I set up a virtual mail server for postfix + dovecot with SASL, TLS.

Reception of letters does not work, folders in vmail with a domain and name are not created, and when you try to connect a pop3 server to the gmail face, it gives an error:

 Сервер отказал в доступе по протоколу POP3 для данного имени пользователя и пароля. Ошибка сервера: "[SYS/TEMP] Internal error occurred. Refer to server log for more information."

At the same time in /var/log/mail.err

 dovecot: doveconf: Fatal: execvp(/usr/lib/dovecot/managesieve) failed: Argument list too long dovecot: config: Error: managesieve-login: dump-capability process returned 89

But I don’t understand what to do with managesieve and how to debug it? The managesieve and managesieve-login files in /usr/lib/dovecot are present, but what they lack is not clear to me. Tell me where to dig and what could be wrong here?

doveconf -nP

 # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) doveconf: Fatal: execvp(/usr/lib/dovecot/managesieve) failed: Argument list too long doveconf: Error: managesieve-login: dump-capability process returned 89 # OS: Linux 4.8.13-1-default x86_64 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.log mail_debug = yes mail_gid = vmail mail_home = /var/lib/vmail/%d/%n mail_location = maildir:~/Maildir mail_uid = vmail mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=ssha512 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_ca = </etc/path/to/ca.crt ssl_cert = </etc/path/to/cert.crt ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_client_ca_dir = /etc/ssl/certs ssl_client_ca_file = </etc/ssl/ca-bundle.pem ssl_dh_parameters_length = 2048 ssl_key = </etc/path/to/key.key ssl_options = no_compression ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } verbose_ssl = yes
  • Firstly, information about postfix is ​​not needed and only “litters the air”. After all, maa (mail access agent) does not work for you, and not mta (mail transfer agent). - aleksandr barakin
  • secondly you have a maa complaining about problems with managesieve. probably there is a dog and is buried - aleksandr barakin
  • Understood with postfix logs and now in /var/log/mail.err 2016-12-20T14: 51: 05.307787 + 02: 00 ilya dovecot: doveconf: Fatal: execvp (/ usr / lib / dovecot / managesieve) failed: Argument list too long 2016-12-20T14: 51: 05.313636 + 02: 00 ilya dovecot: config: Error: managesieve-login: dump-capability process returned 89 But I don’t understand what it is and how to debug it. - Ilya Indigo
  • 1. I repeat once again: you should not understand mta (for which you use the postfix program), but with maa (for which you use the dovecot program). 2. I repeat: all the information about mta from the question can be safely removed - postfix has nothing to do with the error described. 3. The information provided in the commentary is already contained in your question. 4. For more information, see the maa log. - aleksandr barakin
  • Well, for starters, I would, at your place, eliminate all references to certificates and encryption from the maa configuration. and would test not with third-party servers, it is not known how to work, but with the help of mua (or, in extreme cases, telnet). - aleksandr barakin

1 answer 1

And it was in this line.

 ssl_client_ca_file = </etc/ssl/ca-bundle.pem

More precisely, in the line symbol of the < left angle bracket at the beginning of the path, because of which, in the logs, the devil wrote that he knows even remotely unrelated to SSL. In this case, the certificates in the ssl_key ssl_cert ssl_ca indicated for some reason with it, and it is this certificate ssl_client_ca_file indicated without it in the ssl_client_ca_file option. At the same time, doveconf does not detect any syntax error, and the arrows translate into managesieve which is not involved at all here.

https://dovecot.org/list/dovecot/2016-December/106549.html