Q: dovecot cannot be configured
I am trying to setup dovecot replication between two El Capitan servers. As the documentation for doveadm states : the following has to work for replication to work
sudo doveadm user '*'
Only problem, this process hangs there and never comes back. Even ^C will no cancel it. I have to use kill -9. If I look in the logs, I will see messages like this :
Mar 02 21:05:16 auth: Error: net_connect_unix(auth-worker) failed: No such file or directory.
If I try to querry the db for one user, it succeds but generates an error :
[laposte:: 21:08] [~] % sudo doveadm user legros
field value
uid 214
gid 6
home
mail maildir:/Volumes/tank/Library/Server/Mail/Data/mail/A1F7ECE1-E1CE-47F4-8D57-E1D FE3831376
user_guid A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376
quota maildir:User quota
quota_rule *:storage=5120000
mail_location maildir:/Volumes/tank/Library/Server/Mail/Data/mail/A1F7ECE1-E1CE-47F4-8D57-E1D FE3831376
sieve /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376/dovecot.si eve
sieve_dir /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376
sieve_storage /Library/Server/Mail/Data/rules/A1F7ECE1-E1CE-47F4-8D57-E1DFE3831376
[laposte:: 21:08] [~] %
But generates the error:
Mar 02 19:30:47 auth: Error: userdb(legros): client doesn't have lookup permissions for this user: userdb uid (214) doesn't match peer uid (501) (to bypass this check, set: service auth { unix_listener /var/run/dovecot/auth-userdb { mode=0777 } })
So, I should change the mode on the service auth listener. Fine. If I go in the file :
/Library/Server/Mail/Config/dovecot/conf.d/10-master.conf and go edit the service auth entry to
98 service auth {
99 # auth_socket_path points to this userdb socket by default. It's typically
100 # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
101 # full permissions to this socket are able to get a list of all usernames and
102 # get the results of everyone's userdb lookups.
103 #
104 # The default 0666 mode allows anyone to connect to the socket, but the
105 # userdb lookups will succeed only if the userdb returns an "uid" field that
106 # matches the caller process's UID. Also if caller's uid or gid matches the
107 # socket's uid or gid the lookup succeeds. Anything else causes a failure.
108 #
109 # To give the caller full permissions to lookup all users, set the mode to
110 # something else than 0666 and Dovecot lets the kernel enforce the
111 # permissions (e.g. 0777 allows everyone full permissions).
112 unix_listener auth-userdb {
113 #mode = 0600
114 mode = 0777
115 user = _dovecot
116 #group =
117 }
Well, that should do it, even the config file tells us to do it this way. Restart dovecot or the entire Mail system using either "dovecot reload" or serveradmin stop mail and then start. Alas, it does not work. The change is correctly loaded as the command doveadm config shows :
[laposte:: 21:35] [Config/dovecot/conf.d] % doveadm config | grep -i -A 45 "service auth "
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups = _keytabusers
group =
idle_kill = 15 mins
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener auth-client {
group =
mode = 0600
user =
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group =
mode = 0777
user = _dovecot
}
This thread suggest to modify the auth-worker process so that its identical to the auth process. But I have not succeeded. As anyone been able to configure doveadm replicator ?
Thanks
Mac Pro, OS X El Capitan (10.11.3), Server
Posted on Mar 2, 2016 6:43 PM