lists at mlserv.org
2019-Sep-03 16:08 UTC
Different passdb backends for different services
> Am 03.09.2019 um 10:54 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>: > > > >> On 3 Sep 2019, at 11.07, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> Hi, >> >> as Dovecot supports submission, which is the sending direction, I am interested to know, if I can configure a separate passdb backend just for submission. >> >> I habe LDAP attributes that differ sending or receiving permissions. It would be nice, if I had a second passdb backend just for submission, which has a LDAP filter for locking this service. >> >> >> Example for IMAP, POP3, Sieve: >> >> (&(mail=%s)(mailAllowIncoming=TRUE)) > > protocol imap { > passdb { > ... > } > } > > >> >> >> Example for Submission: >> >> (&(mail=%s)(mailAllowOutgoing=TRUE)) > > protocol submission { > passdb { > ... > } > }I tried this, but I have done something wrong probably. I added this to 20-imap 20-pop 20-managesieve and 20-submission. Always in the protocol sections. I also disabled the passdb section from the auth-ldap.conf.ext in 10-auth and left over the userdb part. Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. my pid=16106, input bytes=0 Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. my pid=16107, input bytes=0 Can somebody tell me which "things" need the userdb and which the passdb sections? I am a little bit confused. Or do I have to add the above lines and is some inheritance working here? Thanks in advance Christian
> On 3 Sep 2019, at 19.08, R.N.S. via dovecot <dovecot at dovecot.org> wrote: > > I tried this, but I have done something wrong probably. > > I added this to 20-imap 20-pop 20-managesieve and 20-submission. Always in the protocol sections. I also disabled the passdb section from the auth-ldap.conf.ext in 10-auth and left over the userdb part. > > Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. > my pid=16106, input bytes=0 > Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. > my pid=16107, input bytes=0 > > Can somebody tell me which "things" need the userdb and which the passdb sections? > > I am a little bit confused. Or do I have to add the above lines and is some inheritance working here? > > Thanks in advance > > ChristianI always use one flat dovecot.conf file. It is just so much more simpler and that way you can more easily ensure loading order of all settings. Maybe you should too gather all settings you want to change to one config file and stop loading those in conf.d. Also you can post your doveconf -n somewhere so that we can see what goes wrong. Sami -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190904/20134986/attachment.html>
lists at mlserv.org
2019-Sep-04 13:31 UTC
Different passdb backends for different services
> Am 04.09.2019 um 08:24 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>: > > > >> On 3 Sep 2019, at 19.08, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> I tried this, but I have done something wrong probably. >> >> I added this to 20-imap 20-pop 20-managesieve and 20-submission. Always in the protocol sections. I also disabled the passdb section from the auth-ldap.conf.ext in 10-auth and left over the userdb part. >> >> Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. >> my pid=16106, input bytes=0 >> Sep 3 17:57:24 mx dovecot: imap-login: Error: auth-client: conn unix:login: Timeout waiting for handshake from auth server. >> my pid=16107, input bytes=0 >> >> Can somebody tell me which "things" need the userdb and which the passdb sections? >> >> I am a little bit confused. Or do I have to add the above lines and is some inheritance working here? >> >> Thanks in advance >> >> Christian > > I always use one flat dovecot.conf file. It is just so much more simpler and that way you can more easily ensure loading order of all settings. > > Maybe you should too gather all settings you want to change to one config file and stop loading those in conf.d. > > Also you can post your doveconf -n somewhere so that we can see what goes wrong.I have created a doveconf -n output. ------------------------------------------------------------------------------- auth_cache_size = 64 M auth_master_user_separator = * auth_mechanisms = plain login auth_ssl_username_from_cert = yes auth_verbose = yes default_client_limit = 5000 default_process_limit = 500 default_vsz_limit = 512 M disable_plaintext_auth = no doveadm_api_key = # hidden, use -P to show it hostname = mail.roessner-net.de imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags imap_max_line_length = 4 M lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_rcpt_check_quota = yes login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_access_groups = vmail mail_attachment_dir = /var/mail/virtual/copymail/attachments mail_gid = vmail mail_location = sdbox:~/sdbox mail_max_keyword_length = 4096 mail_plugins = quota acl fts fts_lucene zlib mail_log notify mail_privileged_group = mail mail_save_crlf = yes mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve mdbox_preallocate_space = yes mdbox_rotate_size = 128 M namespace { list = children location = sdbox:%%h/sdbox prefix = Shared/%%u/ separator = / subscriptions = no type = shared } namespace { hidden = yes list = children location = maildir:/var/mail/virtual/public:INDEXPVT=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location mailbox Archive { auto = subscribe special_use = \Archive } mailbox "Deleted Messages" { special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk-E-Mail { special_use = \Junk } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300 acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db fts = lucene fts_autoindex = yes fts_lucene = whitespace_chars=@. imapsieve_mailbox1_before = file:/etc/dovecot/sieve/rspamd.d/report-spam.sieve imapsieve_mailbox1_causes = COPY FLAG imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve/rspamd.d/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy save mailbox_create mailbox_delete mailbox_rename mail_log_fields = box msgid quota = count:User quota quota_grace = 10%% quota_rule = *:storage=300M:messages=20000 quota_rule2 = Trash:storage=+500M quota_rule3 = Sent:storage=+2G quota_rule4 = Archive:storage=+2G quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = yes quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after sieve_before = /etc/dovecot/sieve/before sieve_extensions = +vacation-seconds sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.debug sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms sieve_vacation_default_period = 10d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1h zlib_save = gz zlib_save_level = 6 } protocols = imap pop3 lmtp submission sieve service auth-worker { extra_groups = ssl-cert unix_listener auth-worker { mode = 0600 user = vmail } user = vmail } service auth { extra_groups = ssl-cert unix_listener /var/spool/postfix-submission/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = vmail } service config { unix_listener config { mode = 0600 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service doveadm { inet_listener http { port = 9080 ssl = yes } } service imap-login { inet_listener imap { address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248 } inet_listener imaps { port = 0 } } service imap-postlogin { executable = script-login /usr/local/bin/dovecot-masteruser.sh /usr/local/bin/dovecot-lastlogin.sh user = vmail } service imap { executable = imap imap-postlogin } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } unix_listener /var/spool/postfix/private/lmtp-dovecot { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248 } } service pop3-login { inet_listener pop3 { address = 127.0.0.1 134.255.226.248 ::1 2a05:bec0:28:1:134:255:226:248 } inet_listener pop3s { port = 0 } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { address = 127.0.0.1 port = 12340 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh extra_groups = mail unix_listener quota-warning { group = vmail mode = 0600 user = vmail } user = vmail } ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_client_key = # hidden, use -P to show it ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes submission_client_workarounds = whitespace-before-path submission_relay_host = mail.roessner-net.de submission_relay_port = 5870 submission_relay_ssl = starttls submission_relay_trusted = yes userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap result_failure = return-fail result_success = continue } userdb { args = file=/etc/dovecot/dovecot-auth-userdb.lua blocking=yes driver = lua } verbose_proctitle = yes protocol lmtp { mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve } protocol lda { mail_plugins = quota acl fts fts_lucene zlib mail_log notify sieve } protocol imap { mail_max_userip_connections = 50 mail_plugins = quota acl fts fts_lucene zlib mail_log notify imap_quota imap_acl imap_zlib imap_sieve passdb { args = /etc/dovecot/dovecot-ldap-incoming.conf.ext driver = ldap name } } protocol sieve { passdb { args = /etc/dovecot/dovecot-ldap-incoming.conf.ext driver = ldap name } } protocol pop3 { passdb { args = /etc/dovecot/dovecot-ldap-incoming.conf.ext driver = ldap name } } protocol submission { login_greeting = ESMTP passdb { args = /etc/dovecot/dovecot-ldap-outgoing.conf.ext driver = ldap name } } ------------------------------------------------------------------------------- If I remove the outer userdb settings (not the ones inside the protocol), the auth-worker startes struggling: ------------------------------------------------------------------------------- userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap result_failure = return-fail result_success = continue } ------------------------------------------------------------------------------- Removing this part. Am I missing some place, where the userdb is also needed? Thanks in advance -) Christian