simonpie

Q: dovecot cannot be configured

I am trying to setup dovecot replication between two El Capitan servers.  As the documentation for doveadm states : the following has to work for replication to work

sudo doveadm user '*'

 

Only problem, this process hangs there and never comes back.  Even ^C will no cancel it.  I have to use kill -9.  If I look in the logs, I will see messages like this :

Mar 02 21:05:16 auth: Error: net_connect_unix(auth-worker) failed: No such file or directory.

 

If I try to querry the db for one user, it succeds but generates an error :

[laposte:: 21:08] [~] % sudo doveadm user legros

field value

uid 214

gid 6

home

mail maildir:/Volumes/tank/Library/Server/Mail/Data/mail/A1F7ECE1-E1CE-47F4-8D57-E1D FE3831376

user_guid A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376

quota maildir:User quota

quota_rule *:storage=5120000

mail_location maildir:/Volumes/tank/Library/Server/Mail/Data/mail/A1F7ECE1-E1CE-47F4-8D57-E1D FE3831376

sieve /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376/dovecot.si eve

sieve_dir /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376

sieve_storage /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376

[laposte:: 21:08] [~] %

 

But generates the error:

Mar 02 19:30:47 auth: Error: userdb(legros): client doesn't have lookup permissions for this user: userdb uid (214) doesn't match peer uid (501) (to bypass this check, set: service auth { unix_listener /var/run/dovecot/auth-userdb { mode=0777 } })

 

 

So, I should change the mode on the service auth listener.  Fine.  If I go in the file :

/Library/Server/Mail/Config/dovecot/conf.d/10-master.conf and go edit the service auth entry to

98 service auth {

99   # auth_socket_path points to this userdb socket by default. It's typically

100   # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have

101   # full permissions to this socket are able to get a list of all usernames and

102   # get the results of everyone's userdb lookups.

103   #

104   # The default 0666 mode allows anyone to connect to the socket, but the

105   # userdb lookups will succeed only if the userdb returns an "uid" field that

106   # matches the caller process's UID. Also if caller's uid or gid matches the

107   # socket's uid or gid the lookup succeeds. Anything else causes a failure.

108   #

109   # To give the caller full permissions to lookup all users, set the mode to

110   # something else than 0666 and Dovecot lets the kernel enforce the

111   # permissions (e.g. 0777 allows everyone full permissions).

112   unix_listener auth-userdb {

113     #mode = 0600

114     mode = 0777

115     user = _dovecot

116     #group =

117   }

 

Well, that should do it, even the config file tells us to do it this way.  Restart dovecot or the entire Mail system using either "dovecot reload" or serveradmin stop mail and then start.  Alas, it does not work.  The change is correctly loaded as the command doveadm config shows :

[laposte:: 21:35] [Config/dovecot/conf.d] % doveadm config | grep -i -A 45 "service auth "

service auth {

  chroot =

  client_limit = 0

  drop_priv_before_exec = no

  executable = auth

  extra_groups = _keytabusers

  group =

  idle_kill = 15 mins

  privileged_group =

  process_limit = 1

  process_min_avail = 0

  protocol =

  service_count = 0

  type =

  unix_listener auth-client {

    group =

    mode = 0600

    user =

  }

  unix_listener auth-login {

    group =

    mode = 0600

    user = $default_internal_user

  }

  unix_listener auth-master {

    group =

    mode = 0600

    user =

  }

  unix_listener auth-userdb {

    group =

    mode = 0777

    user = _dovecot

  }

 

This thread suggest to modify the auth-worker process so that its identical to the auth process.  But I have not succeeded.  As anyone been able to configure doveadm replicator ?

 

Thanks

Mac Pro, OS X El Capitan (10.11.3), Server

Posted on Mar 2, 2016 6:43 PM