Dovecot 2.1.17 in opensuse 13.1

georgeyz · April 14, 2014, 11:45am

Hello,
I have opensuse 13.1 and package Dovecot 2.1.17, whole system updated. I use file passwd authentication, here is content my vpasswd file (only for test):

user1@example.org:{PLAIN}password

Output dovecot -n:


# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.10-7-desktop x86_64 openSUSE 13.1 (x86_64) 
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
mail_debug = yes
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
passdb {
  args = /etc/dovecot/vpasswd
  driver = passwd-file
}
pop3_uidl_format = %g
protocols = imap pop3
ssl = no
userdb {
  args = uid=vmail gid=vmail home=/var/spool/mail/%u
  driver = static
}
first_valid_uid = 999
first_valid_gid = 999
last_valid_uid = 999
last_valid_gid = 999

User 999 and group 999 is vmail.

After

telnet localhost 110

Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user user1@example.org
+OK
pass password
-ERR Authentication failed.

In mail log this error:


dovecot: auth: Error: passwd-file /etc/dovecot/vpasswd: open(/etc/dovecot/vpasswd) failed: Permission denied (euid=482(dovecot) egid=479(dovecot) UNIX perms appear ok (ACL/MAC wrong?), dir owned by 0:0 mode=0755)
dovecot: auth: passwd-file(user1@example.org,::1,<l0Hz89L2JwAAAAAAAAAAAAAAAAAAAAAB>): no passwd file: /etc/dovecot/vpasswd

Rights is OK. When I compile a install Dovecot 2.1.17 from source (http://www.dovecot.org/releases/2.1/dovecot-2.1.17.tar.gz) no problem,
file passwd authentication running correct. Problem is IMHO in opensuse package Dovecot 2.1.17 for opensuse 13.1.

robin_listas · April 14, 2014, 3:28pm

On 2014-04-14 11:46, georgeyz wrote:

> In mail log this error:
>
> Code:
> --------------------
>
> dovecot: auth: Error: passwd-file /etc/dovecot/vpasswd: open(/etc/dovecot/vpasswd) failed: Permission denied (euid=482(dovecot) egid=479(dovecot) UNIX perms appear ok (ACL/MAC wrong?), dir owned by 0:0 mode=0755)
> dovecot: auth: passwd-file(user1@example.org,::1,<l0Hz89L2JwAAAAAAAAAAAAAAAAAAAAAB>): no passwd file: /etc/dovecot/vpasswd
>
> --------------------

Apparmour running?

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

georgeyz · April 14, 2014, 4:47pm

No, computer is only normal desktop. And moreover, Dovecot compiled from sources running corrected!

robin_listas · April 15, 2014, 3:43am

On 2014-04-14 16:56, georgeyz wrote:
>
> robin_listas;2636929 Wrote:

>>
>> Apparmour running?

> No, computer is only normal desktop. And moreover, Dovecot compiled from
> sources running corrected!

Well, a default openSUSE 13.1 desktop installation gets apparmour
installed. It came with bugs in the dovecot profiles, so you should
expect problems. Most of them were corrected with updates, so you should
make sure you applied all the official updates (yast online update).

All that is on the release notes. More or less

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

georgeyz · April 15, 2014, 9:05am

Huh, Apparmor was disabled, but active! My error, sorry. Package Dovecot is OK.

georgeyz · April 15, 2014, 10:10am

Oh no, on my PC runing my compiled Dovecot, this is OK. Now I install package Dovecot from opensuse and error occurred again! Apparmor disabled and inactive.
I apologize for the confusion…

robin_listas · April 15, 2014, 1:38pm

On 2014-04-15 10:16, georgeyz wrote:
>
> georgeyz;2637037 Wrote:
>> Huh, Apparmor was disabled, but active! My error, sorry. Package
>> Dovecot is OK.
>
> Oh no, on my PC runing my compiled Dovecot, this is OK. Now I install
> package Dovecot from opensuse and error occurred again! Apparmor
> disabled and inactive.
> I apologize for the confusion…

I would recommend to keep apparmour active if your machine serves
dovecot to any other machine.

You can correct AA profiles by running “aa-logprof” now and then.

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

georgeyz · April 16, 2014, 12:46pm

Resume:
apparmor running
in file etc/apparmor.d/local/usr.lib.dovecot.auth
add row:
/etc/dovecot/vpasswd r,

permission /etc/dovecot/vpasswd
-r-------- 1 dovecot root … vpasswd

Now it is working properly,
thank you Carlos

robin_listas · April 17, 2014, 12:43am

On 2014-04-16 12:56, georgeyz wrote:

> Resume:
> apparmor running
> in file etc/apparmor.d/local/usr.lib.dovecot.auth
> add row:
> /etc/dovecot/vpasswd r,
>
> permission /etc/dovecot/vpasswd
> -r-------- 1 dovecot root … vpasswd
>
> Now it is working properly,
> thank you Carlos

Welcome!

I suggest you write this info into a Bugzilla, so that others can benefit.

openSUSE:Submitting bug
reports

–
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)