Trouble with Postfix, LMTP, Dovecot and PAM: “Unknown user”

So I decided to go with Dovecot instead of Cyrus imapd for my new mail server. I followed the instructions in the Dovecot Wiki, but keep getting errors if I file a test message using mail -s test pief@mail.bs3.hollants.com (I highlighted the relevant parts):

Nov  7 11:59:21 zeus postfix/pickup[15411]: 728E05DD3: uid=0 from=
Nov  7 11:59:21 zeus postfix/cleanup[15447]: 728E05DD3: message-id=<20121107105921.728E05DD3@mail.bs3.hollants.com>
Nov  7 11:59:21 zeus postfix/qmgr[15412]: 728E05DD3: from=, size=443, nrcpt=1 (queue active)
Nov  7 11:59:21 zeus dovecot: lmtp(14969): Debug: none: root=, index=, control=, inbox=, alt=
Nov  7 11:59:21 zeus dovecot: lmtp(14969): Connect from local
Nov  7 11:59:21 zeus dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth
Nov  7 11:59:21 zeus dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libauthdb_ldap.so
Nov  7 11:59:21 zeus dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so
Nov  7 11:59:21 zeus dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_pgsql.so
Nov  7 11:59:21 zeus dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_sqlite.so
Nov  7 11:59:21 zeus dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so
Nov  7 11:59:21 zeus dovecot: auth: Debug: master in: USER#0111#011pief@mail.bs3.hollants.com#011service=lmtp
Nov  7 11:59:21 zeus dovecot: auth: Debug: passwd(pief@mail.bs3.hollants.com): lookup
Nov  7 11:59:21 zeus dovecot: auth: passwd(pief@mail.bs3.hollants.com): unknown user
Nov  7 11:59:21 zeus dovecot: auth: Debug: master out: NOTFOUND#0111
Nov  7 11:59:21 zeus dovecot: lmtp(14969): Debug: auth input: 
Nov  7 11:59:21 zeus postfix/lmtp[15451]: 728E05DD3: to=, relay=mail.bs3.hollants.com[private/dovecot-lmtp-in], delay=0.16, delays=0.1/0/0.01/0.05,
dsn=5.1.1, status=bounced (host mail.bs3.hollants.com[private/dovecot-lmtp-in] said:
550 5.1.1  User doesn't exist: pief@mail.bs3.hollants.com
(in reply to RCPT TO command))

So the error here seems to be that Dovecot does not seem to seperate the username (= the destination mailbox) from the email address it gets supplied by Postfix via LMTP. The same setup works just fine with my old Cyrus-imapd setup. As I verified with socat, Postfix feeds Cyrus email addresses, too, and it works there, so it can’t be Postfix that’s misconfigured.

Here’s my Dovecot configuration (taken from doveconf -n):

# 2.0.16: /etc/dovecot/dovecot.conf
# OS: Linux 3.1.10-1.16-desktop x86_64 openSUSE 12.1 (x86_64) ext4
auth_debug = yes
auth_verbose = yes
hostname = mail.bs3.hollants.com
mail_debug = yes
mail_location = mdbox:/var/spool/mail/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave
passdb {
  driver = pam
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/ssl/certs/zeus.bs3.hollants.com-crt.pem
ssl_key = </etc/ssl/private/zeus.bs3.hollants.com-key.pem
userdb {
  driver = passwd
}
verbose_proctitle = yes

UPDATE: It turns out that you must explicitly specify


auth_username_format = %Ln

so Dovecot strips aways the domain part of the email address before passing it on to the PAM password database. This is most probably due to the fact that other password databases may allow for authentication by complete email addresses.

1 comment

Leave a comment