Problem with master password

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with master password

Harald Leithner
Hi,

I have a problem using the master password feature of dovecot.

I'm able to login with the password but then dovecot can't select the INBOX.

IMAP test:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=SCRAM-SHA-1
AUTH=CRAM-MD5] ITronic Mail Store

a login [hidden email]*admin password

a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY
QUOTA ACL RIGHTS=texk] Logged in

a list "" "%"
* LIST (\HasNoChildren) "/" INBOX

a OK List completed (0.003 + 0.000 + 0.003 secs).

a select INBOX

a NO [SERVERBUG] Internal error occurred. Refer to server log for more
information. [2017-12-28 12:32:41] (0.001 + 0.000 secs).

The log with mail debuging doesn't tell me much:

2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap([hidden email]):
Debug: INBOX: Mailbox opened because: SELECT
2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap([hidden email]):
Debug: acl vfile: file
/srv/storage1/vmail/itronic/6/mdbox/mailboxes/INBOX/dbox-Mails/dovecot-acl
not found
2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap([hidden email]):
Debug: acl vfile: file
/srv/storage1/vmail/itronic/6/mdbox/mailboxes/dovecot-acl not found
2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap([hidden email]):
Debug: Namespace : Using permissions from
/srv/storage1/vmail/itronic/6/mdbox: mode=0700 gid=default
2017-12-28T12:24:47+01:00 mailstore1 dovecot: imap([hidden email]):
Error: Opening INBOX failed: Mailbox doesn't exist: INBOX

If I use the password of the user it works without problems, I also
tested other users, they have the same problem.


dovecot -n

# 2.2.devel (5af0c9f): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.devel (6c95b56)
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.10
auth_cache_negative_ttl = 1 secs
auth_cache_size = 10 M
auth_cache_ttl = 1 secs
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN DIGEST-MD5 SCRAM-SHA-1 CRAM-MD5 APOP
auth_verbose = yes
default_client_limit = 600
default_vsz_limit = 512 M
dict {
   lastlogin = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
   sqlacl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
   sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
first_valid_gid = 1001
first_valid_uid = 1001
hostname = [hidden email]
imap_hibernate_timeout = 1 mins
imap_id_log = *
imap_id_send = *
imap_idle_notify_interval = 10 mins
imap_logout_format = bytes=%i/%o
instance_name = mailstore1
last_valid_gid = 1001
last_valid_uid = 1001
lda_original_recipient_header = X-LDA-Original-To
lmtp_rcpt_check_quota = yes
login_greeting = ITronic Mail Store
login_trusted_networks = x.y.z.0/24
mail_attachment_dir = /srv/storage1/vmail_sis
mail_attachment_hash = %{sha512}
mail_attachment_min_size = 64 k
mail_cache_min_mail_count = 5
mail_gid = vmail
mail_location = mdbox:~/mdbox
mail_plugins = zlib lazy_expunge stats acl quota mail_log notify
mail_prefetch_count = 100
mail_server_admin = mailto:[hidden email]
mail_server_comment = ITronic Mail System
mail_shared_explicit_inbox = yes
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext vacation-seconds
mdbox_preallocate_space = yes
namespace {
   hidden = yes
   list = no
   location =
mdbox:~/mdbox:MAILBOXDIR=expunged:LISTINDEX=expunged.list.index
   prefix = "#EXPUNGED/"
   subscriptions = no
   type = private
}
namespace {
   list = children
   location = mdbox:%%h/mdbox
   prefix = "#Users/%%u/"
   separator = /
   subscriptions = yes
   type = shared
}
namespace inbox {
   hidden = no
   inbox = yes
   location =
   mailbox Archvie {
     special_use = \Archive
   }
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox Spam {
     special_use = \Junk
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   separator = /
   subscriptions = yes
   type = private
}
passdb {
   args = /etc/dovecot/master-users
   driver = passwd-file
   master = yes
   pass = yes
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   acl = vfile
   acl_shared_dict = proxy::sqlacl
   last_login_dict = proxy::lastlogin
   last_login_key = last-login/%u
   lazy_expunge = "#EXPUNGED/"
   lazy_expunge_only_last_instance = no
   mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename flag_change save mailbox_create
   mail_log_fields = uid box msgid size flags vsize from subject
   quota = dict:User quota::proxy::sqlquota
   quota_grace = 10%%
   quota_rule = *:storage=1024M
   quota_rule2 = "#EXPUNGED:storage=+1024M"
   quota_warning = storage=100%% quota-warning 100 %u
   quota_warning2 = storage=95%% quota-warning 95 %u
   quota_warning3 = storage=80%% quota-warning 80 %u
   recipient_delimiter = +
   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_before = file:/srv/storage1/vmail/%{userdb:accountToken}/
   sieve_extensions = +vacation-seconds
   sieve_global = /etc/dovecot/sieve
   sieve_max_actions = 64
   sieve_max_redirects = 8
   sieve_max_script_size = 2M
   sieve_quota_max_scripts = 0
   sieve_quota_max_storage = 64M
   sieve_vacation_default_period = 1d
   sieve_vacation_min_period = 1h
   stats_refresh = 30 secs
   stats_track_cmds = yes
   zlib_save = gz
   zlib_save_level = 6
}
pop3_uidl_duplicates = rename
protocols = imap lmtp sieve pop3
service auth-worker {
   user = $default_internal_user
}
service auth {
   inet_listener {
     port = 4180
   }
   unix_listener auth-userdb {
     mode = 0666
   }
}
service dict {
   unix_listener dict {
     group = vmail
     mode = 0666
   }
}
service imap-hibernate {
   unix_listener imap-hibernate {
     group = vmail
     mode = 0666
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   process_min_avail = 1
   service_count = 0
}
service imap {
   process_limit = 1024
   unix_listener imap-master {
     user = dovecot
   }
   unix_listener imap {
     group = vmail
     mode = 0666
   }
   vsz_limit = 512 M
}
service lmtp {
   inet_listener lmtp {
     address = x.y.z.135
     port = 24000
   }
   unix_listener lmtp {
     mode = 0666
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   process_min_avail = 0
   service_count = 1
   vsz_limit = 64 M
}
service managesieve {
   process_limit = 50
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
   process_min_avail = 20
   service_count = 1
   vsz_limit = 64 M
}
service pop3 {
   process_limit = 1024
}
service quota-warning {
   executable = script /opt/scripts/quota-warning.sh
   unix_listener quota-warning {
     user = vmail
   }
   user = dovecot
}
service stats {
   fifo_listener stats-mail {
     mode = 0600
     user = vmail
   }
}
shutdown_clients = no
ssl_cert = </etc/dovecot/private/STAR.itronic.at.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key =  # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
submission_host = x.y.z.198
syslog_facility = local0
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
valid_chroot_dirs = /srv/storage1/vmail
verbose_proctitle = yes
protocol imap {
   mail_max_userip_connections = 30
   mail_plugins = zlib lazy_expunge stats imap_stats quota imap_quota
acl imap_acl last_login mail_log notify
}
protocol lda {
   mail_plugins = zlib lazy_expunge stats acl sieve quota mail_log notify
}
protocol lmtp {
   mail_plugins = zlib lazy_expunge stats acl sieve quota mail_log notify
}
protocol sieve {
   mail_max_userip_connections = 10
   managesieve_max_compile_errors = 5
   managesieve_max_line_length = 65536
}
protocol pop3 {
   mail_max_userip_connections = 10
   mail_plugins = zlib lazy_expunge stats acl last_login mail_log notify
}

-----

I would be happy for any debugging help.

thx

--
Harald Leithner

ITronic
Wiedner Hauptstra├če 120/5.1, 1050 Wien, Austria
Tel: +43-1-545 0 604
Mobil: +43-699-123 78 4 78
Mail: [hidden email] | itronic.at
Reply | Threaded
Open this post in threaded view
|

Re: Problem with master password

Sami Ketola


> On 28 Dec 2017, at 13.46, Harald Leithner <[hidden email]> wrote:
>
> }
> passdb {
>  args = /etc/dovecot/master-users
>  driver = passwd-file
>  master = yes
>  pass = yes
> }
> passdb {
>  args = /etc/dovecot/dovecot-sql.conf.ext
>  driver = sql
> }

the default behaviour for first passdb is:

result_success = return-ok, so the second passdb is skipped if authentication was successfull.
I guess you return some user specific variables from the second passdb which makes INBOX
unaccessible with master login as dovecot does not know mailbox location.

maybe you should add result_success = continue-ok to the first passdb so that second passdb
is processed even if master authentication was a success.

Sami

Reply | Threaded
Open this post in threaded view
|

Re: Problem with master password

Harald Leithner
Thx for the answer, you are right the userdb query sets the mailbox path
but it didn't solve the problem.

logfile says that it tries to open the correct path...

bye

Harald

Am 28.12.2017 um 14:29 schrieb Sami Ketola:

>
>
>> On 28 Dec 2017, at 13.46, Harald Leithner <[hidden email]> wrote:
>>
>> }
>> passdb {
>>   args = /etc/dovecot/master-users
>>   driver = passwd-file
>>   master = yes
>>   pass = yes
>> }
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf.ext
>>   driver = sql
>> }
>
> the default behaviour for first passdb is:
>
> result_success = return-ok, so the second passdb is skipped if authentication was successfull.
> I guess you return some user specific variables from the second passdb which makes INBOX
> unaccessible with master login as dovecot does not know mailbox location.
>
> maybe you should add result_success = continue-ok to the first passdb so that second passdb
> is processed even if master authentication was a success.
>
> Sami
>

--
Harald Leithner

ITronic
Wiedner Hauptstra├če 120/5.1, 1050 Wien, Austria
Tel: +43-1-545 0 604
Mobil: +43-699-123 78 4 78
Mail: [hidden email] | itronic.at