Exim Dovecot Email Error – Fix ‘Unknown User’ Issue

centosdovecoteximsmtpvestacp

I'm running a mail server with CentOS 7 + Exim 4.92 + Dovecot 2.2.36 and RoundCubeMail as web interface, and have the following problem: when I send to or receive from emails which is not admin@ or info@ or dev@ etc. I have the following error:

2020-04-05 05:37:52 H=mail.mydomain.com (IP) [IP] sender verify fail for <bender@mydomain.com>: Unknown user
2020-04-05 05:37:52 H=mail.mydomain.com (IP) [IP] F=<bender@mydomain.com> A=dovecot_login:bender@mydomain.com rejected RCPT <admin@mydomain.com>: Sender verify failed

Here I tried to send an email from bender@mydomain.com to admin@mydomain.com. But if I send an email from admin to info, or from dev to info everything goes well: emails are sent and received, no errors occur.

If I send an email to bender@mydomain.ru then I receive returned message:

Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:

bender@mydomain.com
Unknown user Reporting-MTA: dns; mail.mydomain.com

Action: failed

Final-Recipient: rfc822;bender@mydomain.com

Status: 5.0.0

All mailboxes was created via VESTA CP and really exist, passwd file locates in /home/user/conf/mail/mydomain.com/ and contains entries like:

bender:{MD5}$1$XXX:user:mail::/home/user:0

Mail server host: mail.mydomain.com

MX entry: mail.mydomain.com

There is authentication via dovecot in the exim config file:

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1

Dovecot's 10-auth.conf file contains following entries:

disable_plaintext_auth = no
auth_verbose = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext

Dovecot's auth-passwdfile.conf.ext:

passdb {
  driver = passwd-file
  args = scheme=MD5-CRYPT username_format=%n /etc/exim/domains/%d/passwd
}

userdb {
  driver = passwd-file
  args = username_format=%n /etc/exim/domains/%d/passwd
}

/etc/exim/domains/mydomain.com – symlink exactly to /home/user/conf/mail/mydomain.com/

I can successfully login to RoundCube web interface with all these mail accounts.

I spent 3 days trying to find the answer in the Internet and tried to change exim/dovecot config files, but nothing helped. And I'm stuck. I guess that emails like admin/info/dev are some trusted standards, or exist somewhere in the previous passwd file/config file, but I didn't find any on my server, and anyway if I change username or password hash in /home/user/conf/mail/mydomain.com/passwd I even can't login to RoundCubeMail and send an email. I'm new to mail servers so I don't even have an idea where to dig, I tried everything I could with my knowledge.

P.S. exim and dovecot comes with VESTA CP, but I removed and installed them manually because of mysql dependencies of upgrading to latest version.

Best Answer

Your dovecot configuration is configured to use a virtual users database, i.e. your e-mail users are not system users of your server. On the other hand Exim is only configured to deliver mail to local system users.

You need to configure it to use the Dovecot user database (cf. Dovecot documentation). Therefore:

Comment out your localuser router,

Add a router to check for Dovecot users just after the localuser router:

dovecot_local_users:
    driver = accept
    domains = +local_domains
    # Requires fixing permission, so that Exim can read it
    local_parts = lsearch;/etc/exim/domains/${domain}/passwd
    transport = dovecot_delivery

Add a transport anywhere in the transport section (as described in the aforementioned link):

dovecot_delivery:
    driver = pipe
    # The path to the dovecot-lda binary may differ on your system
    command = /usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address
    message_prefix =
    message_suffix =
    log_output
    delivery_date_add
    envelope_to_add
    return_path_add
    # Set the appropriate user and group, which your mailboxes use.
    #user =
    #group = mail
    #mode = 0660
    temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

Test the routing configuration with:
```
/usr/sbin/exim4 -bt address_to_test
```

Edit: The lsearch;/etc/exim/domains/${domain}/passwd requires you to give Exim4 access to the dovecot's passwd files. That might be a security risk, since this file contains real passwords. So you can:

Comment out the local_parts condition. No passwd file access will be required, but your server will accept any username during the SMTP session and generate a bounce message for the non-existent usernames afterwards. Since most Return-Path addresses in spam messages are spoofed, this will deliver the message to the wrong address.
Generate and maintain a second file, which will contain just the usernames of the virtual users:
```
user1:
user2:
user3:
```
and give it as argument to lsearch.

By the way, you should consider changing your password scheme in Dovecot (cf. Dovecot documentation) into something more modern, line SHA512-CRYPT used in the /etc/shadow files of modern distributions.

Related Solutions

Unable to receive any emails using postfix, dovecot, thesql, and virtual domain/mailboxes

Postfix is going to run /usr/lib/dovecot/deliver to deliver mail, and it seems that deliver is failing because it can't write to /var/log/mail-dovecot.log. I'm not sure what user it's running as, but I'd guess postfix, so try making mail-dovecot.log writable by the postfix user.

Email – Fixing SPF Failures for Gmail Due to Client IP

Disclaimer: This answer was speculation one until GMail person confirmed it.

Looks like it's GMail mishandle your fetched email here. Some peoples also report similar case with yours in here, here or here

The problem is: GMail also deploying SPF measure when scanning email after fetching it via POP3.

Normally SPF-checking take place in SMTP transaction by checking the domain parts of sender address and client IP address. But in POP3, GMail has to parsing header and find the last Received header.

Received: from nat10.net08-g2.* ([*.160.100.10] helo=[11.0.0.22])
    by mail.example.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
    (Exim 4.83)
    (envelope-from <ldev@example.com>)
    id 1YOOXn-0005j5-Tm
    for zbyszek@example.com; Thu, 19 Feb 2015 11:41:20 +0100

This is original email that fetched from your server. It states that your email accepts email from *.160.100.10 with sender ldev@example.com. In this stage Gmail pretends as your server and checks domain parts of sender address (example.com) and client IP address (*.160.100.10). The result was expected:

SPF softfail because domain of ldev@example.com does not designate *.160.100.10 as permitted sender

For workaround, you can set Gmail filters to never mark your email as Spam.

Best Answer

Related Solutions

Unable to receive any emails using postfix, dovecot, thesql, and virtual domain/mailboxes

Email – Fixing SPF Failures for Gmail Due to Client IP

Related Topic