[dovecot] Re: Trouble setting up dovecot

Fri Feb 21 03:08:52 EET 2003

On Fri, 2003-02-21 at 02:37, Tim Snider wrote:
> I'm running a RedHat 7.3 SMP server, with iptables for a firewall, so
> I've got several cards and thus IPs.I started out with dovecot 99.4 but
> noted that it was missing the LDAP, tried 99.8-test5 and am now working
> with 99.8-test7, both seem to have the same problems.

Well, I'll put out -test8 now. There's a bit more fixes, although not
for any of yours.

> I'm currently trying to setup a IMAP server on the inside of the
> firewall, 192.168.2.X. If I use just imap, turn of SSL/TLS I'm fine,
> and can do plaintext authentication via shadow, but I can't get PAM
> authentication working.

What error messages does PAM give if auth_verbose = yes? Or is that just
PAM configuration problem (pam_ldap?), nothing to do with Dovecot?

> If I turn on SSL(ssl_disable = no), neither the imap or the imaps
> respond and a netstat -tp shows that no process owns the socket
> PID/process = '-', often with characters in the Recv-Q.

But the dovecot processes exist? And the imap-login processes? Your
certificates are ok? Maybe the processes are stuck at something.. Check
if they call poll() every few seconds with strace -p? And what do you
mean by doesn't respond - "connection refused" or does it just hang
there?

> I've tried turning on all the debugging flags for configure on,
> --with-rawlog --enable-debug --enable-asserts --with-ssl=openssl
> as well as verbose_proctitle = yes, and auth_verbose = yes, setup
> logfiles /var/log/dovecot/messages, yet all I get are authorization
> messages. And I've noted that a number of them only show up after I've
> killed the dovecot process, so I'm wondering if there needs to be a bit
> of flushing somewhere?

I do call fflush() after each write to log. Killing with SIGTERM will do
clean exit which may log more things, maybe it's just that? Also killing
child processes makes master process log their exits.

> As well I've also tried to run "dovecot -F", with the log files
> commented out in the .conf file, but get nothing via stderr.

Default is to log with syslog. If you want stderr, set log path to
/dev/stderr.

>  I note that
> when I try the log_timestamp option, the dates sent from imap-login are
> completely incorrect and don't change, so I don't think the date is
> being read correctly. Is log_timestamp operational?

What messages do you even get from imap-login? Normally there should
never be anything. I didn't anyway notice problems with log_timestamp,
what format did you try?

imap-logins are also chrooted by default. There used to be a bug that
they couldn't get timezone right because of it, but that's the only time
related problem I can think of.

> One thing I'm not clear on is what process to run it under, I've setup a
> user/group 'dovecot', but does dovecot have to be a member of wheel?

You should run dovecot as root. The dovecot user should be used only for
login processes (defined in config file), and it shouldn't be in wheel
group. Actually I think it even refuses to run if it's in wheel group
(or gid 0).

> I've also noted in earlier versions you had things running via
> imapd-master, but that now seems to been replaced by "dovecot", is that
> correct?

Yes.