dovecot - Jul 2016 - Postfix/dovecot: user unrecognized, file permissions being misread

On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn
wrote:
> doveconf -n would be helpful
Thank you:
lavarre:/var/mail/vhosts/privustech.com # doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.8 (0c4ae064f307+)

# OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4

auth_mechanisms = plain login

auth_verbose = yes

listen = *

log_path = /var/log/dovecot.log

mail_debug = yes

mail_location = maildir:/var/mail/vhosts/%d/%n

maildir_very_dirty_syncs = yes

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded
-character vacation subaddress comparator-i;ascii-numeric r
elational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate

namespace inbox {

  inbox = yes

  location =  
  mailbox Drafts {

    special_use = \Drafts

  }

  mailbox Junk {

    special_use = \Junk

  }

  mailbox Sent {

    special_use = \Sent

  }

  mailbox "Sent Messages" {

    special_use = \Sent

  }

  mailbox Trash {

    special_use = \Trash

  }

  prefix =  
}

passdb {

  driver = pam

}

passdb {

  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

  driver = passwd-file

}

plugin {

  sieve = ~/.dovecot.sieve

  sieve_after = /var/mail/vmail/sieve-after

  sieve_before = /var/mail/vmail/sieve-before

  sieve_dir = ~/sieve

}

protocols = imap pop3 sieve

service auth {

  unix_listener /var/spool/postfix/private/auth {

    group = postfix

    mode = 0666

    user = postfix

  }

}

service imap-login {

  inet_listener imaps {

    port = 993

    ssl = yes

  }

}

service lmtp {

  unix_listener /var/spool/postfix/private/lmtp {

    group = postfix

    mode = 0600

    user = postfix

  }

}

service pop3-login {

  inet_listener pop3s {

    port = 995

    ssl = yes

  }

}

ssl = required

ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem

ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt

ssl_dh_parameters_length = 2048

ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key

ssl_options = no_compression

ssl_prefer_server_ciphers = yes

userdb {

  driver = passwd

}

userdb {

  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n

  driver = static

}

verbose_ssl = yes

protocol lda {

  deliver_log_format = msgid=%m: %$

  mail_plugins = sieve

  postmaster_address = postmaster at privustech.com

  quota_full_tempfail = yes

  rejection_reason = Your message to <%t> was automatically
rejected:%n%r

}

protocol imap {

  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep

  mail_max_userip_connections = 10

}

On 16-07-03 18:17:48, C. Andrews Lavarre wrote:
> On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn wrote:
> > doveconf -n would be helpful
> Thank you:
> lavarre:/var/mail/vhosts/privustech.com # doveconf -n
> # 2.2.18: /etc/dovecot/dovecot.conf
> 
> # Pigeonhole version 0.4.8 (0c4ae064f307+)
> 
> # OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4
> 
> auth_mechanisms = plain login
> 
> auth_verbose = yes
> 
> listen = *
> 
> log_path = /var/log/dovecot.log
> 
> mail_debug = yes
> 
> mail_location = maildir:/var/mail/vhosts/%d/%n
> 
> maildir_very_dirty_syncs = yes
> 
> managesieve_notify_capability = mailto
> 
> managesieve_sieve_capability = fileinto reject envelope encoded
> -character vacation subaddress comparator-i;ascii-numeric r
> elational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate
> 
> namespace inbox {
> 
>   inbox = yes
> 
>   location =  
>   mailbox Drafts {
> 
>     special_use = \Drafts
> 
>   }
> 
>   mailbox Junk {
> 
>     special_use = \Junk
> 
>   }
> 
>   mailbox Sent {
> 
>     special_use = \Sent
> 
>   }
> 
>   mailbox "Sent Messages" {
> 
>     special_use = \Sent
> 
>   }
> 
>   mailbox Trash {
> 
>     special_use = \Trash
> 
>   }
> 
>   prefix =  
> }
> 
> passdb {
> 
>   driver = pam
> 
> }
> 
> passdb {
> 
>   args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
> 
>   driver = passwd-file
> 
> }
Double check me, but I think you only want (1) passdb {} block.
> 
> plugin {
> 
>   sieve = ~/.dovecot.sieve
> 
>   sieve_after = /var/mail/vmail/sieve-after
> 
>   sieve_before = /var/mail/vmail/sieve-before
> 
>   sieve_dir = ~/sieve
> 
> }
> 
> protocols = imap pop3 sieve
> 
> service auth {
> 
>   unix_listener /var/spool/postfix/private/auth {
> 
>     group = postfix
> 
>     mode = 0666
> 
>     user = postfix
> 
>   }
> 
> }
> 
> service imap-login {
> 
>   inet_listener imaps {
> 
>     port = 993
> 
>     ssl = yes
> 
>   }
> 
> }
> 
> service lmtp {
> 
>   unix_listener /var/spool/postfix/private/lmtp {
> 
>     group = postfix
> 
>     mode = 0600
> 
>     user = postfix
> 
>   }
> 
> }
> 
> service pop3-login {
> 
>   inet_listener pop3s {
> 
>     port = 995
> 
>     ssl = yes
> 
>   }
> 
> }
> 
> ssl = required
> 
> ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem
> 
> ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt
> 
> ssl_dh_parameters_length = 2048
> 
> ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key
> 
> ssl_options = no_compression
> 
> ssl_prefer_server_ciphers = yes
> 
> userdb {
> 
>   driver = passwd
> 
> }
> 
> userdb {
> 
>   args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
> 
>   driver = static
> 
> }
Same here and make sure driver = "passdb driver".
> 
> verbose_ssl = yes
> 
> protocol lda {
> 
>   deliver_log_format = msgid=%m: %$
> 
>   mail_plugins = sieve
> 
>   postmaster_address = postmaster at privustech.com
> 
>   quota_full_tempfail = yes
> 
>   rejection_reason = Your message to <%t> was automatically
> rejected:%n%r
> 
> }
> 
> protocol imap {
> 
>   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> 
>   mail_max_userip_connections = 10
> 
> }
I also noticed your certificate chain is broken.

http://wiki2.dovecot.org/TestInstallation

-- 
Edgar Pettijohn

Hello all. Thanks to Edgar for the below, but we still have a
curiosity:
On Sun, 2016-07-03 at 17:31 -0500, Edgar Pettijohn
wrote:
> On 16-07-03 18:17:48, C. Andrews Lavarre wrote:
> > On Sun, 2016-07-03 at 15:56 -0500, Edgar Pettijohn wrote:
> > > doveconf -n would be helpful
> Double check me, but I think you only want (1) passdb {} block.
> ...
> Same here (userdb {)
Agree on both, thank you. There are a huge number of files expressing p
assdb { and userdb { but most are commented out.
The undesirables were from conf.d/auth-system.conf.ext that I have now
entirely commented out, since we are not using system users.
> (and make sure driver = "passdb driver".
> 
Presumably this means in auth-passwd-file.conf.ext:
> 	> userdb {
> 		>   driver = passdb driver
This was commented out.
I changed it as you say, but it doesn't like it:
	auth: Fatal: Unknown userdb driver 'passdb driver'

so I changed it back to

	driver = passwd-file

Now we have no dovecot.log errors, except:
	The reported error was "IMAP server said BYE: Disconnected:
Auth process broken
Tomorrow is another day. 
I attach the 
lavarre:/etc/dovecot # doveconf -n >lavarre-160705_conf.txt


Thank you again.
Kind regards, Andy
-------------- next part --------------
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 4.1.26-21-default x86_64 openSUSE 42.1 (x86_64) ext4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
listen = *
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:/var/mail/vhosts/%d/%n
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
  driver = passwd-file
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_after = /var/mail/vmail/sieve-after
  sieve_before = /var/mail/vmail/sieve-before
  sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem
ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt
ssl_dh_parameters_length = 2048
ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = passwd-file
}
verbose_ssl = yes
protocol lda {
  deliver_log_format = msgid=%m: %$
  mail_plugins = sieve
  postmaster_address = postmaster at privustech.com
  quota_full_tempfail = yes
  rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
  mail_max_userip_connections = 10
}