*** dovecot.conf *** ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. # '#' character and everything after it is treated as comments. Extra spaces # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var # Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, :: # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ # Name of this instance. In multi-instance setup doveadm and other commands # can use -i <instance_name> to select which instance is used (an alternative # to -c <config_path>). The instance name is also added to Dovecot processes # in ps output. #instance_name = dovecot # Greeting message for clients. #login_greeting = Dovecot ready. # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. #auth_proxy_self # Show more verbose process titles (in ps). Currently shows user name and # IP address. Useful for seeing who are actually using the IMAP processes # (eg. shared mailboxes or if same uid is used for multiple accounts). #verbose_proctitle = no # Should all processes be killed when Dovecot master process shuts down. # Setting this to "no" means that Dovecot can be upgraded without # forcing existing client connections to close (although that could also be # a problem if the upgrade is e.g. because of a security fix). #shutdown_clients = yes # If non-zero, run mail commands via this many connections to doveadm server, # instead of running them directly in the same process. #doveadm_worker_count = 0 # UNIX socket or host:port used for connecting to doveadm server #doveadm_socket_path = doveadm-server # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ ## ## Dictionary server settings ## # Dictionary can be used to store key=value lists. This is used by several # plugins. The dictionary can be accessed either directly or though a # dictionary server. The following dict block maps dictionary names to URIs # when the server is used. These can then be referenced using URIs in format # "proxy::<name>". dict { ? #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext ? #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext } # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf # A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf log_path = /var/log/dovecot.log passdb { ?? driver = static ?? args = noauthenticate temp_user=%u user=%Ln } passdb { ?? driver? = pam } passdb { ?? driver = static ?? args = noautenticate user=%{passdb:temp_user} ?? skip = unauthenticated } *** End *** If I try to start the daemon, or even attempt 'dovecot -n output', I get: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 107: Expecting '{' Line 107 is where the first passdb block begins. If I remove the three passdb blocks--everything below line 106--I get a clean startup, but the log looks like this: *** Begin *** Oct 22 12:22:04 auth-worker(13722): Info: pam(yourvoice at theglobalvoice.info,108.41.57.11,<BXn+2H6VKelsKTkL>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: redacted) Oct 22 12:22:06 auth: Debug: client passdb out: FAIL??? 1 user=yourvoice at theglobalvoice.info Oct 22 12:22:06 auth: Debug: client in: AUTH??? 2?????? PLAIN service=imap??? secured session=BXn+2H6VKelsKTkL lip=95.142.174.193????? rip=108.41.57.11??????? lport=993 rport=59689???? local_name=mail.theglobalvoice.info resp=AHlvdXJ2b2ljZUB0aGVnbG9iYWx2b2ljZS5pbmZvAFRoJEJvYTQxMFlu (previous base64 data may contain sensitive data) Oct 22 12:22:10 auth-worker(13722): Debug: pam(yourvoice at theglobalvoice.info,108.41.57.11,<BXn+2H6VKelsKTkL>): lookup service=dovecot Oct 22 12:22:10 auth-worker(13722): Debug: pam(yourvoice at theglobalvoice.info,108.41.57.11,<BXn+2H6VKelsKTkL>): #1/1 style=1 msg=Password: Oct 22 12:22:12 auth-worker(13722): Info: pam(yourvoice at theglobalvoice.info,108.41.57.11,<BXn+2H6VKelsKTkL>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: redacted) Oct 22 12:22:14 auth: Debug: client passdb out: FAIL??? 2 user=yourvoice at theglobalvoice.info Oct 22 12:22:14 imap-login: Debug: SSL alert: close notify [108.41.57.11] Oct 22 12:22:14 imap-login: Debug: SSL alert: close notify [108.41.57.11] Oct 22 12:22:14 imap-login: Info: Disconnected (auth failed, 2 attempts in 12 secs): user=<yourvoice at theglobalvoice.info>, method=PLAIN, rip=108.41.57.11, lip=95.142.174.193, TLS, session=<BXn+2H6VKelsKTkL>