This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 25 and 44 (spanning 19 versions)
Revision 25 as of 2009-05-13 17:38:01
Size: 3417
Editor: TimoSirainen
Comment:
Revision 44 as of 2018-09-09 05:36:49
Size: 4952
Editor: AkiTuomi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Why doesn't Dovecot work? = = Why is Dovecot not working for me? =
Line 3: Line 3:
 * Are you upgrading? Make sure you read the [[Upgrading|upgrading documents]].
 * Make sure you're modifying the correct config file! Ubuntu creates two of them. Other distributions may also have older config files lying around. For example add "garbage=blah" to the config file and verify that Dovecot now fails to start up.
Line 4: Line 6:
 * Are you using an older version than v1.0? RHEL 5.0 and Debian Etch distribute v1.0.rc15, and there have been a LOT of fixes since then. If you have a problem, see if [[http://dovecot.org/doc/NEWS|NEWS]] file mentions anything related to it. There are also [[PrebuiltBinaries|binary packages]] available for newer versions.  * Are you using an old version? If you have a problem, see if [[http://dovecot.org/doc/NEWS|NEWS]] file mentions anything related to it. There are also [[PrebuiltBinaries|binary packages]] available for newer versions.

== If you have upgraded OpenVZ to LXC (ProxMox 4) and you are getting permisssion issues ==

This is due to ACL option being added to mount options. Simple fix is to run

{{{
setfacl -k /var/run/dovecot
setfacl -b /var/run/dovecot/*
}}}

and the issue should go away. For more information about this, see https://forum.proxmox.com/threads/permission-error-w-sockets-inside-ct-since-migration-to-pve-4-1.25244/
Line 8: Line 22:
If the client isn't even attempting to log in, you most likely have {{{disable_plaintext_auth=yes}}} (default) and the client isn't configured to use SSL/TLS (or you've also {{{ssl_disable=yes}}}). {{{Aborted login (no auth attempts)}}} means that the client isn't even attempting to log in. Most likely you have {{{disable_plaintext_auth=yes}}} (default) and the client isn't configured to use SSL/TLS (or you've also set {{{ssl=no}}}).
Line 12: Line 26:
 * Make sure that dovecot-auth is running as root (assuming it's using {{{/etc/shadow}}}).  * Make sure that Dovecot's auth process is running as root (assuming it's using {{{/etc/shadow}}}).
Line 15: Line 29:
   * You could (temporarily) try to use [[PasswordDatabase/Shadow|passdb shadow]] instead to see if it logs something more understandable.
Line 17: Line 32:
== Authenticated SMTP is hanging when authenticating, when configured with dovecot authenticator ==
It is possible that you SMTP daemon is configured with the wrong socket. Please note that {{{/run/dovecot/auth-client}}} and {{{/run/dovecot/auth-userdb}}} do respond do different protocols. They are however very similar and it is possible that the difference may not be reported as an error and the SMTP server is waiting for a response that will never come.
Line 18: Line 36:
{{{mail_debug=yes}}} makes Dovecot log where it's really looking for mails. Also {{{əuth_debug=yes}}} may be helpful in debugging. See [[MailLocation]] for how to configure where the mails are looked up from. {{{mail_debug=yes}}} makes Dovecot log where it's really looking for mails. Also {{{auth_debug=yes}}} may be helpful in debugging. See MailLocation for how to configure where the mails are looked up from.
Line 20: Line 38:
== It says Can't load certificate ==
If the key isn't password protected and you get an error like:
== Permission errors accessing the mail storage ==
{{{
lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=1025(user1) egid=1026(user1) stat() failed: No such file or directory, euid is not dir owner)
}}}
Check out the access permissions of the mentioned directory, check:

 1. Unix permissions with the command {{{ls -aln /home/user1}}}, see [[https://en.wikipedia.org/wiki/File_system_permissions#Traditional_Unix_permissions|Unix permissions]], as well as make sure the user has "x" permission for "{{{/}}}" and all directories, just "{{{/home}}}" in this case, test with: "{{{su - user1 ls -aln /home/user1}}}"
 1. security tools, like SELinux: run "{{{sestatus}}}" and "{{{grep -i AVC /var/log/audit/audit.log}}}" to identify SELinux caused denials,
 1. what file system the storage is located on, for instance AFS implements different access permissions or POSIX eXtended attributes may change the traditional permissions.
Line 24: Line 49:
Sep 29 01:33:54 mail dovecot: imap-login: Can't load certificate file /etc/ssl/private/ssl-cert-mail-cacert.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 29 01:33:54 mail dovecot: child 27252 (login) returned error 89
Sep 29 01:33:54 mail dovecot: imap-login: Can't load certificate file /etc/ssl/private/ssl-cert-mail-cacert.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line
Sep 29 01:33:54 mail dovecot: child 27253 (login) returned error 89
Couldn't create mailbox list lock /data/mail/domain.com/username/mailboxes.lock: file_create_locked(/data/mail/domain.com/username/mailboxes.lock) failed: link(/data/mail/domain.com/username/mailboxes.lock6628a230290f9029, /data/mail/domain.com/username/mailboxes.lock) failed: Operation not permitted
Line 29: Line 51:
You may have mixed up the {{{ssl_cert_file}}} and {{{ssl_key_file}}} settings in the config file. (v1.1.4+ mentions this in the error message.)
Line 31: Line 52:
== User's IMAP connection gets unexpectedly closed while retrieving headers of a large folder ==
And the log looks like:
Line 34: Line 53:
{{{
Sep 12 16:10:34 hostname dovecot: IMAP(username): block_alloc(): Out of memory
Sep 12 16:10:34 hostname dovecot: child 17717 (imap) returned error 83 (Out of memory)
}}}
You may need to increase the {{{mail_process_size}}} setting in the config file. (v1.1.4+ mentions this setting in the latter error message.)
 1. Your filesystem is not supported
 1. You have SELinux/AppArmor/RBAC or some other security framework that prevents this

Why is Dovecot not working for me?

  • Dovecot always logs an error message if anything goes wrong, so make sure you're looking at the correct log files. Debug messages may be written to a different log file than error messages. See Logging.

  • Are you upgrading? Make sure you read the upgrading documents.

  • Make sure you're modifying the correct config file! Ubuntu creates two of them. Other distributions may also have older config files lying around. For example add "garbage=blah" to the config file and verify that Dovecot now fails to start up.
  • Try logging in manually by sending IMAP commands. If you're trying with an IMAP client you can't be sure if the problem is with the client's configuration or Dovecot's configuration. Many IMAP clients handle all errors simply by showing you the login password dialog, even if the problem has nothing to do with authentication. See TestInstallation (or TestPop3Installation).

  • Are you using an old version? If you have a problem, see if NEWS file mentions anything related to it. There are also binary packages available for newer versions.

If you have upgraded OpenVZ to LXC (ProxMox 4) and you are getting permisssion issues

This is due to ACL option being added to mount options. Simple fix is to run

setfacl -k /var/run/dovecot 
setfacl -b /var/run/dovecot/*

and the issue should go away. For more information about this, see https://forum.proxmox.com/threads/permission-error-w-sockets-inside-ct-since-migration-to-pve-4-1.25244/

It says "Authentication failed"

First of all enable auth_debug_passwords=yes and see if the logs show what the problem is. For non-PAM setups it should contain all the information needed to solve the problem. If it's trying to use a wrong password scheme, you can change that. See Authentication/PasswordSchemes.

Aborted login (no auth attempts) means that the client isn't even attempting to log in. Most likely you have disable_plaintext_auth=yes (default) and the client isn't configured to use SSL/TLS (or you've also set ssl=no).

If you're using PAM:

  • Make sure that Dovecot's auth process is running as root (assuming it's using /etc/shadow).

  • PAM errors aren't written to Dovecot's own logs. Usually they go to /var/log/auth.log or something similar.

    • Unfortunately PAM's error messages aren't always all that helpful in figuring out what exactly the problem is.
      • You could (temporarily) try to use passdb shadow instead to see if it logs something more understandable.

  • Usually the problem is that you don't have a correctly named file in /etc/pam.d/. See PasswordDatabase/PAM.

Authenticated SMTP is hanging when authenticating, when configured with dovecot authenticator

It is possible that you SMTP daemon is configured with the wrong socket. Please note that /run/dovecot/auth-client and /run/dovecot/auth-userdb do respond do different protocols. They are however very similar and it is possible that the difference may not be reported as an error and the SMTP server is waiting for a response that will never come.

It's not finding my emails

mail_debug=yes makes Dovecot log where it's really looking for mails. Also auth_debug=yes may be helpful in debugging. See MailLocation for how to configure where the mails are looked up from.

Permission errors accessing the mail storage

lda(user1): Error: chdir(/home/user1/) failed: Permission denied (euid=1025(user1) egid=1026(user1) stat() failed: No such file or directory, euid is not dir owner)

Check out the access permissions of the mentioned directory, check:

  1. Unix permissions with the command ls -aln /home/user1, see Unix permissions, as well as make sure the user has "x" permission for "/" and all directories, just "/home" in this case, test with: "su - user1  ls -aln /home/user1"

  2. security tools, like SELinux: run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused denials,

  3. what file system the storage is located on, for instance AFS implements different access permissions or POSIX eXtended attributes may change the traditional permissions.

Couldn't create mailbox list lock  /data/mail/domain.com/username/mailboxes.lock: file_create_locked(/data/mail/domain.com/username/mailboxes.lock) failed: link(/data/mail/domain.com/username/mailboxes.lock6628a230290f9029, /data/mail/domain.com/username/mailboxes.lock) failed: Operation not permitted
  1. Your filesystem is not supported
  2. You have SELinux/AppArmor/RBAC or some other security framework that prevents this

None: WhyDoesItNotWork (last edited 2018-09-09 05:36:49 by AkiTuomi)