Fix lmtp_save_to_detail_mailbox to be case insensitive?
To bring this up again because i have not found a work around solution. Can dovecot make lmtp_save_to_detail_mailbox case-insensitive? If you create a folder "foobar" then an email with recipient user+foo...@example.com will be placed in the folder. However with the folder as "foobar" an email with recipient user+foo...@example.com will report folder "FOOBAR" not found and the email will be placed in the inbox folder.
Re: Fix lmtp_save_to_detail_mailbox to be case insensitive?
On 2022-05-21 19:17, dove...@ptld.com wrote: To bring this up again because i have not found a work around solution. Can dovecot make lmtp_save_to_detail_mailbox case-insensitive? If you create a folder "foobar" then an email with recipient user+foo...@example.com will be placed in the folder. However with the folder as "foobar" an email with recipient user+foo...@example.com will report folder "FOOBAR" not found and the email will be placed in the inbox folder. i belive if you post doveconf -n you will get more help :) and as i sayed on postfix-millist, change %u to %Lu will solve it, if that does not solve it, we have a dokumented bug then # /etc/dovecot/conf.d/10-auth.conf auth_username_format = %Lu
LDAP virtual user username being rewritten:
Hi all,
I’m working on migrating a dovecot instance that formerly had its only user
(me) stored in a SQL database to a new instance that uses LDAP so I don’t have
to maintain a handful of different passwords. However, I’m ending up getting
sent to an incorrect mailbox because the %d part of the username I enter is
getting stripped somewhere along the lines. Dovecot debug logs show this
happening here:
May 21 18:36:53 auth: Debug: client in: AUTH1 PLAIN service=imap
secured session=itEO5InfPJusEgKDlip=172.18.2.131
rip=172.18.2.131lport=143 rport=39740 resp=
May 21 18:36:53 auth: Debug:
ldap(h...@coyhile.com,172.18.2.131,): Performing passdb lookup
May 21 18:36:53 auth: Debug:
ldap(h...@coyhile.com,172.18.2.131,): pass search:
base=ou=People,dc=coyhile,dc=com scope=subtree
filter=(&(objectClass=posixAccount)(uid=hile)) fields=uid,userPassword
May 21 18:36:53 auth: Debug:
ldap(h...@coyhile.com,172.18.2.131,): result: uid=hile
userPassword=; uid,userPassword unused
May 21 18:36:53 auth: Debug:
ldap(h...@coyhile.com,172.18.2.131,): username changed
h...@coyhile.com -> hile
May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
Finished passdb lookup
May 21 18:36:53 auth: Debug: auth(hile,172.18.2.131,): Auth
request finished
May 21 18:36:53 auth: Debug: client passdb out: OK 1 user=hile
original_user=h...@coyhile.com
May 21 18:36:53 auth: Debug: master in: REQUEST 473956353 94091
2c1f94ded4de2c343425c908d094session_pid=9412
request_auth_token
May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
Performing userdb lookup
May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,): user
search: base=ou=People,dc=coyhile,dc=com scope=subtree
filter=(&(objectClass=posixAccount)(uid=hile))
fields=homeDirectory,uidNumber,gidNumber
May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
result: homeDirectory=/home/hile uidNumber=1 gidNumber=1;
homeDirectory,uidNumber,gidNumber unused
May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
Finished userdb lookup
May 21 18:36:53 auth: Debug: master userdb out: USER473956353 hile
home=/data/mail/vmail//hile uid=998 gid=998
auth_token=3a262da408d33ce2c51ecb1ddd943203fdbb17a3
auth_user=h...@coyhile.com
Note the “username changed” line above. Clearly I’ve misconfigured something,
butI am unsure what. My configuration is as follows:
root@basement-imap01:/var/log# doveconf -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-110-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: basement-imap01.coyhile.com
auth_debug = yes
debug_log_path = /var/log/dovecot-debug.log
doveadm_password = # hidden, use -P to show it
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocols = " imap lmtp"
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = vmail
}
unix_listener replication-notify {
mode = 0666
user = vmail
}
}
service doveadm {
inet_listener {
port = 12345
}
user = vmail
}
service replicator {
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl_cert = http://wiki2.dovecot.org/AuthDatabase/LDAP
#
# NOTE: If you're not using authentication binds, you'll need to give
# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:
# access to attribute=userPassword
#by dn="" read # add this
#by anonymous auth
#by self write
#by * none
# Space separated list of LDAP hosts to use. host:port is allowed too.
#hosts =
hosts = ldap.coyhile.com
# LDAP URIs to use. You can use this instead of hosts list. Note that this
# setting isn't supported by all LDAP libraries.
#uris =
# Distinguished Name - the username used to login to the LDAP server.
# Leave it commented out to bind anonymously (useful with auth_bind=yes).
#dn =
dn = uid=dovecotquery,ou=people,dc=coyhile,dc=com
# Password for LDAP server, if dn is specified.
#dnpass =
dnpass = [REDACTED]
# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech =
# SASL realm to use.
#sasl_realm =
# SASL authorization ID, ie. the dnpass is for this "master user", but the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id =
# Use TLS to connect to the LDAP server.
#tls = no
# TLS opti
Re: LDAP virtual user username being rewritten:
Replying to myself…
Empirically, changing the following two lines in the LDAP configuration seems
to have worked:
user_filter = (&(objectClass=posixAccount)(uid=%n))
and
pass_filter = (&(objectClass=posixAccount)(uid=%n))
My question remains, though, why was the original username getting rewritten by
default?
-c
> On May 21, 2022, at 3:18 PM, Coy Hile wrote:
>
> Hi all,
>
> I’m working on migrating a dovecot instance that formerly had its only user
> (me) stored in a SQL database to a new instance that uses LDAP so I don’t
> have to maintain a handful of different passwords. However, I’m ending up
> getting sent to an incorrect mailbox because the %d part of the username I
> enter is getting stripped somewhere along the lines. Dovecot debug logs show
> this happening here:
>
> May 21 18:36:53 auth: Debug: client in: AUTH1 PLAIN service=imap
> secured session=itEO5InfPJusEgKDlip=172.18.2.131
> rip=172.18.2.131lport=143 rport=39740 resp=
> May 21 18:36:53 auth: Debug:
> ldap(h...@coyhile.com,172.18.2.131,): Performing passdb
> lookup
> May 21 18:36:53 auth: Debug:
> ldap(h...@coyhile.com,172.18.2.131,): pass search:
> base=ou=People,dc=coyhile,dc=com scope=subtree
> filter=(&(objectClass=posixAccount)(uid=hile)) fields=uid,userPassword
> May 21 18:36:53 auth: Debug:
> ldap(h...@coyhile.com,172.18.2.131,): result: uid=hile
> userPassword=; uid,userPassword unused
> May 21 18:36:53 auth: Debug:
> ldap(h...@coyhile.com,172.18.2.131,): username changed
> h...@coyhile.com -> hile
> May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
> Finished passdb lookup
> May 21 18:36:53 auth: Debug: auth(hile,172.18.2.131,): Auth
> request finished
> May 21 18:36:53 auth: Debug: client passdb out: OK 1 user=hile
> original_user=h...@coyhile.com
> May 21 18:36:53 auth: Debug: master in: REQUEST 473956353 94091
> 2c1f94ded4de2c343425c908d094session_pid=9412
> request_auth_token
> May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
> Performing userdb lookup
> May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,): user
> search: base=ou=People,dc=coyhile,dc=com scope=subtree
> filter=(&(objectClass=posixAccount)(uid=hile))
> fields=homeDirectory,uidNumber,gidNumber
> May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
> result: homeDirectory=/home/hile uidNumber=1 gidNumber=1;
> homeDirectory,uidNumber,gidNumber unused
> May 21 18:36:53 auth: Debug: ldap(hile,172.18.2.131,):
> Finished userdb lookup
> May 21 18:36:53 auth: Debug: master userdb out: USER473956353 hile
> home=/data/mail/vmail//hile uid=998 gid=998
> auth_token=3a262da408d33ce2c51ecb1ddd943203fdbb17a3
> auth_user=h...@coyhile.com
>
>
> Note the “username changed” line above. Clearly I’ve misconfigured something,
> butI am unsure what. My configuration is as follows:
>
> root@basement-imap01:/var/log# doveconf -n
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.2 ()
> # OS: Linux 5.4.0-110-generic x86_64 Ubuntu 20.04.4 LTS
> # Hostname: basement-imap01.coyhile.com
> auth_debug = yes
> debug_log_path = /var/log/dovecot-debug.log
> doveadm_password = # hidden, use -P to show it
> mail_location = maildir:~/Maildir
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
>special_use = \Drafts
> }
> mailbox Junk {
>special_use = \Junk
> }
> mailbox Sent {
>special_use = \Sent
> }
> mailbox "Sent Messages" {
>special_use = \Sent
> }
> mailbox Trash {
>special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> protocols = " imap lmtp"
> service aggregator {
> fifo_listener replication-notify-fifo {
>mode = 0666
>user = vmail
> }
> unix_listener replication-notify {
>mode = 0666
>user = vmail
> }
> }
> service doveadm {
> inet_listener {
>port = 12345
> }
> user = vmail
> }
> service replicator {
> unix_listener replicator-doveadm {
>mode = 0666
> }
> }
> ssl_cert = ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> override_fields = uid=vmail gid=vmail home=/data/mail/vmail/%d/%n
> }
> root@basement-imap01:/var/log#
>
> with the dovecot-ldap.conf.ext as follows:
>
> root@basement-imap01:/etc/dovecot# cat dovecot-ldap.conf.ext
> # This file is commonly accessed via passdb {} or userdb {} section in
> # conf.d/auth-ldap.conf.ext
>
> # This file is opened as root, so it should be owned by root and mode 0600.
> #
> # http://wiki2.dovecot.org/AuthDatabase/LDAP
> #
> # NOTE: If you're not using authentication binds, you'll need to give
> # dovecot-auth read access to userPassword field in the LDAP server.
> # With OpenLDAP this is done by modifying /e
Re: Fix lmtp_save_to_detail_mailbox to be case insensitive?
> On 05-21-2022 2:29 pm, Benny Pedersen wrote: > On 2022-05-21 19:17, dove...@ptld.com wrote: >> To bring this up again because i have not found a work around solution. >> Can dovecot make lmtp_save_to_detail_mailbox case-insensitive? >> >> If you create a folder "foobar" then an email with recipient >> user+foo...@example.com will be placed in the folder. >> >> However with the folder as "foobar" an email with recipient >> user+foo...@example.com will report folder "FOOBAR" not found and the >> email will be placed in the inbox folder. > > i belive if you post doveconf -n you will get more help :) > > and as i sayed on postfix-millist, change %u to %Lu will solve it, if that > does not solve it, we have a dokumented bug > then > > # /etc/dovecot/conf.d/10-auth.conf > auth_username_format = %Lu I fail to understand how the suggestion of %Lu has anything to do with what im talking about. I don't set auth_username_format in conf and let it use the default of %Lu doveconf -a | grep auth_username_format auth_username_format = %Lu I do not believe that setting has anything to do with the issue. Maybe im failing to property convey the issue and i will try to get more verbose. I am setting the following: recipient_delimiter = +- lmtp_save_to_detail_mailbox = yes None of that has anything to do with the lookups. Dovecot accepts the mail from postfix via LMTP. Dovecot already found the valid recipient and accepted the email. With lmtp_save_to_detail_mailbox enabled, after accepting the email but before placing it in the inbox, dovecot will look for any folders matching the address extension detail and place the email in that folder instead of the default inbox. This only works if the case matches between the recipient provided by the sender (which we have no control over) and the folder name. For example, i create a folder "foobar" and tell you to send an email to user+foo...@example.com. But instead you type user+foo...@example.com. This email will not be placed into the "foobar" folder and the logs will generate a warning of folder "FooBar" not found. It will only work as expected if the folder "foobar" and the address "user+foo...@example.com" match case exactly. I feel this should be something built into dovecot to do case-insensitive folder matching to the user address extension detail beyond the delimiter. I can not think of a reason you wouldn't want user+foo...@example.com to NOT be placed into your "foobar" folder if you have taken the steps to set the feature up. https://doc.dovecot.org/settings/core/?highlight=lmtp_save_to_detail_mailbox#core_setting-lmtp_save_to_detail_mailbox https://doc.dovecot.org/configuration_manual/protocols/lmtp_server/?highlight=lmtp_save_to_detail_mailbox Here are the redacted LMTP logs: dovecot[40891]: lmtp(u...@example.com)<40889><...>: msgid=<...@example.com>: save failed to open mailbox FooBar: Mailbox doesn't exist: FooBar dovecot[40891]: lmtp(u...@example.com)<40889><...>: msgid=<...@example.com>: saved mail to INBOX Just to humor the %Lu suggestion i explicitly put "auth_username_format = %Lu" in the conf, instead of relying on the default, and it still has the same behavior. I believe this is something that has to be fixed in the dovecot code but i can't seem to get Aki's attention on this issue. Im open to more trouble shooting suggestions.
Re: Fix lmtp_save_to_detail_mailbox to be case insensitive?
Am 21.05.22 um 23:30 schrieb dove...@ptld.com:
Dovecot accepts the mail from postfix via LMTP. Dovecot already found the valid
recipient and accepted the email.
You need to make postfix pass the extension as lowercase to Dovecot.
See https://wiki.dovecot.org/LDA/Postfix :
An example using address extensions (ie user+extens...@domain.com (don't
forget to define the proper recipient_delimiter in Postfix's main.cf))
to deliver to the folder 'extension' in your maildir (If you wish to
preserve the case of ${extension}, remove the 'hu' flags, ...
dovecot unix- n n - - pipe
flags=DRhu user=vmail:vmail
argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d
${user}@${nexthop} -m ${extension}
mail_replica in userdb?
I seem to have got replication working from an older instance to a newer one
(insofar as the data are present on the new box) that I’m looking to stand up
to replace a newer box. In this case, nothing is configured to talk to the new
machine yet, so the replication is unidirectional (old -> new).
However, I’m seeing an error like like this repeatedly in syslog:
2022-05-21T23:23:15.295252+00:00 basement-imap01 dovecot:
doveadm(h...@coyhile.com): Error: sync: User has no mail_replica in userdb
What setting did I miss?
kdoveconf -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-110-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: basement-imap01.coyhile.com
doveadm_password = # hidden, use -P to show it
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocols = " imap lmtp"
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = vmail
}
unix_listener replication-notify {
mode = 0666
user = vmail
}
}
service doveadm {
inet_listener {
port = 12345
}
user = vmail
}
service replicator {
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl_cert =
signature.asc
Description: Message signed with OpenPGP
