Join Log in
Score:0
rehenry avatar Server

Auth/permission issues with Dovecot/Postfix with virtual users and dovecot Passwd-file

ad flag
rehenry

I currently have Postfix/Dovecot email-server configured to run a local system account (Dovecot auth-system) and everything runs fine with a local user set up using /etc/passwd, /etc/shadow.

I would like to set this server to handle additional email accounts on other domains. I was able to set up Postfix with SNI, which appeared to run fine using local system accounts.

However, when I set up Postfix and Dovecot using virtual users I tried to connect using Thunderbird which appeared to get stuck. I tried re-entering the login credentials (passwd: and login: as user at domain1 I set up in the email-server config) in Thunderbird to no avail.

FYI, I changed the test user's email to 'user at domain1', with the servers' domain (Postfix SNI) as 'domain2' (my local account domain) in the log files and config files below.

When I restarted postfix/dovecot using virtual users and a Passwd-file db, I got the following errors:

dovecot-debug.log

May 01 11:37:01 auth: Debug: client in: CONT<hidden> 
May 01 11:37:01 auth: Debug: passwd-file(user at domain1,50.82.117.87,<AZqfbqT6JIgyUnVX>): Performing passdb lookup
May 01 11:37:01 auth: Debug: passwd-file('user at domain1',50.82.117.87,<AZqfbqT6JIgyUnVX>): Finished passdb lookup 
May 01 11:37:01 auth: Debug: auth('user at domain1',50.82.117.87,<AZqfbqT6JIgyUnVX>): Auth request finished May 01 11:37:03 auth: Debug: client passdb out: FAIL  1  user='user at domain1'   code=temp_fail

dovecot-info.log

May 01 11:33:35 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=<'user at domain1'>, method=PLAIN, rip=50.82.117.87, lip=192.168.2.38, TLS, session=<pKmEYaT6kLMyUnVX>

dovecot.log

May 01 11:39:09 auth: Error: passwd-file('user at domain1',50.82.117.87,<GLDmdaT6PoYyUnVX>): open(/etc/dovecot/passwd) failed: Permission denied (euid=115(dovecot) egid=126(dovecot) missing +r perm: /etc/dovecot/passwd, we're not in group 0(root), dir owned by 0:0 mode=0755)

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 5120000000
milter_default_action = accept
milter_protocol = 6
mydestination = localhost
myhostname = 'mail.domain2' 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = localhost
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, check_helo_access hash:/etc/postfix/helo_access
smtpd_milters = local:/opendkim/opendkim.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_chain_files = /etc/ssl/acme.sh/'mail.domain2'/privkey.pem, /etc/ssl/acme.sh/'mail.domain2'/fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = 'domain1'
virtual_mailbox_limit = 5120000000
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000

I'm running Linux 5.15.0-1027-raspi aarch64 Ubuntu 22.04.2 LTS ext4. Postfix mail_version = 3.6.4 Dovecot version = 2.3.16

My question is what is wrong with my server setup? I've read both Postfix' and Dovecot's virtual user documentation as well as setting up a Passwd-file db in Dovecot. I would like to stick with using the Passwd-file db scheme in Dovecot, but after working on this for hours daily for the last week any advice or suggestions will be taken seriously.

Thank you in advance for any help you can offer and please ask if you need additional info. -Roy

120
0 + 1
anx avatar
fr flag
anx
Sounds like you have created a file `/etc/dovecot/passwd` exclusively readable by root, while (reasonably) configuring Dovecot such that it will try to open it using the less privileged `dovecot` group. Did you possibly miss an intended step where you `chown` that file to that group?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.