dovecot - May 2013 - mixing virtual and system users

Hello all,

I'm setting up a small mail server for aprox 20 users, and I'm trying to
keep it really simple so I went the virtual users as text file way,
following this page :

http://lukas-schulze.de/2012/02/setup-postfix-and-dovecot-on-debian-squeeze-with-users-stored-text-file/

It seemed to work fine except for the 'system' users, and I am stumped
by this. Basically the config does not 'see' /etc/aliases, so mail to
root or mailman are 'Recipient address rejected: User unknown'.

I've added the backup pam as explained by the following page* and tried
many permutations in /etc/postfix/main.cf but still not good, systems
users are rejected. Obviously something is amiss.

* http://wiki2.dovecot.org/Authentication/MultipleDatabases

If someone could point me in the right direction, that would be great.

The system is debian 6, details of the configuration below.

dovecot -n :
------------
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 ext3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/certs/postfix.pem
ssl_key_file: /etc/ssl/private/postfix.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
first_valid_uid: 5000
last_valid_uid: 5000
first_valid_gid: 5000
last_valid_gid: 5000
mail_privileged_group: vmail
mail_location: maildir:/var/vmail/%d/%n/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
lda:
  auth_socket_path: /var/run/dovecot/auth-master
  postmaster_address: postmaster at example.net
  mail_plugins: sieve
  log_path:
auth default:
  mechanisms: plain login
  verbose: yes
  passdb:
    driver: pam
  passdb:
    driver: passwd-file
    args: scheme=CRAM-MD5 /etc/dovecot/users.conf
  userdb:
    driver: static
    args: uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail


postconf -n :
-------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 2
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
mydomain = example.net
myhostname = osiris.example.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = $mydomain
queue_directory = /var/spool/postfix
recipient_delimiter = +
relayhost show_user_unknown_table_name = no
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = hash:/etc/postfix/virtual_mailbox_domains
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_maps
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:5000

/etc/postfix/virtual_mailbox_domains :
--------------------------------------
@example.net OK
@osiris.example.net OK

/etc/postfix/virtual_mailbox_maps :
-----------------------------------
elisabethp at example.net          example.net/elisabethp

/etc/postfix/virtual_alias_maps :
---------------------------------
elisabeth at example.net           elisabethp at example.net


j.

At  7PM +0200 on 26/05/13 you (Julien Beauviala) wrote:
> 
> I'm setting up a small mail server for aprox 20 users, and I'm
trying to
> keep it really simple so I went the virtual users as text file way,
> following this page :
> 
> http://lukas-schulze.de/2012/02/setup-postfix-and-dovecot-on-debian-
> squeeze-with-users-stored-text-file/
While howtos can be useful to see how someone else has solved a similar
problem, they are no substitute for reading and understanding the
documentation yourself.
> It seemed to work fine except for the 'system' users, and I am
stumped
> by this. Basically the config does not 'see' /etc/aliases, so mail
to
> root or mailman are 'Recipient address rejected: User unknown'.
This sounds like a Postfix rather than a Dovecot problem. It's not clear
which users you mean when you say 'system' users, but I note that your
Postfix 'local' users are not delivered through Dovecot. (This would
require setting either local_transport or mailbox_transport.) Postfix
'virtual mailbox' users don't use /etc/aliases (this is a function
of
the local(8) transport) so if you want root at osiris.example.net to go
somewhere sensible you will need to implement that with a Postfix
virtual alias. See the Postfix ADDRESS_CLASS_README.
> I've added the backup pam as explained by the following page* and tried
> many permutations in /etc/postfix/main.cf but still not good, systems
> users are rejected. Obviously something is amiss.
Rejected where? Unless you are talking about SASL auth, this has nothing
to do with Dovecot, and you should ask on a Postfix list.
> * http://wiki2.dovecot.org/Authentication/MultipleDatabases
> 
> If someone could point me in the right direction, that would be great.
> 
> The system is debian 6, details of the configuration below.
> 
> dovecot -n :
> ------------
> # 1.2.15: /etc/dovecot/dovecot.conf
It's a bad idea to set up a new machine with 1.2. The 1.x series is
completely unsupported at this point, so you should really use the
latest 2.1 instead. If you prefer to stick to Debian packages see
http://wiki2.dovecot.org/PrebuiltBinaries#Debian .

[...]
>   userdb:
>     driver: static
>     args: uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
>   userdb:
>     driver: passwd
These two are backwards. Userdb 'static' will always match, so this will
never return user information from /etc/passwd for your system users.

Ben