dovecot - Dec 2012 - Dovecot Virtual Users with Sendmail

I'm trying to get Dovecot working with Virtual Users and Sendmail on
OpenIndiana 151a7.  OpenIndiana is the Open Source continuation of OpenSolaris
after Oracle tried to kill it off a couple of years ago shortly after acquiring
Sun Microsystems.

I'm not sure if this is so much a Dovecot problem, as much of a Sendmail
problem.  I thought this would probably be a better list to start with, though. 
If not, please let me know.

I initially used this Dovecot wiki page to approach this:
Simple Virtual User Installation

http://wiki2.dovecot.org/HowTo/SimpleVirtualInstall

I had to make few minor changes, but I don't think anything significant to
the problem I'm having.

I can log into SquirrelMail with both virtual users, and with system users.

I can send mail to system users from both virtual and system users.

I can see the mail that I sent in the Sent Messages folder for both types of
users.

I just can't send mail to virtual users.  When I try to, I get the following
message:

ERROR:
Message not sent. Server replied:
Requested action not taken: mailbox unavailable
550 5.1.1 <dswebstore at localhost>... User unknown
My configuration info is as follows:

systemuser at openindiana:~# /usr/local/sbin/dovecot --version
2.1.12

systemuser at openindiana:~# /usr/local/sbin/dovecot -n
# 2.1.12: /usr/local/etc/dovecot/dovecot.conf
# OS: SunOS 5.11 i86pc  
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 101
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_location = mbox:/home/vmail/%u/mail:INBOX=/var/mail/%u
passdb {
  args = /usr/local/etc/dovecot/passwd
  driver = passwd-file
}
pop3_uidl_format = %g
protocols = imap pop3
service auth {
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
}
ssl = no
userdb {
  args = uid=vmail gid=vmail home=/home/vmail/%u
  driver = static
}
protocol lda {
  postmaster_address = systemuser at localhost
}

---

My dovecot password file looks something like this, though changed for obvious
security reasons:

systemuser:{PLAIN} systemuserPASS
virtualuser1:{PLAIN}virtualuser1PASS
virtualuser2:{PLAIN}virtualuser2PASS


---

I read on this page that I needed to put the following in my sendmail dovecot.m4
file:

Dovecot LDA with Sendmail
http://wiki2.dovecot.org/LDA/Sendmail

So this is my dovecot.m4 file, which shows up in my sendmail.cf file after
recompiling my sendmail.mc file.

######################*****##############
###   DOVECOT Mailer specification                              ###
##################*****##################
Mdovecot,   P=/usr/local/libexec/dovecot/dovecot-lda, F=DFMPhnu9,
                 S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
                 T=DNS/RFC822/X-Unix,
                 A=/usr/local/libexec/dovecot/dovecot-lda -d $u
                 

---

Finally, this is my sendmail.mc file:

divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
#	The Regents of the University of California.  All rights reserved.
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#  This is a configuration file for SunOS 5.8 (a.k.a. Solaris 8) and later
#  subsidiary machines.  It has support for local and SMTP mail.  The
#  confFALLBACK_SMARTHOST macro is enabled, which means that messages will
#  be sent to that host (which is set to mailhost.$m [$m is the local domain])
#  if MX records are unavailable.  A short-cut rule is also defined, which
#  says if the recipient host is in the local domain, send to it directly
#  instead of the smart host.
#
#  If you want to customize this further, copy it to a name appropriate
#  for your environment and do the modifications there.
#

divert(0)dnl
VERSIONID(`sendmail.mc (Sun)')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

MAILER(`local')dnl
MAILER(`smtp')dnl

MAILER(`procmail')dnl
MAILER(`dovecot')dnl


LOCAL_NET_CONFIG
R$* < @ $* .$m. > $*	$#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3


---

I think it is obvious that it is a problem with Sendmail not recognizing
Dovecot's virtual users.  But how do I fix it?

If anyone could help me with this, I would *greatly* appreciate it.  I've
been picking away at this for about three weeks now, and I'm pretty much out
of ideas of anything else to try.

Cordially,

Peter, hieromonk

----
Dormition Skete
 Monastery Website:  http://www.DormitionSkete.org
 Convent Website:  http://www.HolyApostlesConvent.org
----

Dovecot has no problem with virtual users, but Sendmail's idea of
virtual users is not quite as 'virtual'.

One possible solution: http://www.cs.fsu.edu/~langley/USVH-tr.pdf
That was 2007.. so perhaps somebody has written this up in a more
concise way..

or you can wrestle with ldap. :-(

or switch MTAs.

Ken A.

On 12/30/2012 9:19 PM, DormitionSkete at hotmail.com
wrote:
> I'm trying to get Dovecot working with Virtual Users and Sendmail on
OpenIndiana 151a7.  OpenIndiana is the Open Source continuation of OpenSolaris
after Oracle tried to kill it off a couple of years ago shortly after acquiring
Sun Microsystems.
> 
> I'm not sure if this is so much a Dovecot problem, as much of a
Sendmail problem.  I thought this would probably be a better list to start with,
though.  If not, please let me know.
> 
> I initially used this Dovecot wiki page to approach this:
> Simple Virtual User Installation
> 
> http://wiki2.dovecot.org/HowTo/SimpleVirtualInstall
> 
> I had to make few minor changes, but I don't think anything significant
to the problem I'm having.
> 
> I can log into SquirrelMail with both virtual users, and with system users.
> 
> I can send mail to system users from both virtual and system users.
> 
> I can see the mail that I sent in the Sent Messages folder for both types
of users.
> 
> I just can't send mail to virtual users.  When I try to, I get the
following message:
> 
> ERROR:
> Message not sent. Server replied:
> Requested action not taken: mailbox unavailable
> 550 5.1.1 <dswebstore at localhost>... User unknown
> My configuration info is as follows:
> 
> systemuser at openindiana:~# /usr/local/sbin/dovecot --version
> 2.1.12
> 
> systemuser at openindiana:~# /usr/local/sbin/dovecot -n
> # 2.1.12: /usr/local/etc/dovecot/dovecot.conf
> # OS: SunOS 5.11 i86pc  
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_uid = 101
> info_log_path = /var/log/dovecot-info.log
> log_path = /var/log/dovecot.log
> mail_location = mbox:/home/vmail/%u/mail:INBOX=/var/mail/%u
> passdb {
>   args = /usr/local/etc/dovecot/passwd
>   driver = passwd-file
> }
> pop3_uidl_format = %g
> protocols = imap pop3
> service auth {
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0600
>     user = vmail
>   }
> }
> ssl = no
> userdb {
>   args = uid=vmail gid=vmail home=/home/vmail/%u
>   driver = static
> }
> protocol lda {
>   postmaster_address = systemuser at localhost
> }
> 
> ---
> 
> My dovecot password file looks something like this, though changed for
obvious security reasons:
> 
> systemuser:{PLAIN} systemuserPASS
> virtualuser1:{PLAIN}virtualuser1PASS
> virtualuser2:{PLAIN}virtualuser2PASS
> 
> 
> ---
> 
> I read on this page that I needed to put the following in my sendmail
dovecot.m4 file:
> 
> Dovecot LDA with Sendmail
> http://wiki2.dovecot.org/LDA/Sendmail
> 
> So this is my dovecot.m4 file, which shows up in my sendmail.cf file after
recompiling my sendmail.mc file.
> 
> ######################*****##############
> ###   DOVECOT Mailer specification                              ###
> ##################*****##################
> Mdovecot,   P=/usr/local/libexec/dovecot/dovecot-lda, F=DFMPhnu9,
>                  S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
>                  T=DNS/RFC822/X-Unix,
>                  A=/usr/local/libexec/dovecot/dovecot-lda -d $u
>                  
> 
> ---
> 
> Finally, this is my sendmail.mc file:
> 
> divert(-1)
> #
> # Copyright (c) 1983 Eric P. Allman
> # Copyright (c) 1988, 1993
> #	The Regents of the University of California.  All rights reserved.
> #
> # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
> # Use is subject to license terms.
> #
> #  This is a configuration file for SunOS 5.8 (a.k.a. Solaris 8) and later
> #  subsidiary machines.  It has support for local and SMTP mail.  The
> #  confFALLBACK_SMARTHOST macro is enabled, which means that messages will
> #  be sent to that host (which is set to mailhost.$m [$m is the local
domain])
> #  if MX records are unavailable.  A short-cut rule is also defined, which
> #  says if the recipient host is in the local domain, send to it directly
> #  instead of the smart host.
> #
> #  If you want to customize this further, copy it to a name appropriate
> #  for your environment and do the modifications there.
> #
> 
> divert(0)dnl
> VERSIONID(`sendmail.mc (Sun)')
> OSTYPE(`solaris8')dnl
> DOMAIN(`solaris-generic')dnl
> define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
> 
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> 
> MAILER(`local')dnl
> MAILER(`smtp')dnl
> 
> MAILER(`procmail')dnl
> MAILER(`dovecot')dnl
> 
> 
> LOCAL_NET_CONFIG
> R$* < @ $* .$m. > $*	$#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
> 
> 
> ---
> 
> I think it is obvious that it is a problem with Sendmail not recognizing
Dovecot's virtual users.  But how do I fix it?
> 
> If anyone could help me with this, I would *greatly* appreciate it. 
I've been picking away at this for about three weeks now, and I'm pretty
much out of ideas of anything else to try.
> 
> Cordially,
> 
> Peter, hieromonk
> 
> ----
> Dormition Skete
>  Monastery Website:  http://www.DormitionSkete.org
>  Convent Website:  http://www.HolyApostlesConvent.org
> ---- 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
-- 
Ken Anderson
Pacific Internet - http://www.pacific.net
Latest Pacific.Net Status - http://twitter.com/pacnetstatus

Well our situation is kind of like this:

We've been using UW-Imap for 12-15 years, and have loved it.  It has a
beauty and simplicity to it that is simply wonderful.

We're located in a remote part of the Rocky Mountains, and the only internet
connection we can get that's faster than a dial-up is a satellite.  Lousy
upload speeds.  Can't host our own sites here.

We've been hosting our sites on one of our parishioner's servers for
years; but through the years, that's become more and more problematic, and
we'd like to do more with it than we currently can.

We'd like to set up our own server at our guest house in town.  I wanted to
use OpenIndiana (Solaris) to take advantage of some of the really amazing
features it has.  So, I set up UW-Imap on it.  Works great.  Glory be to our
holy God.  The problem is, after I got all that working, I went to set up the
users for it, and discovered the GUI for creating the users won't allow me
to add any users with usernames longer than eight characters.

I'm not real dependent on GUI's, and a quick search on the net told me
that I can easily add the users with the long user names from the command line.

So, I asked on the UW-Imap and on the OpenIndiana list for people's
experience about this.  Two people said they'd been using long user names on
Solaris and BSD for years without any problems, while two others recommended
changing to an IMAP server that supports virtual users.  One of those
recommended Dovecot.  So I started looking at Dovecot.

I'm not real keen on Sendmail, but to make matters worse, we host our own
email on our server here in the mountains.  Since we can't get reverse DNS
set up for our satellite connection, we have to relay our emails through our
parishioner's server, which does have reverse DNS, or else most people's
email servers reject them as spam.  We also need to be able to send and receive
emails from multiple domains.

So, I have to be able to figure out how to do both parts of the relay -- our
part where we tell our MTA to relay it through the other host, and what will
become the server at our guest house to accept those emails and relay them on to
the recipients.  And the multiple domain issue.

I can do all this with UW-Imap and Sendmail, because we've already done all
the fighting necessary to get it to work.  We've been doing it for years. 
It just leaves us with the question of whether it's better to go with using
UW-Imap on a system that's not designed to support long user names, and
possibly getting bit by that, or whether it's better to fight it out trying
to learn all this other stuff with a different IMAP server and MTA?

Fun!

I could probably get Cyrus IMAP to work with Sendmail, because I tried it
briefly years ago and already have gone through the grief of figuring that out. 
But I didn't particularly care for it.  One of the things I like most about
UW-Imap -- and Dovecot shares this -- is that it's easy to backup, restore
inadvertently deleted directories, and to move emails from one server to
another.  From what I remember, Cyrus wasn't so friendly about that.  And it
was more difficult to administer than UW-Imap and Dovecot.

After reading the 13-page article Ken posted this afternoon, I started looking
at Postfix.  My impression is, that maybe this might be a good route to try. 
Dovecot - PostFix - and if I'm going to go through all that, I might as well
go with Sieve, instead of Procmail, like we've been using for years.  I used
Sieve briefly with Cyrus.  I've never been thrilled with Procmail.

So, with all that background, if anyone would like to share any suggestions or
advice, I would certainly appreciate it.

Cordially,

Peter, hieromonk



On Dec 31, 2012, at 8:34 PM, Noel Butler wrote:
> On Mon, 2012-12-31 at 16:52 -0700, DormitionSkete at hotmail.com wrote:
>> 
>> Thank you very much for the article.  It was quite interesting.  All
thirteen pages!
>> 
>> Unless somebody else posts that they've managed to get Sendmail to
work with Dovecot virtual users, then I think your suggestion to look at a
different MTA might just be the best route to take.
>> 
>> Thank you again.  I do appreciate it.
>> 
>> I hope you have a happy new year!  -- All year long!!
>> 
>> fp
>> 
>> 
> Hi,
> Years (well decade) ago we used Sendmail, then we started having more
domains, it was getting very messy, the choice was move to Cyrus or change our
MTA,Cyrus was a maze of bdb hell it was very picky, so it never made it off the
dev box, moved to qmail with vpopmail , but then qmail was useless as a ..... on
a bull, so we used sendmail up front redirecting to qmail, in 2008 we re
structured and moved to postfix and dovecot and never looked back since.
> 
> If you don't have a central portal, there is code out there to allow
you and your domain managers and their users to manage their mail, postfixadmin
(I never really liked) or  vmail manager  GRS from grsoft, wrote by Peter
Gutwein which is what I use personally.
> 
> I was a long time fan of sendmail, but I tried to get mysql options
included to make virtual users easy, but it was decided that would not happen,
and as I predicted, sendmails popularity would suffer because of it, since
postfix w/mysql is a breeze.
> 
> So learn from everyone else's lessons, and give very serious
consideration to changing your  setup now, before you get too big an the change
will become a nightmare <face-smile.png>
> 
>

On 12/31/2012 04:19 AM, DormitionSkete at hotmail.com
wrote:
> [...]
1) Do you use virtual users with or without domain part?
[virtual-user or virtual-user at exaple.net ]
2) How many entries do you have in paswdb/userdb files?
[<100,<1000,....]
3) Is SMTP AUTH crucial for virtual users?

On Jan 2, 2013, at 4:14 PM, Andrzej A. Filip wrote:
> On 01/02/2013 08:46 PM, DormitionSkete at hotmail.com wrote:
>> On Jan 2, 2013, at 11:12 AM, Andrzej A. Filip wrote:
>> 
>>> On 01/02/2013 06:53 PM, DormitionSkete at hotmail.com wrote:
>>>> [...]
>>>> This is the mail header from the mqueue:
>>>> 
>>>> [...]
>>>> MDeferred: dovecot mailer
(/usr/local/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL
>>>> [...]
>>> 
>>> Check dovecot's logs
>>> If it does not help the push delivery of messages ni sendmail's
queue in
>>> verbose mode: "sendmail -Am -v -q"
>> 
>> Well, the logs showed this:
>> 
>> Sep 21 21:47:08 openindiana sendmail[1208]: [ID 702911 mail.warning]
gethostbyaddr(10.211.55.6) failed: 2
>> Sep 21 21:47:08 openindiana sendmail[1208]: [ID 702911 mail.warning]
gethostbyaddr(IPv6:fec0::fea9:21c:42ff:feed:5f38) failed: 2
> 
> I have asked for _dovecot's_ logs. Your problem may be caused e.g. by
> sendail executing dovecot-lda "as wrong user".
> 
>> So I put this in my /etc/hosts file:
>> 
>> 10.211.55.6 localhost
>> 
>> And I added DOVECOT to my /etc/hosts 127.0.0.1 line.  
> 
> *DO NOT* add DOVECOT (magic word in sendail config) to /etc/hosts.
> 
>> This cleared the queue, but now all of the mail for the virtual users
bounces with this:
>> The original message was received at Wed, 2 Jan 2013 11:16:27 -0700
(MST)
>> from openindiana [IPv6:::1]
>> 
>>   ----- The following addresses had permanent fatal errors -----
>> <hacwebstore at localhost>
>>    (reason: 550 5.1.1 User unknown)
>> hacwebstore at DOVECOT
>>    (reason: 550 5.1.1 User unknown)
>>    (expanded from: <hacwebstore at localhost>)
>> 
>>   ----- Transcript of session follows -----
>> 550 5.1.1 hacwebstore at DOVECOT... User unknown
>> 550 5.1.1 <hacwebstore at localhost>... User unknown
>> 
>> 
>> 
>> Then I took the DOVECOT out of the 127.0.0.1 line, and it still bounces
with the same error.
>> 
>> How would I invoke this:  "sendmail -Am -v -q"  ?  Change my
startup script?
> 
> It is intended as one time debug help. It should show in more verbose
> way delivery attempts of messages staying in sendail's queue.
> 
> 
> Another test: As root try to deliver message to virtual dovecot mailbox:
> /usr/lib/dovecot-lda -d hacwebstore
> 

Please forgive me, Andrzej.  I did not realize you wanted me to actually send
you the logs.  I thought you only meant for me to look to see if there was
anything helpful in them.

They do not show much.  If I restart dovecot and sendmail, this is basically
what I get.  If I try to send any mail, nothing shows up in dovecot's log. 
All that shows up anywhere is my logging into squirrelmail.


network-dovecot-default.log

[ Jan  2 21:52:07 Stopping because service restarting. ]
[ Jan  2 21:52:07 Executing stop method ("/lib/svc/method/dovecot.sh
stop"). ]
[ Jan  2 21:52:07 Method "stop" exited with status 0. ]
[ Jan  2 21:52:07 Executing start method ("/lib/svc/method/dovecot.sh
start"). ]
[ Jan  2 21:52:07 Method "start" exited with status 0. ]

dovecot-info.log

Jan 02 21:54:48 master: Info: Dovecot v2.1.12 starting up

dovecot.log

Jan 02 21:54:48 master: Warning: Killed with signal 2 (by pid=2587 uid=0
code=kill)

syslog

Sep 21 21:47:08 openindiana sendmail[1208]: [ID 702911 mail.warning]
gethostbyaddr(10.211.55.6) failed: 2
Sep 21 21:47:08 openindiana sendmail[1208]: [ID 702911 mail.warning]
gethostbyaddr(IPv6:fec0::fea9:21c:42ff:feed:5f38) failed: 2

---

systemuser at openindiana:~# /usr/local/libexec/dovecot/dovecot-lda -d
hacwebstore

I had to modify the path to get it to work in Solaris.  When I ran it as above,
it sent a blank email to hacwebstore.

So, lda appears to be working, but sendmail doesn't?

---

Here is the dovecot portion of my sendmail.cf file again, for your convenience. 
Does it appear ok to you?


######################*****##############
###   DOVECOT Mailer specification                              ###
##################*****##################
Mdovecot,   P=/usr/local/libexec/dovecot/dovecot-lda, F=DFMPhnu9,
                 S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL,
                 T=DNS/RFC822/X-Unix,
                 A=/usr/local/libexec/dovecot/dovecot-lda -d $u
                 

---

I do have an odd behaviour I noticed in my syslog.  It has the wrong date!  Very
odd.

Thank you again, Andrzej, for all of your help with this.  I appreciate it very
much.

Do you think it is solvable?