I'm running a mail server with CentOS 7 + Exim 4.92 + Dovecot 2.2.36 and RoundCubeMail as web interface, and have the following problem: when I send to or receive from emails which is not admin@ or info@ or dev@ etc. I have the following error:
2020-04-05 05:37:52 H=mail.mydomain.com (IP) [IP] sender verify fail for <bender@mydomain.com>: Unknown user
2020-04-05 05:37:52 H=mail.mydomain.com (IP) [IP] F=<bender@mydomain.com> A=dovecot_login:bender@mydomain.com rejected RCPT <admin@mydomain.com>: Sender verify failed
Here I tried to send an email from bender@mydomain.com to admin@mydomain.com. But if I send an email from admin to info, or from dev to info everything goes well: emails are sent and received, no errors occur.
If I send an email to bender@mydomain.ru then I receive returned message:
Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:bender@mydomain.com
Unknown user Reporting-MTA: dns; mail.mydomain.comAction: failed
Final-Recipient: rfc822;bender@mydomain.com
Status: 5.0.0
All mailboxes was created via VESTA CP and really exist, passwd file locates in /home/user/conf/mail/mydomain.com/ and contains entries like:
bender:{MD5}$1$XXX:user:mail::/home/user:0
Mail server host: mail.mydomain.com
MX entry: mail.mydomain.com
There is authentication via dovecot in the exim config file:
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
Dovecot's 10-auth.conf file contains following entries:
disable_plaintext_auth = no
auth_verbose = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext
Dovecot's auth-passwdfile.conf.ext:
passdb {
driver = passwd-file
args = scheme=MD5-CRYPT username_format=%n /etc/exim/domains/%d/passwd
}
userdb {
driver = passwd-file
args = username_format=%n /etc/exim/domains/%d/passwd
}
/etc/exim/domains/mydomain.com – symlink exactly to /home/user/conf/mail/mydomain.com/
I can successfully login to RoundCube web interface with all these mail accounts.
I spent 3 days trying to find the answer in the Internet and tried to change exim/dovecot config files, but nothing helped. And I'm stuck. I guess that emails like admin/info/dev are some trusted standards, or exist somewhere in the previous passwd file/config file, but I didn't find any on my server, and anyway if I change username or password hash in /home/user/conf/mail/mydomain.com/passwd I even can't login to RoundCubeMail and send an email. I'm new to mail servers so I don't even have an idea where to dig, I tried everything I could with my knowledge.
P.S. exim and dovecot comes with VESTA CP, but I removed and installed them manually because of mysql dependencies of upgrading to latest version.
Best Answer
Your dovecot configuration is configured to use a virtual users database, i.e. your e-mail users are not system users of your server. On the other hand Exim is only configured to deliver mail to local system users.
You need to configure it to use the Dovecot user database (cf. Dovecot documentation). Therefore:
localuser
router,Add a router to check for Dovecot users just after the
localuser
router:Add a
transport
anywhere in the transport section (as described in the aforementioned link):Test the routing configuration with:
Edit: The
lsearch;/etc/exim/domains/${domain}/passwd
requires you to give Exim4 access to the dovecot'spasswd
files. That might be a security risk, since this file contains real passwords. So you can:Comment out the
local_parts
condition. Nopasswd
file access will be required, but your server will accept any username during theSMTP
session and generate a bounce message for the non-existent usernames afterwards. Since mostReturn-Path
addresses in spam messages are spoofed, this will deliver the message to the wrong address.Generate and maintain a second file, which will contain just the usernames of the virtual users:
and give it as argument to
lsearch
.By the way, you should consider changing your password scheme in Dovecot (cf. Dovecot documentation) into something more modern, line SHA512-CRYPT used in the
/etc/shadow
files of modern distributions.