Steffen Kaiser
2016-Aug-03 04:44 UTC
service-specific userdb affecting lmtp, quota-service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 2 Aug 2016, Michael Fox wrote:> Update: > > I was able to eliminate the /var/log/mail.err error messages (shown below) > by creating a userdb.quota-status and userdb.lmtp passwd-file. However, > since userdb.pop3 and userdb.imap will have different extra-fields values > for namespace (different namespace/xxx/inbox=yes values) I can't simply > create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 and > userdb.imap. At a minimum, the extra-fields namespace info has to be left > out.do LMTP and Quota-status fail, if you symlink them to the imap version?> So this creates the question: For each service, which fields does the > userdb need to contain? I can't find that documented anywhere. > > For example, for the quota-status service, I presume the following are > needed: > -- username > -- home directory (since mail_location = maildir:~/Maildir) > -- any "quota=" overrides in the extra-fields > -- nothing else > > Is that right? > > > And I presume userdb.lmtp needs to return: > -- username > -- home directory (since mail_location = maildir:~/Maildir) > -- nothing else > > Is that right? > > Thanks, > Michael > > >> -----Original Message----- >> >> The service specific passwd-file userdb is causing quota-status and lmtp >> to >> fail. >> >> Using: >> userdb { >> args = ... /etc/dovecot/auth.d/%d/userdb.%s >> } >> >> I'm getting the following in /var/log/mail.err when I try to send/receive >> mail: >> >> Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: >> passwd-file(mefpop at email.n6mef.org): >> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: >> Address family not supported by protocol >> Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: >> passwd-file(mefpop at email.n6mef.org): >> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address >> family >> not supported by protocol >> >> I don't have a userdb.quota-status or userdb.lmtp. >> >> Is there something else that needs to be in the configuration to prevent >> these services from needing their own userdb? >> >> Thanks, >> Michael >> >> >> $ doveconf -n >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS >> auth_mechanisms = cram-md5 >> auth_verbose = yes >> mail_gid = vmail >> mail_location = maildir:~/Maildir >> mail_plugins = " quota" >> mail_uid = vmail >> namespace inbox { >> inbox = yes >> location >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix >> } >> passdb { >> args = /etc/dovecot/deny-users >> deny = yes >> driver = passwd-file >> } >> passdb { >> args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb >> driver = passwd-file >> } >> plugin { >> quota = maildir:User quota >> quota_grace = 10%% >> quota_rule = *:storage=50MB >> quota_rule2 = Trash:storage=+10%% >> quota_status_nouser = DUNNO >> quota_status_overquota = 552 5.2.2 Mailbox is full >> quota_status_success = DUNNO >> quota_status_toolarge = 552 5.2.3 Message is too large >> quota_warning = storage=90%% quota-warning 90 %n %d >> quota_warning2 = storage=75%% quota-warning 75 %n %d >> } >> pop3_lock_session = yes >> protocols = pop3 imap lmtp >> service auth { >> unix_listener /var/spool/postfix/private/dovecot-auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = vmail >> mode = 0600 >> user = vmail >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service pop3 { >> executable = pop3 postlogin >> process_limit = 25 >> } >> service postlogin { >> executable = script-login /etc/dovecot/postlogin.sh >> group = vmail >> user = vmail >> } >> service quota-status { >> client_limit = 1 >> executable = quota-status -p postfix >> inet_listener { >> port = 12340 >> } >> } >> service quota-warning { >> executable = /etc/dovecot/quota-warning.sh >> user = vmail >> } >> ssl = required >> ssl_cert = </opt/xsc/ssl/certs/n6mef-gw.crt >> ssl_key = </opt/xsc/ssl/private/n6mef-gw.key >> ssl_protocols = !SSLv2 !SSLv3 >> userdb { >> args = username_format=%n /etc/dovecot/auth.d/%d/userdb.%s >> default_fields = home=/var/vmail/%d/%n >> driver = passwd-file >> } >> verbose_ssl = yes >> protocol lmtp { >> postmaster_address = xxxxxxxxxxxxxxxxx >> } >> protocol imap { >> mail_max_userip_connections = 10 >> } >> protocol pop3 { >> mail_max_userip_connections = 1 >> } >> remote 192.168.7.0/24/24 { >> ssl = yes >> } >> remote 192.168.7.0/27/27 { >> ssl = no >> } >> $ >- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6F2unz1H7kL/d9rAQKP0AgArfFBzFeioX/90YBHWJlyOAJT8D+daQWl TRBg8OJo15haoKn6JkzJbtuZHOkV0/YPW09sWKF8e8/6LgIU512HZibE2QkD2cPl 6v5Xt4hxRtDeY7YpdzxegJ1HjoLkGsCiFIc9EXBSxlDIcvnyz74h4FdYIldhwjoY WErisoF3bKzz5vzf609JoB4veu6nK24MMdo7OxvyUlswizAN2AGSbevCLaTVkvsy iXbK4jXgvHyTK26EqNeZ6rCTx1htT4Jk/tsx3Hicg+rbX4JuaUUNRJXkVWLc4haO yJSSleqXjddEiH+UwH9LvNS2fZg99sv8tj/Ad+UHpmWedPMZFOvNGg==tC1k -----END PGP SIGNATURE-----
Steffen Kaiser
2016-Aug-03 05:10 UTC
service-specific userdb affecting lmtp, quota-service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 3 Aug 2016, Steffen Kaiser wrote:>> Update: >> >> I was able to eliminate the /var/log/mail.err error messages (shown below) >> by creating a userdb.quota-status and userdb.lmtp passwd-file. However, >> since userdb.pop3 and userdb.imap will have different extra-fields values >> for namespace (different namespace/xxx/inbox=yes values) I can't simply >> create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 and >> userdb.imap. At a minimum, the extra-fields namespace info has to be left >> out. > > do LMTP and Quota-status fail, if you symlink them to the imap version?BTW: your posted conf does not contain the virtual plugin and its namespace.>> So this creates the question: For each service, which fields does the >> userdb need to contain? I can't find that documented anywhere. >> >> For example, for the quota-status service, I presume the following are >> needed: >> -- username >> -- home directory (since mail_location = maildir:~/Maildir) >> -- any "quota=" overrides in the extra-fields >> -- nothing else >> >> Is that right? >> >> >> And I presume userdb.lmtp needs to return: >> -- username >> -- home directory (since mail_location = maildir:~/Maildir) >> -- nothing else >> >> Is that right? >> >> Thanks, >> Michael >> >> >>> -----Original Message----- >>> >>> The service specific passwd-file userdb is causing quota-status and lmtp >>> to >>> fail. >>> >>> Using: >>> userdb { >>> args = ... /etc/dovecot/auth.d/%d/userdb.%s >>> } >>> >>> I'm getting the following in /var/log/mail.err when I try to send/receive >>> mail: >>> >>> Aug 1 15:46:57 n6mef-gw dovecot: auth: Error: >>> passwd-file(mefpop at email.n6mef.org): >>> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.quota-status) failed: >>> Address family not supported by protocol >>> Aug 1 15:47:08 n6mef-gw dovecot: auth: Error: >>> passwd-file(mefpop at email.n6mef.org): >>> stat(/etc/dovecot/auth.d/email.n6mef.org/userdb.lmtp) failed: Address >>> family >>> not supported by protocol >>> >>> I don't have a userdb.quota-status or userdb.lmtp. >>> >>> Is there something else that needs to be in the configuration to prevent >>> these services from needing their own userdb? >>> >>> Thanks, >>> Michael >>> >>> >>> $ doveconf -n >>> # 2.2.9: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.16.0-76-generic x86_64 Ubuntu 14.04.4 LTS >>> auth_mechanisms = cram-md5 >>> auth_verbose = yes >>> mail_gid = vmail >>> mail_location = maildir:~/Maildir >>> mail_plugins = " quota" >>> mail_uid = vmail >>> namespace inbox { >>> inbox = yes >>> location >>> mailbox Drafts { >>> special_use = \Drafts >>> } >>> mailbox Junk { >>> special_use = \Junk >>> } >>> mailbox Sent { >>> special_use = \Sent >>> } >>> mailbox "Sent Messages" { >>> special_use = \Sent >>> } >>> mailbox Trash { >>> special_use = \Trash >>> } >>> prefix >>> } >>> passdb { >>> args = /etc/dovecot/deny-users >>> deny = yes >>> driver = passwd-file >>> } >>> passdb { >>> args = scheme=cram-md5 username_format=%n /etc/dovecot/auth.d/%d/passdb >>> driver = passwd-file >>> } >>> plugin { >>> quota = maildir:User quota >>> quota_grace = 10%% >>> quota_rule = *:storage=50MB >>> quota_rule2 = Trash:storage=+10%% >>> quota_status_nouser = DUNNO >>> quota_status_overquota = 552 5.2.2 Mailbox is full >>> quota_status_success = DUNNO >>> quota_status_toolarge = 552 5.2.3 Message is too large >>> quota_warning = storage=90%% quota-warning 90 %n %d >>> quota_warning2 = storage=75%% quota-warning 75 %n %d >>> } >>> pop3_lock_session = yes >>> protocols = pop3 imap lmtp >>> service auth { >>> unix_listener /var/spool/postfix/private/dovecot-auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> group = vmail >>> mode = 0600 >>> user = vmail >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> service pop3 { >>> executable = pop3 postlogin >>> process_limit = 25 >>> } >>> service postlogin { >>> executable = script-login /etc/dovecot/postlogin.sh >>> group = vmail >>> user = vmail >>> } >>> service quota-status { >>> client_limit = 1 >>> executable = quota-status -p postfix >>> inet_listener { >>> port = 12340 >>> } >>> } >>> service quota-warning { >>> executable = /etc/dovecot/quota-warning.sh >>> user = vmail >>> } >>> ssl = required >>> ssl_cert = </opt/xsc/ssl/certs/n6mef-gw.crt >>> ssl_key = </opt/xsc/ssl/private/n6mef-gw.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> userdb { >>> args = username_format=%n /etc/dovecot/auth.d/%d/userdb.%s >>> default_fields = home=/var/vmail/%d/%n >>> driver = passwd-file >>> } >>> verbose_ssl = yes >>> protocol lmtp { >>> postmaster_address = xxxxxxxxxxxxxxxxx >>> } >>> protocol imap { >>> mail_max_userip_connections = 10 >>> } >>> protocol pop3 { >>> mail_max_userip_connections = 1 >>> } >>> remote 192.168.7.0/24/24 { >>> ssl = yes >>> } >>> remote 192.168.7.0/27/27 { >>> ssl = no >>> } >>> $ >>- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV6F8znz1H7kL/d9rAQKltAf/bl5r175/Iokd+XxoBnsbT8LUfsCM20/p 0tPsnfz9E75nnFgOTTYYKPhc7zJvA61ZMz+yZ9SIYxce7mfA86AGvg7cpD8/KIfO RnhDuLEmFZbaRqnmrDuJvtbLzg2VargYj65Y0hykeRisdNE/3nh//iPxs/5BQs2z ZRTeJer3UkYae4AxI8E3P+S5fKWbirIJ5mapM28IVw3+uabRED/2TGO5rEuCToLU UMgI3tQKDIp04dqPfZGbsYefzv6azUtQQ/JL7BeSd/YdiJibGxI/yb7Z6zNPwUvJ sn7i6FBKdwT0sirEBfHIk4E+gAZZ0fQMkWq1z8q9C7ImoEgtqsObBg==0g6C -----END PGP SIGNATURE-----
> On Wed, 3 Aug 2016, Steffen Kaiser wrote: > > >> Update: > >> > >> I was able to eliminate the /var/log/mail.err error messages (shown > below) > >> by creating a userdb.quota-status and userdb.lmtp passwd-file. > However, > >> since userdb.pop3 and userdb.imap will have different extra-fields > values > >> for namespace (different namespace/xxx/inbox=yes values) I can't simply > >> create userdb.quota-status and userdb.lmtp as the union of userdb.pop3 > and > >> userdb.imap. At a minimum, the extra-fields namespace info has to be > left > >> out. > > > > do LMTP and Quota-status fail, if you symlink them to the imap version?I didn't try a symlink because I intend to have separate users in userdb.pop3 and userdb.imap so I can control who has imap access. To allow the two user lists to be independent, I made a unique union of the pop3 and imap userdbs and used that for quota-status and lmtp.> BTW: your posted conf does not contain the virtual plugin and its > namespace.Correct. As I put in the previous email, I didn't get to that point. First, I just commented out the "inbox=yes" declaration from "namespace inbox {}" and then added it to the userdb.imap extra-fields but got an error. How embarrassing. I just discovered a syntax error. I was using: userdb_namespace=/namespace/inbox/inbox=yes Instead of: userdb_namespace/inbox/inbox=yes Now that's working. BTW, it turns out that both quota-status and lmtp need to see the value of inbox=. So I guess all of the userdb.%s files will include userdb_namespace/inbox/inbox=yes, except for userdb.pop3 which will use userdb_namespace/virtual/inbox=yes. Next step is to configure the extra namespaces. Thanks for your help so far Steffen. Michael