-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Mar 2015, Oliver Welter wrote:> Am 02.03.2015 um 06:03 schrieb Dan LaSota: >> I have dovecot version 2.2.10 >> dovecot -n output below >> >> I am seeing connection errors being written to my dovecot error log: >> Mar 1 19:51:15 mail dovecot: auth-worker(2224): Error: mysql(localhost): >> Connect failed to database (servermail): Access denied for user >> 'usermail'@'localhost' (using password: YES) - waiting for 5 seconds before >> retry >> > > Just some quick ideas > * check if the mysql socket file has rw permissions for the dovecot user > * Try to run the mysql query as user dovecot (su dovecot) > * Try to set the local ip instead of localhost (mysql makes a difference in > the ACL checks if you come from localhost)(Y) in addition: * Did mysql logged something useful? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVPQYN3z1H7kL/d9rAQLyRwgAlasqa/rDY86UmYHF2+e/Q5++oCC/8n0a 0sCyQdY8SVJA8jsZbL4+B/F9lwkMA+7gSkiSDuLQWM/c7VotBhQ5AvZKOXfEUmCZ DFH7J2dZMwPjAubcdjjp2lnA97NS4wt3+dqyo4ezCEcc+ZKjDh8QSuPAO8xRP1Dq pK/47DYi9yyz0dExQlQ1Fx1w792n4igCuPySThT03k+yRZpx4x5Va4/s0TM5ZwLP JaRZWo8IzzWjFWvCZQDGWCpy1+TWNTN1NUAfN2ngZSxWGq0mpPX9dFerXJdgyBzg LCYGkufOO1FjlT+bRDqezBf/ps5MJsObeJr/Z816u1JdCS2Uc49CbQ==Z7XP -----END PGP SIGNATURE-----
>> >> Just some quick ideas >> * check if the mysql socket file has rw permissions for the dovecot user# ls -l /var/lib/mysql/mysql.sock srwxrwxrwx. 1 mysql mysql 0 Mar 1 19:33 /var/lib/mysql/mysql.sock>> >> * Try to run the mysql query as user dovecot (su dovecot)The dovecot user I set up is a non-interactive user /sbin/nologin I studied different setup guides, and all of them suggested setting up dovecot with a non-interactive shell. However the mysql client is world executable: # ls -l /bin/mysql -rwxr-xr-x. 1 root root 3533008 Feb 5 05:47 /bin/mysql>> * Try to set the local ip instead of localhost (mysql makes a difference in the ACL checks if you come from localhost)I have tried with connect = host=localhost dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh' and connect = host=127.0.0.1 dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh' still doesn't work: Mar 2 04:58:48 mail dovecot: auth-worker(5745): Error: mysql(127.0.0.1): Connect failed to database (servermail): Access denied for user 'usermail'@'localhost' (using password: YES) - waiting for 1 seconds before retry> > > * Did mysql logged something useful?I have turned on general-log in MySQL (actually mariadb): A few things to note: connection 221 is me manually logging into the server from the command line. The other numbers are dovecot. I'm using the same credentials as the dovecot config files. (not sure if this is useful or not) 221 Connect mailuser at localhost as anonymous on 221 Query select @@version_comment limit 1 150302 9:18:33 221 Query show databases 150302 9:18:38 221 Query SELECT DATABASE() 221 Init DB servermail 221 Query show databases 221 Query show tables 221 Field List virtual_aliases 221 Field List virtual_domains 221 Field List virtual_users 150302 9:18:43 221 Query show tables 150302 9:18:50 222 Connect usermail at localhost as anonymous on servermail 222 Connect Access denied for user 'usermail'@'localhost' (using password: YES) 223 Connect usermail at localhost as anonymous on servermail 223 Connect Access denied for user 'usermail'@'localhost' (using password: YES) 150302 9:18:56 221 Query select * from virtual_users 150302 9:19:19 224 Connect usermail at localhost as anonymous on servermail 224 Connect Access denied for user 'usermail'@'localhost' (using password: YES) 213 Quit 214 Quit 215 Quit 150302 9:19:20 225 Connect usermail at localhost as anonymous on servermail 225 Connect Access denied for user 'usermail'@'localhost' (using password: YES) 150302 9:19:24 221 Quit 150302 9:19:25 226 Connect usermail at localhost as anonymous on servermail 226 Connect Access denied for user 'usermail'@'localhost' (using password: YES) 150302 9:19:50 227 Connect usermail at localhost as anonymous on servermail 227 Connect Access denied for user 'usermail'@'localhost' (using password: YES) Dan LaSota Instructional Designer, UAF eLearning (907) 451-4067 dan.lasota at alaska.edu http://elearning.uaf.edu
Am 02.03.2015 um 19:30 schrieb Dan LaSota:>>> Just some quick ideas >>> * check if the mysql socket file has rw permissions for the dovecot user > > # ls -l /var/lib/mysql/mysql.sock > srwxrwxrwx. 1 mysql mysql 0 Mar 1 19:33 /var/lib/mysql/mysql.sockthat's not the problem> I have tried with > connect = host=localhost dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh' > and > connect = host=127.0.0.1 dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh' > > still doesn't work: > Mar 2 04:58:48 mail dovecot: auth-worker(5745): Error: mysql(127.0.0.1): Connect failed to database (servermail): Access denied for user 'usermail'@'localhost' (using password: YES) - waiting for 1 seconds before retrythat is a pretty clear message the username / password / host is wrong, fix your mysql permissions and keep in mind that localhost != 127.0.0.1 in that context the user with that password from that host is not allowed - period -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150302/75aa57ea/attachment.sig>
Am 02.03.2015 um 19:30 schrieb Dan LaSota:>>> >>> Just some quick ideas >>> * check if the mysql socket file has rw permissions for the dovecot user > > # ls -l /var/lib/mysql/mysql.sock > srwxrwxrwx. 1 mysql mysql 0 Mar 1 19:33 /var/lib/mysql/mysql.sock >>> >>> * Try to run the mysql query as user dovecot (su dovecot) > > The dovecot user I set up is a non-interactive user > /sbin/nologinYou can use "su dovecot -s /bin/bash" to override the configured shell (or temporary set the users shell using "usermod").> However the mysql client is world executable:doevcot should not need the client (its build in)>>> * Try to set the local ip instead of localhost (mysql makes a difference in the ACL checks if you come from localhost) > > I have tried with > connect = host=localhost dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh' > and > connect = host=127.0.0.1 dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh'Do you really have a dollar sign in the password? This is always a suspicious candidate - try a password without the dollar sign (I dont know if/what dovecot requires escaping) Oliver -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4074 bytes Desc: S/MIME Cryptographic Signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150302/2849a463/attachment.p7s>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Mar 2015, Dan LaSota wrote:> connect = host=localhost dbname=servermail user='usermail' password='gjwslegosoghjshloehg$_jsdgh'Honestely, I do not know whether and how you have / can quote strings, but try: 1) to not quote at all 2) use " 3) use a password without $ - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVPVke3z1H7kL/d9rAQJMpwf/c23CpNdb2jRtjw3LcMdDZmO19ylMJdZJ 9rBtse0zWpyCLZ60pCLvhWh/jZSHmXGofV3oTaJl9CXuK8/jVMSzfYzCpV4gPU4l fBT+QT6q6HnmfhtWH746wV/l18arp0uOa/D/sbI10Zjx/m16mj6md0FAVxAGklnw m2vzKXWPOj7HBXQwlDoZdPt8S08JOZE9Q6WSkhXpjsF2oGH6i61yckdrtEWs/N0n U2NtTZTGmMOm+8jRq1ljSdPEJYT6k93e1pw2wmA2zH5ODr9AQspsfyWbL3dmChKl 2RtzUsajfQwiwnaIOzgur8KHoFDS8Tm+sFLmiSAqrr8AeQyRBlLWbg==5UDi -----END PGP SIGNATURE-----