcpt=1 (queue active)
Dec 30 08:02:20 IBMUBUNTU1 postfix/local[23695]: 502151009C7:
to=<root at localhost>, orig_to=<root>, relay=local, delay=0.19,
delays=0.14/0.02/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
Dec 30 08:02:20 IBMUBUNTU1 postfix/qmgr[19282]: 502151009C7: removed
Dec 30 17:34:41 IBMUBUNTU1 postfix/smtpd[24338]: connect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 17:34:41 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24338
Dec 30 17:34:41 IBMUBUNTU1 postfix/smtpd[24338]: NOQUEUE: reject: RCPT from
fed1rmmtao107.cox.net[68.230.241.39]: 550 5.1.1 <vmail at yyy.yyy>:
Recipient
address rejected: User unknown in virtual mailbox table;
from=<embed-mobile at xxx.xxx> to=<vmail at yyy.yyy> proto=ESMTP
helo=<fed1rmmtao107.cox.net>
Dec 30 17:34:42 IBMUBUNTU1 postfix/smtpd[24338]: disconnect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 17:37:34 IBMUBUNTU1 postfix/smtpd[24346]: connect from
fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 17:37:34 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24346
Dec 30 17:37:34 IBMUBUNTU1 postfix/smtpd[24346]: 60C91101F15:
client=fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 17:37:34 IBMUBUNTU1 postfix/cleanup[24350]: 60C91101F15:
message-id=<201012301736.07378.embed-mobile at xxx.xxx>
Dec 30 17:37:34 IBMUBUNTU1 postfix/qmgr[19282]: 60C91101F15:
from=<embed-mobile at xxx.xxx>, size=1378, nrcpt=1 (queue active)
Dec 30 17:37:34 IBMUBUNTU1 postfix/local[24351]: 60C91101F15:
to=<ran at localhost>, orig_to=<ran at yyy.yyy>, relay=local,
delay=0.3,
delays=0.24/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Dec 30 17:37:34 IBMUBUNTU1 postfix/qmgr[19282]: 60C91101F15: removed
Dec 30 17:37:34 IBMUBUNTU1 postfix/smtpd[24346]: disconnect from
fed1rmmtao103.cox.net[68.230.241.43]
Dec 30 17:40:54 IBMUBUNTU1 postfix/anvil[24341]: statistics: max connection
rate 1/60s for (smtp:68.230.241.39) at Dec 30 17:34:41
Dec 30 17:40:54 IBMUBUNTU1 postfix/anvil[24341]: statistics: max connection
count 1 for (smtp:68.230.241.39) at Dec 30 17:34:41
Dec 30 17:40:54 IBMUBUNTU1 postfix/anvil[24341]: statistics: max cache size 1
at Dec 30 17:34:41
Dec 30 17:55:05 IBMUBUNTU1 postfix/smtpd[24508]: connect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 17:55:05 IBMUBUNTU1 dovecot: auth(default): new auth connection:
pid=24508
Dec 30 17:55:06 IBMUBUNTU1 postfix/smtpd[24508]: 230F2101F19:
client=fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 17:55:06 IBMUBUNTU1 postfix/cleanup[24513]: 230F2101F19:
message-id=<201012301753.38728.embed-mobile at xxx.xxx>
Dec 30 17:55:06 IBMUBUNTU1 postfix/qmgr[19282]: 230F2101F19:
from=<embed-mobile at xxx.xxx>, size=1425, nrcpt=1 (queue active)
Dec 30 17:55:06 IBMUBUNTU1 dovecot: auth(default): master in:
USER#0111#011testing.testing at yyy.yyy#011service=deliver
Dec 30 17:55:06 IBMUBUNTU1 dovecot: auth(default): passwd(testing.testing):
lookup
Dec 30 17:55:06 IBMUBUNTU1 postfix/smtpd[24508]: disconnect from
fed1rmmtao107.cox.net[68.230.241.39]
Dec 30 17:55:16 IBMUBUNTU1 dovecot: auth(default): master out:
USER#0111#011testing.testing#011mail=maildir:/home/testing.testing/Maildir#011system_groups_user=testing.testing#011uid=10001#011gid=10013#011home=/home/LAWLEY/testing.testing
Dec 30 17:55:16 IBMUBUNTU1 dovecot: deliver(testing.testing at yyy.yyy): Fatal:
setgid(10013(domain users)) failed with euid=501(vmail), gid=501(vmail),
egid=501(vmail): Operation not permitted (This binary should probably be
called with process group set to 10013(domain users) instead of 501(vmail))
Dec 30 17:55:16 IBMUBUNTU1 postfix/pipe[24514]: 230F2101F19:
to=<testing.testing at yyy.yyy>, relay=dovecot, delay=11,
delays=0.34/0.01/0/10,
dsn=4.3.0, status=deferred (temporary failure)