Some man pages leak the bolding in parsed-literal to next blocks, see sphinx-doc/sphinx#10837

I have followed the instructions at: simple_virtual_install.rst
postfix_dovecot_lmtp.rst
and postfix_and_dovecot_sasl.rst
(after following random tutorials, and reverting everything ten times)

For specifying users I use a auth-master.conf.ext and auth-passwdfile.conf.ext.
I modified the files slightly. When looking at the logs auth in dovecot seems to work just fine.
It is always the glue to postfix, that I'm struggeling with.

The tutorials worked great, to get me started, but I still have issues with sending emails.
If I try to send a email from any user to any other user on my domain/server, I get the following error:
It doesn't matter, if YYY is something like root, postmaster or XXX.

<[email protected]>: Sender address rejected: not owned by user [email protected].

The file backing auth-passwdfile.conf.ext contains the following:

[email protected]:{BLF-CRYPT}SOME_PASSWORD_HASH
[email protected]
[email protected]

(I use postmaster and root, to be able to use those users with master users exclusively)

When trying to send a message trough any means (I tried trough cli(openssl) and thunderbird), I get the above sender address rejected.

ehlo test
250-c0d3m4513r.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
AUTH PLAIN base64encode("\[email protected]\x00SOME_PASSWORD")
235 2.7.0 Authentication successful
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]
rcpt to:[email protected]
553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]

Whilst that attempt the following syslog was given:

May 25 23:21:37 v2202112115941172740 postfix/submission/smtpd[30771]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
May 25 23:21:37 v2202112115941172740 postfix/submission/smtpd[30771]: connect from wan-dns-name[wan-ip]
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: passwd-file /etc/dovecot/master-users: Read 1 users in 0 secs
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: passwd-file /etc/dovecot/users: Read 3 users in 0 secs
May 25 23:21:37 v2202112115941172740 dovecot: auth: Debug: auth client connected (pid=0)
May 25 23:21:52 v2202112115941172740 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=188.68.41.12#011rip=wan-ip#011secured#011resp=base64encode("\[email protected]\x00SOME_PASSWORD")(previous base64 data may contain sensitive data)
May 25 23:21:52 v2202112115941172740 dovecot: auth: Debug: passwd-file([email protected],wan-ip): lookup: [email protected] file=/etc/dovecot/users
May 25 23:21:52 v2202112115941172740 dovecot: auth: Debug: client passdb out: OK#0111#[email protected]
May 25 23:22:16 v2202112115941172740 postfix/submission/smtpd[30771]: NOQUEUE: reject: RCPT from wan-dns-name[wan-ip]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<test>
May 25 23:22:32 v2202112115941172740 postfix/submission/smtpd[30771]: NOQUEUE: reject: RCPT from wan-dns-name[wan-ip]: 553 5.7.1 <[email protected]>: Sender address rejected: not owned by user [email protected]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<test>
May 25 23:22:33 v2202112115941172740 postfix/submission/smtpd[30771]: lost connection after RCPT from wan-dns-name[wan-ip]
May 25 23:22:33 v2202112115941172740 postfix/submission/smtpd[30771]: disconnect from wan-dns-name[wan-ip] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/2 commands=5/7

root@v2202112115941172740:~# dovecot --version
2.3.4.1 (f79e8e7e4)
root@v2202112115941172740:~# apt info postfix
Package: postfix
Version: 3.4.14-0+deb10u1
# I took the liberty of truncating the unessesary apt stuff

My questions are now the following:

1. How do I send messages?
2. Is this an oversight in the how-to(s)?

I want to check, if plugin compiled with 2.2 or 2.3 (or newer) and need standartized way to do this.
Can you please provide an example how this macro should be used ?

Thanks.

I can't find a way to get a PDF documentation. Do you have any suggestions on where to find it?

I suggest to add another example for dovecot-virtual in https://doc.dovecot.org/configuration_manual/virtual_plugin/#examples

List all emails that have been tagged with 'To Do' using Thunderbird as an email client (Thunderbird uses '$label4' as IMAP keyword for the 'To Do' tag):

*
  KEYWORD $label4

https://doc.dovecot.org/configuration_manual/basic_configuration/

Under "Plaintext Authentication" there is the section

"To allow any Authentication without SSL, disable SSL in the conf.d/10-ssl.conf file. This has to be done because Dovecot (now) uses SSL as default. You probably want to switch this back to “yes” or other options afterward.

ssl = no

Until SSL is configured, allow plaintext authentication in the conf.d/10-auth.conf file. You probably want to switch this back to “yes” afterward.

auth_allow_cleartext = yes

If you didn’t use the temporary passwd-file created above, don’t do this if you don’t want your password to be sent in clear to network. Instead get SSL configuration working and connect to Dovecot only using SSL."

When I look at /etc/dovecot/conf.d/10-auth.conf I see

"  GNU nano 7.2                   10-auth.conf                             ##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the# connection is considered secure and plaintext authentication is allowed.# See also ssl=required setting.
#disable_plaintext_auth = yes"

I assume this is what that section in the documentation is referring to.
In case it matters, this was installed on apline 3.19 using apk add dovecot dovecot 2.3.21

From this page: https://doc.dovecot.org/admin_manual/lua/#lua-api
I see this:

dovecot.http.client({timeout=milliseconds, max_attempts=number, debug=boolean})
    Create a new http client object that can be used to submit requests to remote servers.

And http client code:

...
local http_client = dovecot.http.client {
    timeout = 10000;
    max_attempts = 3;
    debug = true;
}
...

I got dovecot's log:

Apr  8 02:09:13 ubuntua dovecot: auth: Fatal: passdb-lua: initialization failed: lua_pcall(/etc/dovecot/auth.lua) failed: /etc/dovecot/auth.lua:14: attempt to index field 'http' (a nil value)

dovecot version: 2.3.18

The question is: Does dovecot contains http client in lua plugin?

The sample dovecot init.d script listed in the documentation reads

 ### BEGIN INIT INFO
 # Provides:          dovecot
 [...]

instead of

### BEGIN INIT INFO
# Provides:          dovecot
[...]

Starting the init info block with a whitespace is not permitted by the specification (as it mentions "All lines inside the [init] block shall begin with a hash character '#' in the first column".)

At any rate, update-rc.d dovecot defaults creates no symlinks in /etc/rc*.d when the leading whitespaces are present.

There's a clear and concise documentation page explaining how you can use Dovecot SASL to authenticate postfix users.

However, if you setup Postfix and Dovecot in this manner and Dovecot is configured as a proxy, it fails open. In other words, Dovecot will allow any user to relay email provided they have a correct username, regardless of the password they enter.

I found an old reference to this fact, but it would be nice if this problem were clearly stated in the docs, especially given the security implications.

https://doc.dovecot.org/settings/core/ says the default for "auth_username_format" is "%u", but the changelog says:

v2.1.0 2012-02-16  Timo Sirainen <[email protected]>
	* auth_username_format default changed to %Lu

I tested this and the changelog seems to be correct:

$ doveconf auth_username_format -d
auth_username_format = %Lu

So it appears that the doc page hasn't been updated to match the change.

Hallo,

in commit 9270dfb the subpage configuration_manual/replication.html was removed from the documentation. According to the commit message this was due to the "replicator" feature being removed. That the replicator feature is removed is also listed in the doc subpage installation_guide/upgrading/from-2.3-to-3.0.html.

I think this complete removal of the replication subpage was in error, as its content explained more about the inner workings of doveadm sync (previously named dsync) rather than replicator. The 2.3 to 3.0 migration notes in subpage installation_guide/upgrading/from-2.3-to-3.0.html still list doveadm sync as a non-removed feature, so i think the documentation should be non-removed as well.

best regards,

Max

The following files have not been updated on the website since November.
I did not see a release schedule. Not sure if this is normal.

source/configuration_manual/haproxy/index.rst

we're just moving some services and searched dovecot-docs for submission via ssl (without starttls).

only in sourcecode we've found, that there's already an entry "submissions" via port 465 .

please note this somewhere in online-docs or perhaps better in default-config.

This warning should be at the top of https://wiki.dovecot.org/procmail :
"Procmail's last release was September 10, 2001. It is no longer maintained, and it has a number of security vulnerabilities. Consider using Sieve filtering in Dovecot Pigeonhole instead."

I was unable to add it to the wiki entry. Could it be added?

Thanks.

## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

If it matters, this was installed on alpine 3.19 using apk add dovecot dovecot 2.3.21

Pigeonhole/Sieve/Extensions/Editheader page

Use global, before.dovecot.sieve

plugin {
sieve_global_extensions = +editheader
}

Option 'auth_ssl_username_from_cert = yes' does nothing in Dovecot. I think this was written in documentation but not implmented.
Like my log:
dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate request [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done [xx.xx.xx.xx]
dovecot: imap-login: Valid certificate: /C=DE/ST=Bavaria/L=Munich/O=Empire of Fun/OU=EoF Community/CN=Empire of Fun Root CA: user=<>, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS handshaking
dovecot: imap-login: Valid certificate: /C=DE/ST=Bavaria/L=Munich/O=Empire of Fun/OU=EoF Community/CN=Empire of Fun Intermediate CA: user=<>, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS handshaking
dovecot: imap-login: Valid certificate: /C=DE/ST=Bavaria/L=Munich/O=Empire of Fun/OU=EoF Community/CN=[email protected]/emailAddress=[email protected]: user=<>, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS handshaking
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS read client certificate [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client certificate [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read certificate verify [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [xx.xx.xx.xx]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [xx.xx.xx.xx]
dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=xx.xx.xx.xx, lip=xx.xx.xx.xx, TLS
---------------------------------------------------------------------^^ No Username (ssl_cert_username_field = commonName)
dovecot: imap-login: Debug: SSL error: Disconnected
dovecot: imap-login: Debug: SSL alert: close notify [xx.xx.xx.xx]

Sorry for offtopic, don't know where to ask it
after updating from ubuntu 18 to 20
started getting this on running golang binary from sieve rules file

Sep 17 08:54:00 lonjemail spamd[3231]: spamd: connection from ::1 [::1]:57844 to port 783, fd 5
Sep 17 08:54:00 lonjemail spamd[3231]: spamd: setuid to Debian-exim succeeded
Sep 17 08:54:00 lonjemail spamd[3231]: spamd: processing message <CANcP0tbws-r=L8KrTug_NKLk0EuPwo1vKotdpV=Pf95Pxusbww@mail.gmail.com> for Debian-exim:114
Sep 17 08:54:00 lonjemail systemd-resolved[527]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Sep 17 08:54:00 lonjemail systemd-resolved[527]: message repeated 8 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Sep 17 08:54:00 lonjemail spamd[3231]: spamd: clean message (1.1/5.0) for Debian-exim:114 in 0.3 seconds, 2760 bytes.
Sep 17 08:54:00 lonjemail spamd[3231]: spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,RDNS_NONE,SPF_HELO_NONE,SPF_PASS scantime=0.3,size=2760,user=Debian-exim,uid=114,required_score=5.0,rhost=::1,raddr=::1,rport=57844,mid=<CANcP0tbws-r=L8KrTug_NKLk0EuPwo1vKotdpV=Pf95Pxusbww@mail.gmail.com>,autolearn=no autolearn_force=no
Sep 17 08:54:00 lonjemail dovecot: lmtp(4254): Connect from local
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: fatal error: failed to reserve page summary memory
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error:
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime stack:
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.throw(0x1a48db5, 0x25)
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/panic.go:1116 +0x72 fp=0x7ffe160d5860 sp=0x7ffe160d5830 pc=0x4ce5d2
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.(*pageAlloc).sysInit(0x232c268)
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/mpagealloc_64bit.go:80 +0x185 fp=0x7ffe160d58f0 sp=0x7ffe160d5860 pc=0x4c4e25
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.(*pageAlloc).init(0x232c268, 0x232c260, 0x25cb8d8)
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/mpagealloc.go:317 +0x75 fp=0x7ffe160d5918 sp=0x7ffe160d58f0 pc=0x4c2815
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.(*mheap).init(0x232c260)
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/mheap.go:743 +0x24b fp=0x7ffe160d5940 sp=0x7ffe160d5918 pc=0x4bf84b
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.mallocinit()
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/malloc.go:480 +0x109 fp=0x7ffe160d5968 sp=0x7ffe160d5940 pc=0x4a4c49
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.schedinit()
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/proc.go:563 +0x65 fp=0x7ffe160d59c0 sp=0x7ffe160d5968 pc=0x4d1f25
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: runtime.rt0_go(0x7ffe160d5ad8, 0x2, 0x7ffe160d5ad8, 0x1813580, 0x7fd3cc8a80b3, 0x7fd3cca6cb80, 0x7ffe160d5ad8, 0x200011c00, 0x501080, 0x1813580, ...)
Sep 17 08:54:00 lonjemail dovecot: lmtp: Error: #011/usr/local/go/src/runtime/asm_amd64.s:214 +0x125 fp=0x7ffe160d59c8 sp=0x7ffe160d59c0 pc=0x5011c5
Sep 17 08:54:00 lonjemail dovecot: lmtp(roman)<4254></X0wOCgkY1+eEAAAgcArzw>: program exec:/usr/lib/dovecot/sieve-execute/smtp (4255): Terminated with non-zero exit code 2
Sep 17 08:54:00 lonjemail dovecot: lmtp(roman)<4254></X0wOCgkY1+eEAAAgcArzw>: sieve: msgid=<CANcP0tbws-r=L8KrTug_NKLk0EuPwo1vKotdpV=Pf95Pxusbww@mail.gmail.com>: stored mail into mailbox 'Unsubscribe.Neighbors'
Sep 17 08:54:00 lonjemail dovecot: lmtp(4254): Disconnect from local: Client has quit the connection (state=READY)
Sep 17 08:55:01 lonjemail CRON[4257]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)

here is sieve rules:

require ["variables", "fileinto", "mailbox", "vnd.dovecot.execute"];
if address :matches "from" "*" { set "from" "${1}"; }

if anyof ( header :contains "subject" "unsubscribe neighbours",
                header :contains "subject" "unsubscribe neighbors") {
  execute "smtp" "-neighbors=${from}";
  fileinto :create "Unsubscribe.Neighbors";
} elsif address :contains "from" ["mailer-daemon", "postmaster", "internet mail delivery"] {
  if header :matches "X-Failed-Recipients" "*" {
    execute "smtp" "-email=${1}";
    fileinto :create "Mail Delivery System";
  } else {
    fileinto :create "Mail Delivery System.Warning";
  }
} else {
  # The rest goes into INBOX
  # default is "implicit keep", we do it explicitly here
  keep;
}

Attempted in /etc/dovecot/conf.d/90-sieve.conf vsz_limit = 256M with no luck
Can somebody help me in fixing it?

These two sections are repeating.

Lua based authentication
When used in authentication, additional module dovecot.auth is added, which contains constants for passdb and userdb.

For details about Dovecot Lua, see Dovecot Lua Support.

When used in authentication, additional module dovecot.auth is added, which contains constants for passdb and userdb.

Dovecot server comes with many configuration files. Unfortunately, current documentation doesn't describe any of them. Practically, it means that I see what I can configure but have no clue how.
Can you please improve the documentation adding to it such important information.
Thank you.