mail-stack-delivery does not install postfix->dovecot sasl authentication with dovecot 2.x

Bug #874135 reported by James Page on 2011-10-14
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
dovecot (Ubuntu)
High
James Page
Oneiric
High
James Page
Precise
High
James Page

Bug Description

SRU Information:

IMPACT: Attempting to send email to postfix using STARTTLS connections against the default mail-stack-delivery package fails as dovecot has not created a sasl authentication socket for postfix to communicate over.

FIX: Add updated configuration to 01-mail-stack-delivery.conf (see original bug report) for dovecot to ensure that supported auth mechanisms are enabled and the socket for postfix is created.

TEST CASE:
1) Install mail-stack-delivery on a fresh server install
  - Access Internet site option and ensure server is configured with a FQDN

2) Restart dovecot carefully i.e. stop dovecot; pause; start dovecot (bug 873390)

3) Configure a mail client (i.e. thunderbird) with an account on the mail server:
  - Ensure outgoing mail configuration uses STARTTLS with a valid username/password on the mail server
  - Ensure inbound server configuration uses IMAP with SSL/TLS with a valid username/password
  - Accept certificates (they are self signed)

4) Send an email to the account on the mail server using the mail server:
  - Send will fail with the following error in /var/log/mail.log
Oct 14 13:58:14 mercury postfix/smtpd[11876]: warning: SASL: Connect to private/dovecot-auth failed: No such file or directory
Oct 14 13:58:14 mercury postfix/smtpd[11876]: fatal: no SASL authentication mechanisms
Oct 14 13:58:15 mercury postfix/master[11834]: warning: process /usr/lib/postfix/smtpd pid 11876 exit status 1
Oct 14 13:58:15 mercury postfix/master[11834]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

With the fix in place the mail is sent successfully and should appear in the associated inbox.

REGRESSION POTENTIAL: Limited - this function is already broken in oneiric and the change is relatively isolated.

----

The mail-stack-delivery package includes a dovecot auth file - 01-mail-stack-delivery.auth.

This is installed to /etc/dovecot/auth.d; however

1) dovecot 2.x by default does not try_include files in this directory
2) the auth configuration does not work with dovecot 2.x

I think the auth configuration can now be included in 01-mail-stack-delivery.conf as detailed below:

# Authentication configuration
auth_mechanisms = plain login

service auth {
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/dovecot-auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

With the package in its current state postfix cannot SASL authenticate against dovecot.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: mail-stack-delivery 1:2.0.13-1ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-12.20-server 3.0.4
Uname: Linux 3.0.0-12-server x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Fri Oct 14 13:10:50 2011
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_GB:
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: dovecot
UpgradeStatus: No upgrade log present (probably fresh install)

James Page (james-page) wrote :
James Page (james-page) on 2011-10-14
Changed in dovecot (Ubuntu):
importance: Undecided → High
assignee: nobody → James Page (james-page)
James Page (james-page) on 2011-10-14
description: updated
Changed in dovecot (Ubuntu):
status: New → In Progress
James Page (james-page) wrote :

Fixed packaged uploaded to oneiric-proposed.

description: updated
Changed in dovecot (Ubuntu Oneiric):
milestone: none → oneiric-updates
importance: Undecided → High
James Page (james-page) on 2011-10-14
Changed in dovecot (Ubuntu Oneiric):
assignee: nobody → James Page (james-page)
status: New → In Progress
Changed in dovecot (Ubuntu Precise):
status: In Progress → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dovecot (Ubuntu):
status: New → Confirmed

Hello James, or anyone else affected,

Accepted dovecot into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in dovecot (Ubuntu Oneiric):
status: In Progress → Fix Committed
tags: added: verification-needed
James Page (james-page) on 2011-10-19
Changed in dovecot (Ubuntu Precise):
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.0.15-1ubuntu1

---------------
dovecot (1:2.0.15-1ubuntu1) precise; urgency=low

  * Merge from Debian Testing, remaining changes:
    + Add mail-stack-delivery package:
      - Update d/rules
      - d/control: convert existing dovecot-postfix package to a dummy
        package and add new mail-stack-delivery package.
      - Update maintainer scripts.
      - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.*
      - d/mail-stack-delivery.preinst: Move previously installed backups and
        config files to a new package namespace.
      - d/mail-stack-delivery.prerm: Added to handle downgrades.
    + Use Snakeoil SSL certificates by default:
      - d/control: Depend on ssl-cert.
      - d/dovecot-core.postinst: Relax grep for SSL_* a bit.
    + Add autopkgtest to debian/tests/*.
    + Add ufw integration:
      - d/dovecot-core.ufw.profile: new ufw profile.
      - d/rules: install profile in dovecot-core.
      - d/control: dovecot-core - suggest ufw.
    + d/{control,rules}: enable PIE hardening.
    + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core
    + Add apport hook:
      - d/rules, d/source_dovecot.py
    + Add upstart job:
      - d/rules, d/dovecot-core.dovecot.upstart, d/control,
        d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm},
        d/dovecot-pop3d.{postinst, postrm, prerm}.
        d/mail-stack-deliver.postinst:
        Convert init script to upstart.
  * d/01-mail-stack-delivery.conf: Add postfix->dovecot auth listener
    to mail-stack-delivery configuration (LP: #874135).
  * d/mail-stack-delivery.{postinst,postrm}: Restart dovecot to pickup/drop
    mail-stack-delivery configuration (LP: #870244).
  * d/control: Added Pre-Depends: dpkg (>= 1.15.6) to dovecot-dbg to support
    xz compression in Ubuntu.
  * d/control: Demote dovecot-common Recommends: to Suggests: to prevent
    install of extra packages on upgrade.
 -- James Page <email address hidden> Wed, 19 Oct 2011 15:54:40 +0100

Changed in dovecot (Ubuntu Precise):
status: In Progress → Fix Released
James Page (james-page) wrote :

Any chance anyone could pickup the verification of this fix on oneiric? Don't like to check my own work when it comes to SRU's.

albatros (jda) wrote :

The version in oneiric-proposed appears to be working perfectly for me.

I reported the issue in october on IRC, thanks for fixing it so quickly! I had been using my own patch in the meantime, so that's what kept me from testing your patch.

Martin Pitt (pitti) on 2011-11-22
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dovecot - 1:2.0.13-1ubuntu3.1

---------------
dovecot (1:2.0.13-1ubuntu3.1) oneiric-proposed; urgency=low

  * Fix postfix->dovecot SASL authentication with dovecot 2.x (LP: #874135):
    - d/01-mail-stack-delivery.conf: Include revised authentication
      configuration for dovecot 2.x.
    - d/01-mail-stack-delivery.auth: Dropped - no longer required.
    - d/rules: Updated to remove 01-mail-stack-delivery.auth.
 -- James Page <email address hidden> Fri, 14 Oct 2011 13:16:53 +0100

Changed in dovecot (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers