[Dovecot] unknown users

Averlon c38sgzkz at averlon.net
Tue Jan 8 18:36:53 EET 2013

I know that the ldap query does not return the result I expected.

Question is why.
Question is why does doevcot look at ldap with the recipients e-Mail
address. What does dovecot look for?
Yes, I know, it is a password request. But why look for a password for
the recipients e-Mail address user?

Since I have static userdb the mailbox to deliver to is defined.
I agree, since the delivery mailbox has "%n" as part of the path, the
"uid" must get looked up somewhere, probably via ldap. But how to
configure this.

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-35-generic x86_64 Ubuntu 12.04.1 LTS
auth_debug = yes
auth_mechanisms = plain login cram-md5
auth_username_format = %Lu
hostname = mail.av.loc
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
protocols = imap pop3 sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ssl_key = </etc/ssl/private/dovecot.pem
syslog_facility = avdove
userdb {
  args = uid=vmail gid=vmail home=/home/vmail/%n
  driver = static
protocol lda {
  mail_plugins = " sieve"
  sendmail_path = /usr/sbin/sendmail

I have switched off
"smtpd_tls_loglevel = 2"

Be ensured I have looked at the ldap page - but I am currently lost
where to configure what.
Signatur Averlon info


Mit freundlichen Grüßen / Kind Regards

Karl-Heinz Fischbach

Skype: khfischbach
jabber: averlon at jabber.org
Blog: averlon.posterous.com

Diese e-mail ist unter Umständen signiert. Die Signatur entspricht dem
Deutschen Signaturgesetz und entsprechenden europäischen Regelungen.
Important Note:
This e-mail may contain trade secrets or privileged, undisclosed or
otherwise confidential information. If you have received this e-mail in
error, you are hereby notified that any review, copying or distribution
of it is strictly prohibited. Please inform us immediately and destroy
the original transmittal.

Signatur Averlon info


Am 08.01.2013 01:11, schrieb /dev/rob0:
> On Mon, Jan 07, 2013 at 08:00:37PM +0100, Averlon wrote:
>> can anyone tell me where these "unknown users" come from.
>> Jan 7 19:43:11 f42252se postfix/pipe[14632]: 9A86C30007C: 
>> to=<redmine at averlon.loc>, relay=spamassassin, delay=2.2, 
>> delays=0.05/0/0/2.1, dsn=2.0.0, status=sent (delivered via 
>> spamassassin service)
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: 9A86C30007C: removed
> The original message is successfully delivered to your content 
> filter.
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>> USER#0111#011redmine at averlon.loc#011service=lda
>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: 
>> ldap(redmine at averlon.loc): pass search: 
>> base=ou=user,dc=averlon,dc=loc scope=onelevel 
>> filter=(&(objectClass=posixAccount)(uid=redmine at averlon.loc)) 
>> fields=uid,userPassword
> Here's one of your LDAP queries.
>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(redmine at averlon.loc):
>> *unknown user*
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: BE0AC30007F:
>> to=<redmine at averlon.loc>, relay=dovecot, delay=0.02, delays=0/0/0/0.01,
>> dsn=5.1.1, status=bounced (user unknown)
> The content filter reinjects via sendmail(1), and the pipe(8) to the 
> Dovecot LDA fails. Your LDAP query is not returning what you expect, 
> or you're not querying for the right thing.
>> Jan  7 19:43:11 f42252se postfix/cleanup[14631]: C279030007E:
>> message-id=<20130107184311.C279030007E at mail.av.loc>
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: from=<>,
>> size=3182, nrcpt=1 (queue active)
>> Jan  7 19:43:11 f42252se postfix/bounce[14639]: BE0AC30007F: sender
>> non-delivery notification: C279030007E
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: BE0AC30007F: removed
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master in:
>> USER#0111#011avadmin at av.loc#011service=lda
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: ldap(avadmin at av.loc):
>> pass search: base=ou=user,dc=averlon,dc=loc scope=onelevel
>> filter=(&(objectClass=posixAccount)(uid=avadmin at av.loc))
>> fields=uid,userPassword
> There's another one of your queries, looking up the sender address 
> for delivery of the bounce.
>> Jan  7 19:43:11 f42252se dovecot: auth: ldap(avadmin at av.loc): *unknown user*
>> Jan  7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>> Jan  7 19:43:11 f42252se postfix/pipe[14637]: C279030007E:
>> to=<avadmin at av.loc>, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
>> dsn=5.1.1, status=bounced (user unknown)
>> Jan  7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: removed
> Same thing happens to the bounce. Being undeliverable, your mail is 
> gone.
>> +++
>> Tell me what you need as additional info.
> Turn off verbose logging in Postfix, as Charles pointed out. I guess 
> it's only the TLS logging that you have made verbose.
> Review the Dovecot wiki / wiki2 (you didn't say what version you are
> using?) page on LDAP.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3887 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130108/0d868518/attachment-0004.bin>

More information about the dovecot mailing list