This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 1 and 44 (spanning 43 versions)
Revision 1 as of 2007-03-17 12:36:18
Size: 1092
Editor: TimoSirainen
Comment:
Revision 44 as of 2018-09-09 05:36:49
Size: 4952
Editor: AkiTuomi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Why doesn't Dovecot work? = = Why is Dovecot not working for me? =
 * '''Dovecot always logs an error message''' if anything goes wrong, so make sure you're looking at the correct log files. Debug messages may be written to a different log file than error messages. See [[Logging]].
 * Are you upgrading? Make sure you read the [[Upgrading|upgrading documents]].
 * Make sure you're modifying the correct config file! Ubuntu creates two of them. Other distributions may also have older config files lying around. For example add "garbage=blah" to the config file and verify that Dovecot now fails to start up.
 * Try logging in manually by sending IMAP commands. If you're trying with an IMAP client you can't be sure if the problem is with the client's configuration or Dovecot's configuration. Many IMAP clients handle all errors simply by showing you the login password dialog, even if the problem has nothing to do with authentication. See TestInstallation (or TestPop3Installation).
 * Are you using an old version? If you have a problem, see if [[http://dovecot.org/doc/NEWS|NEWS]] file mentions anything related to it. There are also [[PrebuiltBinaries|binary packages]] available for newer versions.
Line 3: Line 8:
 * Make sure you're looking at the correct log files. Debug messages may be in a different log file than error messages. See ["Logging"]
 * Try logging in manually by sending IMAP commands. If you're trying with an IMAP client you can't be sure if the problem is with the client's configuration or Dovecot's configuration. See TestInstallation (or TestPop3Installation).
== If you have upgraded OpenVZ to LXC (ProxMox 4) and you are getting permisssion issues ==
Line 6: Line 10:
== It says password mismatch == This is due to ACL option being added to mount options. Simple fix is to run
Line 8: Line 12:
If you're using PAM: {{{
setfacl -k /var/run/dovecot
setfacl -b /var/run/dovecot/*
}}}
Line 10: Line 17:
 * Make sure that dovecot-auth is running as root (assuming it's using shadow files).
 * PAM errors aren't logged to Dovecot's own logs. Usually they go to {{{/var/log/auth.log}}} or something similar.
  * Unfortunately PAM's error messages aren't all that helpful always in figuring out what the problem is.
 * Usually the problem is that you don't have correctly named file in {{{/etc/pam.d}}}. See ["PasswordDatabase/PAM"]
and the issue should go away. For more information about this, see https://forum.proxmox.com/threads/permission-error-w-sockets-inside-ct-since-migration-to-pve-4-1.25244/
Line 15: Line 19:
For non-PAM set {{{auth_debug_passwords=yes}}} and look at what it says in the logs. If it's trying to use a wrong password scheme, you can change that. See ["Authentication/PasswordSchemes"] == It says "Authentication failed" ==
First of all enable {{{auth_debug_passwords=yes}}} and see if the logs show what the problem is. For non-PAM setups it should contain all the information needed to solve the problem. If it's trying to use a wrong password scheme, you can change that. See [[Authentication/PasswordSchemes]].

{{{Aborted login (no auth attempts)}}} means that the client isn't even attempting to log in. Most likely you have {{{disable_plaintext_auth=yes}}} (default) and the client isn't configured to use SSL/TLS (or you've also set {{{ssl=no}}}).

If you're using [[PasswordDatabase/PAM|PAM]]:

 * Make sure that Dovecot's auth process is running as root (assuming it's using {{{/etc/shadow}}}).
 * PAM errors aren't written to Dovecot's own logs. Usually they go to {{{/var/log/auth.log}}} or something similar.
  * Unfortunately PAM's error messages aren't always all that helpful in figuring out what exactly the problem is.
   * You could (temporarily) try to use [[PasswordDatabase/Shadow|passdb shadow]] instead to see if it logs something more understandable.
 * Usually the problem is that you don't have a correctly named file in {{{/etc/pam.d/}}}. See [[PasswordDatabase/PAM]].

== Authenticated SMTP is hanging when authenticating, when configured with dovecot authenticator ==
It is possible that you SMTP daemon is configured with the wrong socket. Please note that {{{/run/dovecot/auth-client}}} and {{{/run/dovecot/auth-userdb}}} do respond do different protocols. They are however very similar and it is possible that the difference may not be reported as an error and the SMTP server is waiting for a response that will never come.

== It's not finding my emails ==
{{{mail_debug=yes}}} makes Dovecot log where it's really looking for mails. Also {{{auth_debug=yes}}} may be helpful in debugging. See MailLocation for how to configure where the mails are looked up from.

== Permission errors accessing the mail storage ==
{{{
lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=1025(user1) egid=1026(user1) stat() failed: No such file or directory, euid is not dir owner)
}}}
Check out the access permissions of the mentioned directory, check:

 1. Unix permissions with the command {{{ls -aln /home/user1}}}, see [[https://en.wikipedia.org/wiki/File_system_permissions#Traditional_Unix_permissions|Unix permissions]], as well as make sure the user has "x" permission for "{{{/}}}" and all directories, just "{{{/home}}}" in this case, test with: "{{{su - user1 ls -aln /home/user1}}}"
 1. security tools, like SELinux: run "{{{sestatus}}}" and "{{{grep -i AVC /var/log/audit/audit.log}}}" to identify SELinux caused denials,
 1. what file system the storage is located on, for instance AFS implements different access permissions or POSIX eXtended attributes may change the traditional permissions.

{{{
Couldn't create mailbox list lock /data/mail/domain.com/username/mailboxes.lock: file_create_locked(/data/mail/domain.com/username/mailboxes.lock) failed: link(/data/mail/domain.com/username/mailboxes.lock6628a230290f9029, /data/mail/domain.com/username/mailboxes.lock) failed: Operation not permitted
}}}


 1. Your filesystem is not supported
 1. You have SELinux/AppArmor/RBAC or some other security framework that prevents this

Why is Dovecot not working for me?

  • Dovecot always logs an error message if anything goes wrong, so make sure you're looking at the correct log files. Debug messages may be written to a different log file than error messages. See Logging.

  • Are you upgrading? Make sure you read the upgrading documents.

  • Make sure you're modifying the correct config file! Ubuntu creates two of them. Other distributions may also have older config files lying around. For example add "garbage=blah" to the config file and verify that Dovecot now fails to start up.
  • Try logging in manually by sending IMAP commands. If you're trying with an IMAP client you can't be sure if the problem is with the client's configuration or Dovecot's configuration. Many IMAP clients handle all errors simply by showing you the login password dialog, even if the problem has nothing to do with authentication. See TestInstallation (or TestPop3Installation).

  • Are you using an old version? If you have a problem, see if NEWS file mentions anything related to it. There are also binary packages available for newer versions.

If you have upgraded OpenVZ to LXC (ProxMox 4) and you are getting permisssion issues

This is due to ACL option being added to mount options. Simple fix is to run

setfacl -k /var/run/dovecot 
setfacl -b /var/run/dovecot/*

and the issue should go away. For more information about this, see https://forum.proxmox.com/threads/permission-error-w-sockets-inside-ct-since-migration-to-pve-4-1.25244/

It says "Authentication failed"

First of all enable auth_debug_passwords=yes and see if the logs show what the problem is. For non-PAM setups it should contain all the information needed to solve the problem. If it's trying to use a wrong password scheme, you can change that. See Authentication/PasswordSchemes.

Aborted login (no auth attempts) means that the client isn't even attempting to log in. Most likely you have disable_plaintext_auth=yes (default) and the client isn't configured to use SSL/TLS (or you've also set ssl=no).

If you're using PAM:

  • Make sure that Dovecot's auth process is running as root (assuming it's using /etc/shadow).

  • PAM errors aren't written to Dovecot's own logs. Usually they go to /var/log/auth.log or something similar.

    • Unfortunately PAM's error messages aren't always all that helpful in figuring out what exactly the problem is.
      • You could (temporarily) try to use passdb shadow instead to see if it logs something more understandable.

  • Usually the problem is that you don't have a correctly named file in /etc/pam.d/. See PasswordDatabase/PAM.

Authenticated SMTP is hanging when authenticating, when configured with dovecot authenticator

It is possible that you SMTP daemon is configured with the wrong socket. Please note that /run/dovecot/auth-client and /run/dovecot/auth-userdb do respond do different protocols. They are however very similar and it is possible that the difference may not be reported as an error and the SMTP server is waiting for a response that will never come.

It's not finding my emails

mail_debug=yes makes Dovecot log where it's really looking for mails. Also auth_debug=yes may be helpful in debugging. See MailLocation for how to configure where the mails are looked up from.

Permission errors accessing the mail storage

lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=1025(user1) egid=1026(user1) stat() failed: No such file or directory, euid is not dir owner)

Check out the access permissions of the mentioned directory, check:

  1. Unix permissions with the command ls -aln /home/user1, see Unix permissions, as well as make sure the user has "x" permission for "/" and all directories, just "/home" in this case, test with: "su - user1  ls -aln /home/user1"

  2. security tools, like SELinux: run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused denials,

  3. what file system the storage is located on, for instance AFS implements different access permissions or POSIX eXtended attributes may change the traditional permissions.

Couldn't create mailbox list lock  /data/mail/domain.com/username/mailboxes.lock: file_create_locked(/data/mail/domain.com/username/mailboxes.lock) failed: link(/data/mail/domain.com/username/mailboxes.lock6628a230290f9029, /data/mail/domain.com/username/mailboxes.lock) failed: Operation not permitted
  1. Your filesystem is not supported
  2. You have SELinux/AppArmor/RBAC or some other security framework that prevents this

None: WhyDoesItNotWork (last edited 2018-09-09 05:36:49 by AkiTuomi)