Ubuntu
dovecot package

mail-stack-delivery does not install postfix->dovecot sasl authentication with dovecot 2.x

Bug #874135 reported by James Page
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
dovecot (Ubuntu)
Fix Released
High
James Page
Oneiric
Fix Released
High
James Page
Ubuntu oneiric-updates
Precise
Fix Released
High
James Page

Bug Description

SRU Information:

IMPACT: Attempting to send email to postfix using STARTTLS connections against the default mail-stack-delivery package fails as dovecot has not created a sasl authentication socket for postfix to communicate over.

FIX: Add updated configuration to 01-mail-stack-delivery.conf (see original bug report) for dovecot to ensure that supported auth mechanisms are enabled and the socket for postfix is created.

TEST CASE:
1) Install mail-stack-delivery on a fresh server install
  - Access Internet site option and ensure server is configured with a FQDN

2) Restart dovecot carefully i.e. stop dovecot; pause; start dovecot (bug 873390)

3) Configure a mail client (i.e. thunderbird) with an account on the mail server:
  - Ensure outgoing mail configuration uses STARTTLS with a valid username/password on the mail server
  - Ensure inbound server configuration uses IMAP with SSL/TLS with a valid username/password
  - Accept certificates (they are self signed)

4) Send an email to the account on the mail server using the mail server:
  - Send will fail with the following error in /var/log/mail.log
Oct 14 13:58:14 mercury postfix/smtpd[11876]: warning: SASL: Connect to private/dovecot-auth failed: No such file or directory
Oct 14 13:58:14 mercury postfix/smtpd[11876]: fatal: no SASL authentication mechanisms
Oct 14 13:58:15 mercury postfix/master[11834]: warning: process /usr/lib/postfix/smtpd pid 11876 exit status 1
Oct 14 13:58:15 mercury postfix/master[11834]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

With the fix in place the mail is sent successfully and should appear in the associated inbox.

REGRESSION POTENTIAL: Limited - this function is already broken in oneiric and the change is relatively isolated.

----

The mail-stack-delivery package includes a dovecot auth file - 01-mail-stack-delivery.auth.

This is installed to /etc/dovecot/auth.d; however

1) dovecot 2.x by default does not try_include files in this directory
2) the auth configuration does not work with dovecot 2.x

I think the auth configuration can now be included in 01-mail-stack-delivery.conf as detailed below:

# Authentication configuration
auth_mechanisms = plain login

service auth {
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/dovecot-auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

With the package in its current state postfix cannot SASL authenticate against dovecot.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: mail-stack-delivery 1:2.0.13-1ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-12.20-server 3.0.4
Uname: Linux 3.0.0-12-server x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Fri Oct 14 13:10:50 2011
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_GB:
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: dovecot
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
James Page (james-page) wrote :
James Page (james-page)
Changed in dovecot (Ubuntu):
importance: Undecided → High
assignee: nobody → James Page (james-page)
James Page (james-page)
description: updated
Changed in dovecot (Ubuntu):
status: New → In Progress
Revision history for this message
James Page (james-page) wrote :

Fixed packaged uploaded to oneiric-proposed.

description: updated
Changed in dovecot (Ubuntu Oneiric):
milestone: none → oneiric-updates
importance: Undecided → High
James Page (james-page)
Changed in dovecot (Ubuntu Oneiric):
assignee: nobody → James Page (james-page)
status: New → In Progress
Changed in dovecot (Ubuntu Precise):
status: In Progress → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dovecot (Ubuntu):
status: New → Confirmed
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Hello James, or anyone else affected,

Accepted dovecot into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in dovecot (Ubuntu Oneiric):
status: In Progress → Fix Committed
tags: added: verification-needed
James Page (james-page)
Changed in dovecot (Ubuntu Precise):
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.0.15-1ubuntu1

---------------
dovecot (1:2.0.15-1ubuntu1) precise; urgency=low

  * Merge from Debian Testing, remaining changes:
    + Add mail-stack-delivery package:
      - Update d/rules
      - d/control: convert existing dovecot-postfix package to a dummy
        package and add new mail-stack-delivery package.
      - Update maintainer scripts.
      - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
      - d/mail-stack-delivery.preinst: Move previously installed backups and
        config files to a new package namespace.
      - d/mail-stack-delivery.prerm: Added to handle downgrades.
    + Use Snakeoil SSL certificates by default:
      - d/control: Depend on ssl-cert.
      - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
    + Add autopkgtest to debian/tests/*.
    + Add ufw integration:
      - d/dovecot-core.ufw.profile: new ufw profile.
      - d/rules: install profile in dovecot-core.
      - d/control: dovecot-core - suggest ufw.
    + d/{control,rules}: enable PIE hardening.
    + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
    + Add apport hook:
      - d/rules, d/source_dovecot.py
    + Add upstart job:
      - d/rules, d/dovecot-core.dovecot.upstart, d/control,
        d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
        d/dovecot-pop3d.{postinst, postrm, prerm}.
        d/mail-stack-deliver.postinst:
        Convert init script to upstart.
  * d/01-mail-stack-delivery.conf: Add postfix->dovecot auth listener
    to mail-stack-delivery configuration (LP: #874135).
  * d/mail-stack-delivery.{postinst,postrm}: Restart dovecot to pickup/drop
    mail-stack-delivery configuration (LP: #870244).
  * d/control: Added Pre-Depends: dpkg (>= 1.15.6) to dovecot-dbg to support
    xz compression in Ubuntu.
  * d/control: Demote dovecot-common Recommends: to Suggests: to prevent
    install of extra packages on upgrade.
 -- James Page <email address hidden> Wed, 19 Oct 2011 15:54:40 +0100

Changed in dovecot (Ubuntu Precise):
status: In Progress → Fix Released
Revision history for this message
James Page (james-page) wrote :

Any chance anyone could pickup the verification of this fix on oneiric? Don't like to check my own work when it comes to SRU's.

Revision history for this message
albatros (jda) wrote :

The version in oneiric-proposed appears to be working perfectly for me.

I reported the issue in october on IRC, thanks for fixing it so quickly! I had been using my own patch in the meantime, so that's what kept me from testing your patch.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.0.13-1ubuntu3.1

---------------
dovecot (1:2.0.13-1ubuntu3.1) oneiric-proposed; urgency=low

  * Fix postfix->dovecot SASL authentication with dovecot 2.x (LP: #874135):
    - d/01-mail-stack-delivery.conf: Include revised authentication
      configuration for dovecot 2.x.
    - d/01-mail-stack-delivery.auth: Dropped - no longer required.
    - d/rules: Updated to remove 01-mail-stack-delivery.auth.
 -- James Page <email address hidden> Fri, 14 Oct 2011 13:16:53 +0100

Changed in dovecot (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.