I needed to provide POP3 email service on a CentOS system. The default POP server under Red Hat Enterprise Linux is /usr/lib/cyrus-imapd/pop3d and is provided by the cyrus-imapd package. But that package was not installed on the system. Another IMAP and POP3 package available for CentOS systems is Dovecot, which provies an open source IMAP and POP3 server for Linux/UNIX-like systems. I checked to see if dovecot was installed with
rpm -qi dovecot.
It was. I then checked on whether it was active. It was not.
# chkconfig --list dovecot dovecot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
I turned it on so that it would be operational after the next reboot
with chkconfig dovecot on.
# chkconfig dovecot on [root@frostdragon ~]# chkconfig --list dovecot dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off
I then started the service with service dovecot start.
# service dovecot start Starting Dovecot Imap: [ OK ]
I could then see that the system was listening on the imap, imaps, pop3, and pop3s ports.
# netstat -a | grep imap tcp 0 0 *:imaps *:* LISTEN tcp 0 0 *:imap *:* LISTEN [root@frostdragon archive]# netstat -a | grep pop3 tcp 0 0 *:pop3s *:* LISTEN tcp 0 0 *:pop3 *:* LISTEN
Dovecot can be configured to handle mailboxes for system users, i.e. for accounts on the system or for virtual users. Since the majority of people who would be using the server for email would have no need to log into the system and since I wanted to be able to have john@example.com and john@anotherexample.com, I chose to configure Dovecot for virtual users.
The Dovecot Wiki has this to say about usernames and domains:
Usernames and domains
Dovecot doesn't care much about domains in usernames. IMAP and POP3 protocols currently have no concept of "domain", so the username is just something that shows up in your logs and maybe in some configuration, but they have no direct functionality.
So although Dovecot makes it easier to handle "user@domain" style usernames (eg. %n and %d variables), nothing breaks if you use for example "domain%user" style usernames instead. However some authentication mechanisms do have an explicit support for realms (pretty much the same as domains). If those mechanisms are used, the username is changed to be "user@realm".
And of course there's no need to have domains at all in the usernames.
I followed the instructions in
Simple Virtual
User Installation. I didn't need to create a dovecot user,
since one already existed in /etc/passwd. I did need to create
a vmail user account and group, which is used to access the
mail for all users.
# grep dovecot /etc/passwd dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin # useradd -u 103 -c Dovecot vmail
The above useradd command created the vmail user and group and automatically
created a /home/vmail directory owned by vmail:vmail, under which
the email for all users is stored. [Note: you may want to use
a UID greater than 500 rather than 103 as in the example above to avoid the
problem noted below where the dovecot configuration file by default only
permits a UID greater than 500]
I created /var/log/dovecot.log and
/var/log/dovecot-info.log and changed the owner and group for
those files to vmail.
# touch /var/log/dovecot.log /var/log/dovecot-info.log # chown vmail /var/log/dove*; chgrp vmail /var/log/dove*;
I then edited /etc/dovecot.conf and changed the settings for the
log files.
Original
# Use this logfile instead of syslog(). /dev/stderr can be used if you want to # use stderr for logging (ONLY /dev/stderr - otherwise it is closed). #log_path = # For informational messages, use this logfile instead of the default #info_log_path =
Modified
# Use this logfile instead of syslog(). /dev/stderr can be used if you want to # use stderr for logging (ONLY /dev/stderr - otherwise it is closed). log_path = /var/log/dovecot.log # For informational messages, use this logfile info_log_path = /var/log/dovecot-info.log
The default line in /etc/dovecot.conf for plaintext authentication
is as follows:
#disable_plaintext_auth = no
Since disable_plaintext_auth has a default value of "no", I didn't
have to uncomment that line.
I created a directory for the dovecot password file with
mkdir /etc/dovecot and then set up a password file in
/etc/dovecot/passwd. I changed the protection on the file with
chmod 600 /etc/dovecot/passwd, so that only root would have
access, since I don't want others with accounts on the system to be able to
read the contents of the file. I created entries in the passwd file with
entries like the following:
jdoe@example.com:{PLAIN}HerPasswordI then modified the checkpassword section of /etc/dovecot.conf
Original
# checkpassword executable authentication
# NOTE: You will probably want to use "userdb prefetch" with this.
# http://wiki.dovecot.org/PasswordDatabase/CheckPassword
#passdb checkpassword {
# Path for checkpassword binary
#args =
#}Modified
# passwd-like file with specified location
# http://wiki.dovecot.org/AuthDatabase/PasswdFile
passdb passwd-file {
# Path for passwd-file
args = /etc/dovecot/passwd
}I then restarted dovecot with service dovecot restart. I
then tested dovecot by using telnet to connect to port 110, the pop3
port, on the system. I could connect to port 110, but didn't get any
response to the user and pass commands. I looked in
/var/log/dovecot and saw the following errors recorded:
dovecot: May 04 13:35:26 Error: Temporary failure in creating login processes, slowing down for now dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory dovecot: May 04 13:35:26 Error: imap-login: imap-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory dovecot: May 04 13:35:26 Error: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory dovecot: May 04 13:35:26 Error: child 30454 (login) returned error 127 dovecot: May 04 13:35:26 Error: child 30455 (login) returned error 127
At
Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed
to map segment from shared object: Cannot allocate memory, I found
a suggestion to edit /etc/dovecot.conf and modify the
login_processes_size line so that it is
login_process_size = 64. The writer states on that webpage that
"This error is not related to shared libraries. You need to set maximum
process size in megabytes. If you don't use login_process_per_connection you
might need to grow this."
When I looked in /etc/dovecot.conf, I saw the following line:
#login_process_size = 32
I removed the "#" and changed the line to login_process_size = 64
. I then restarted dovecot with service dovecot restart.
I no longer saw the error messages in the /var/log/dovecot.log
file.
When I again checked email for accounts by using telnet 127.0.0.1
110, I was able to check an account, jsmith, listed in
/etc/passwd, but not the jdoe@example.com account listed in
the /etc/dovecot/passwd file I created.
# telnet 127.0.0.1 110 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. +OK Dovecot ready. user jdoe@example.com +OK pass HerPassword -ERR [IN-USE] Internal login failure. Refer to server log for more information. Connection closed by foreign host. [root@frostdragon log]# telnet 127.0.0.1 110 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. +OK Dovecot ready. user jsmith +OK pass HisPassword +OK Logged in. stat +OK 0 0 quit +OK Logging out. Connection closed by foreign host.
When I looked in /etc/dovecot.conf, I saw dovecot:
May 04 14:03:20 Error: auth(default):
userdb(jdoe@example.com,::ffff:127.0.0.1): user not found from userdb.
I then realized I also needed to modify the "userdb static" section of
/etc/dovecot.conf. I made the following changes:
Original
# static settings generated from template
# http://wiki.dovecot.org/UserDatabase/Static
#userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#
#args =
#}Modified
# static settings generated from template
# http://wiki.dovecot.org/UserDatabase/Static
userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#
args = uid=vmail gid=vmail home=/home/vmail/%u
}I then restarted dovecot with service dovecot restart. But
I still couldn't check email for the virtual user account jdoe@example.com.
In the /var/log/dovecot.log file, I saw dovecot:
May 04 14:34:19 Error: Logins with UID 103 (user jdoe@example.com) not
permitted (see first_valid_uid in config file)
When I checkd the /etc/dovecot.conf, I found the following:
# Valid UID range for users, defaults to 500 and above. This is mostly # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. #first_valid_uid = 500 #last_valid_uid = 0
I then realized, since I created the vmail account with a UID of 103,
that the dovecot configuration file was preventing a login for it, because
it was less than 500. I could have changed the first_valid_uid
value in dovecot.conf, but I decided to delete the vmail account and its
associated home directory and then recreate it with a UID greater than 500.
I then restarted dovecot
# userdel vmail # rm -rf /home/vmail # useradd -u 502 -c "Dovecot Virtual Users" vmail # service dovecot restart
I was then able to check email for both user accounts on the system and
virtual user accounts. I saw that dovecot created a
/home/vmail/jdoe@example.com directory under
/home/vmail.
At this point, though I could login to the POP3 port, port 110, and get dovecot to accept the userid and password for a virtual user, sendmail would return a "user unknow" message, if I tried to send email to a virtual user, because sendmail knew nothing about the dovecot virtual users. So using the instructions in Dovecot LDA with Sendmail as a starting point, I took the steps below.
I created the file /usr/share/sendmail-cf/mailer/dovecot.m4 and
put the lines below in it:
######################*****##############
### DOVECOT Mailer specification ###
##################*****##################
Mdovecot, P=/usr/local/libexec/dovecot/deliver, F=DFMPhnu9,
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
T=DNS/RFC822/X-Unix,
A=deliver -d $uIn /etc/mail/sendmail.mc, I had the following two lines:
MAILER(smtp)dnl MAILER(procmail)dnl
I added MAILER(dovecot)dnl after those two lines.
I then regenerated the sendmail.cf file using the m4 command.
# m4 /etc/mail/sendmail.mc > /etc/mailsendmail.cf
Unfortunately, that did not resolve the issue with virtual users. I still haven't been able to get that working.
References:
-
Chapter 23. Email
CentOS -
Basic Configuration
Dovecot Wiki -
Virtual Users
Dovecot Wiki -
Simple Virtual User Installation
Dovecot Wiki -
Passwd-file
Dovecot Wiki -
Redhat Dovecot error while loading shared libraries: libsepol.so.1: failed to
map segment from shared object: Cannot allocate memory
nixCraft Insight Into Linux Admin Work -
Dovecot LDA with Sendmail
Dovecot Wiki
