techsupport

2643 readers

20 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Software gore

Recommendations

founded 2 years ago

MODERATORS

GatoB@lemmy.world

[EDIT: ACTUALLY MORE PROBLEMS, MIGHT DELETE AND POST ANOTHER, STILL OF INTEREST] Dovecot/postfix mail addresses being case-sensitive - seemingly even after applying fix for auth_username_format (lemmy.abnormalbeings.space)

submitted 4 hours ago* (last edited 2 hours ago) by AbnormalHumanBeing@lemmy.abnormalbeings.space to c/techsupport@lemmy.world

0 comments fedilink hide all child comments

EDIT: Okay, after some more testing and such, I think something I did yesterday evening in a sleepy stupor must have borked things even more. Now, the mailserver seems to not accept any emails sent to it, but it can still send outbound mails. I will try more stuff today to find out what the hell I managed to mess up yesterday - you are still welcome to give some advice to the original problem, though.

So, this has been a headscratcher for me ever since I began setting up my own Fediverse stuff here. It's on a dedicated Server, running Debian 12. I followed a guide to install and set up a mailserver with dovecot - and it seems to work fine, generally. I can connect to it with Thunderbird, the PeerTube server can connect to it (I still have to update the Lemmy SMTP-config) - but if I try to mail one of my users, the address remains case-sensitive.

So:
Expected behaviour - mails are delivered to both AbnormalHumanDev@abnormalbeings.space, as well as abnormalhumandev@abnormalbeings.space

Actual behaviour - mails to the former result in a "Undelivered Mail returned to sender", with "User doesn't exist" as the server answer, while the latter address works fine.

Dovecot version:
# dovecot --version
2.3.19.1 (9b53102964)

My config file in /etc/dovecot/conf.d/10-auth.conf:

##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = yes

# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth and PAM require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour

# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =

# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm = 

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =

# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu

# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =

# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous

# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30

# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =

# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab = 

# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
#auth_use_winbind = no

# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth

# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs

# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no

# Take the username from client's SSL certificate, using 
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName. 
#auth_ssl_username_from_cert = no

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
#   gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login

##
## Password and user databases
##

#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>

#!include auth-deny.conf.ext
#!include auth-master.conf.ext

!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-static.conf.ext

If needed, I can of course also provide other config files. I haven't found much else as a solution, besides changing the auth_username_format value here, which also seemed intuitive to me.

I have also since tried restarting the service, restarting the server, searching more on Duck Duck Go and only finding the same solution.

Have I maybe accidentally edited a template config file instead of a live one? That was a guess I had, but then I couldn't find much about that when searching for it.

Thanks in advance for your time!

(Also, if anyone knows good guides to get my mailserver compliant with gmail and other big mail services, DKIM and such, that will be my next project)

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here