Hello, I'm trying to work through an issue that cropped up on a server I've been working on and haven't found a very good workaround. Dovecot is operating in a jailed environment. The configuration in dovecot-sql.conf.ext has been set appropriately with the host=127.0.0.1 (which works from a jailed environment) and when dovecot attempts to auth it appears to perform a reverse dns lookup and overwrites the host with the result localhost before using the msql credentials 'user'@'localhost' which then fails after timing out. I'm currently running version 2.2.33.2 of dovecot. The workaround seems to be to have two credentials for the same user. 'user@'localhost' and 'user'@'127.0.0.1'; postfix operates in a jail as well and works around the jail issue in the same way but doesn't overwrite the specified host with a reverse dns lookup. Anyone have any suggestions on how to handle this issue better? or maybe there's a way to force different behavior which I haven't yet found in the documentation? Any help is much appreciated. Best Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190629/c9036478/attachment.html>
> > > Hello, I'm trying to work through an issue that cropped up on a server I've been working on and haven't found a very good workaround. > > Dovecot is operating in a jailed environment. > > The configuration in dovecot-sql.conf.ext has been set appropriately with the host=127.0.0.1 (which works from a jailed environment) and when dovecot attempts to auth it appears to perform a reverse dns lookup and overwrites the host with the result localhost before using the msql credentials 'user'@'localhost' which then fails after timing out. > > I'm currently running version 2.2.33.2 of dovecot. > > The workaround seems to be to have two credentials for the same user. > 'user@'localhost' and 'user'@'127.0.0.1'; > postfix operates in a jail as well and works around the jail issue in the same way but doesn't overwrite the specified host with a reverse dns lookup. > > Anyone have any suggestions on how to handle this issue better? or maybe there's a way to force different behavior which I haven't yet found in the documentation? > > Any help is much appreciated. > > Best Regards.Hi! The 127.0.0.1 issue is actually a MySQL issue, unfortunately. " On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs: the client connects using a Unix socket file. The --socket option or the MYSQL_UNIX_PORT environment variable may be used to specify the socket name. " So not really something we could do much about. Aki
On 30/06/2019 13:36, Aki Tuomi via dovecot wrote:>> >> Hello, I'm trying to work through an issue that cropped up on a server I've been working on and haven't found a very good workaround. >> >> Dovecot is operating in a jailed environment. >> >> The configuration in dovecot-sql.conf.ext has been set appropriately with the host=127.0.0.1 (which works from a jailed environment) and when dovecot attempts to auth it appears to perform a reverse dns lookup and overwrites the host with the result localhost before using the msql credentials 'user'@'localhost' which then fails after timing out. >> >> I'm currently running version 2.2.33.2 of dovecot. >> >> The workaround seems to be to have two credentials for the same user. >> 'user@'localhost' and 'user'@'127.0.0.1'; >> postfix operates in a jail as well and works around the jail issue in the same way but doesn't overwrite the specified host with a reverse dns lookup. >> >> Anyone have any suggestions on how to handle this issue better? or maybe there's a way to force different behavior which I haven't yet found in the documentation? >> >> Any help is much appreciated. >> >> Best Regards. > Hi! > > The 127.0.0.1 issue is actually a MySQL issue, unfortunately. > > " On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs: the client connects using a Unix socket file. The --socket option or the MYSQL_UNIX_PORT environment variable may be used to specify the socket name. " > > So not really something we could do much about. > > AkiAki it is possible to force the use of tcp socket instead of unix socket by specifying an ip instead of the hostname localhost. As I understood it Nathan is specifying 127.0.0.1 so that will connect with tcp socket. John