# Dovecot login issues

## darkwyrm

I'm setting up an intranet mail server which is not connected to the Internet using Postfix + procmail + Dovecot. I managed to get Postfix and procmail to properly handle delivery because mail shows up in $(HOME)./maildir/new, which was the intention. What I'm having problems with is Dovecot accepting logins. I intend to use IMAPS for the only access protocol and use the passwd database for usernames/passwords. For testing purposes, I have also enabled regular IMAP so I can telnet in and test Dovecot.

Here's what the login does:

login myusername mypassword

login BAD Error in IMAP command received by server.

Here are the excerpts from my dovecot.conf

protocols = imap imaps

imap_listen = *

imaps_listen = *

ssl_cert_file=/etc/ssl/certs/dovecot.pem

ssl_key_file=/etc/ssl/private/dovecot.pem

default_mail_env = maildir:%h/.maildir

auth = default

auth_mechanisms = plain

auth_userdb = passwd

auth_passdb = pam *

auth_user = root

While I'm not extremely familiar with telnet and the actual use of the IMAP commands over telnet, I have also tested IMAP access with Thunderbird and also regular Mozilla to no avail. Do any of you know what I'm doing wrong or at least how to sniff around for the problem? Thanks in advance.

--DarkWyrm

----------

## asimon

To get more output (maybe some helpful error message) from dovecot set

```
auth_verbose = yes

auth_debug = yes

```

in /etc/dovecot.conf and watch the messages in the system log.

Regarding your auth settings, I have the same and it's working fine here, with imap and imaps.

I have the default pam configs (i.e. /etc/pam.d/imap and /etc/pam.d/imaps):

```
auth       required     pam_nologin.so

auth       include      system-auth

account    include      system-auth

session    include      system-auth
```

Your 'login' try via telnet is wrong. I get the same output here, although dovecot is working fine. I don't remember the right IMAP commands to use with telnet, but it should'nt be hard to find via google.

----------

## darkwyrm

As it turned out, an IMAP command via telnet has to be preceded by a command code. IIRC the code a01 comes before the actual login command. Anyway, when I tried to log in, I suceeded and was immediately dumped. From what I can tell it's a permissions problem on the home folder, but I don't know what needs to be changed to properly fix it. The folder's permissions are rwx------. Any thoughts?

# Non-verbose, non-debug output

Aug 13 19:40:04 [dovecot] chdir(/home/xxxxxxxx) failed with uid 1000: Permission denied

Aug 13 19:40:04 [imap-login] Login: xxxxxxxx [127.0.0.1]

Aug 13 19:40:04 [dovecot] child 12149 (imap) returned error 89

# verbose + debug output

Aug 13 19:41:15 [dovecot] Killed with signal 15

Aug 13 19:41:16 [dovecot] Dovecot starting up

Aug 13 19:41:17 [dovecot-auth] Login process 6 connected

Aug 13 19:41:17 [dovecot-auth] Login process 6 sent handshake: PID 12218

Aug 13 19:41:17 [dovecot-auth] Login process 7 connected

Aug 13 19:41:17 [dovecot-auth] Login process 7 sent handshake: PID 12220

Aug 13 19:41:17 [dovecot-auth] Login process 8 connected

Aug 13 19:41:17 [dovecot-auth] Login process 8 sent handshake: PID 12219

Aug 13 19:41:22 [dovecot-auth] Login process 9 connected

Aug 13 19:41:22 [dovecot-auth] Login process 9 sent handshake: PID 12222

Aug 13 19:41:32 [dovecot] chdir(/home/xxxxxxxx) failed with uid 1000: Permission denied

Aug 13 19:41:32 [imap-login] Login: xxxxxxxx [127.0.0.1]

Aug 13 19:41:32 [dovecot-auth] Login process 8 disconnected

Aug 13 19:41:32 [dovecot] child 12224 (imap) returned error 89

----------

## asimon

 *darkwyrm wrote:*   

> The folder's permissions are rwx------. Any thoughts?

 

That should be fine. AFAIK dovecot uses the uid of the autheticated user to access the maildir. There should be no permission problem, as long as the user itself can access it.

 *darkwyrm wrote:*   

> 
> 
> # Non-verbose, non-debug output
> 
> Aug 13 19:40:04 [dovecot] chdir(/home/xxxxxxxx) failed with uid 1000: Permission denied
> ...

 

Do you have a hardened box with selinux enabled? I had exactly this problem on a Fedora 4 box. It turned out that selinux didn't let dovecot access the user's files. I had to turn off selinux for dovecot, then it worked (a better solution is of course to fix the selinux policy regarding dovecot, a bug for fedora was filed but I dunno if it's fixed there by now).

 *darkwyrm wrote:*   

> 
> 
> Aug 13 19:41:32 [dovecot] chdir(/home/xxxxxxxx) failed with uid 1000: Permission denied
> 
> 

 

Can the user with UID 1000 access his own homedir and the maildir folder? If that's the case and you're not using selinux then I currently don't know what else could cause this permission problem.

----------

## darkwyrm

I almost wish I were running a hardened box - just 2005.1 without any special whistles or bells. The problem happens with every user and the one account I've done almost all the testing for was able to access the home folder and .maildir just fine. I'll tinker around with it a little more and worst case go with cyrus or courier. Thanks for the help anyway.  :Smile: 

--DarkWyrm

----------

## asimon

You could also try to ask at the Dovecot mailing list. There are some real dovecot experts there.

----------

