1

I've configured Postfix and Dovecot with MySQL and I can successfully send and receive email using Thunderbird (or other applications) but I must configure using manual settings and not with the automatic configuration.

The example below shows trying to add the accounts to Thunderbird using the Automatic configuration. The Username field does not have the domain component as you can see in the image. I created a test user and when I try to connect the Dovecot logs show the mysql lookup only using test rather than the full email address.

Thunderbird Automatic Configuration

I have the dovecot-sql.conf.ext file configured like this

password_query = SELECT username,domain,password FROM mailbox WHERE username='%u';

The dovecot 10-auth.conf file is configured with %u

auth_username_format = %u

Somewhere, the domain is being dropped and I cannot work out where.

The below is an example of the text from the dovecot debug log

Sep 01 20:00:59 auth: Debug: sql(test,[IP Address],<fheTBDemh3aZpZ2C>): Performing passdb lookup
Sep 01 20:00:59 auth-worker(14793): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Sep 01 20:00:59 auth-worker(14793): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Sep 01 20:00:59 auth-worker(14793): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Sep 01 20:00:59 auth-worker(14793): Debug: sqlpool(mysql): Creating new connection
Sep 01 20:00:59 auth-worker(14793): Debug: mysql(localhost): Connecting
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): Server accepted connection (fd=14)
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): Sending version handshake
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): auth-worker<1>: Handling PASSV request
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): auth-worker<1>: sql(test,[IP Address],<fheTBDemh3aZpZ2C>): Performing passdb lookup
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): auth-worker<1>: sql(test,[IP Address],<fheTBDemh3aZpZ2C>): query: SELECT username AS user,password FROM mailbox WHERE username = 'test' AND active$
Sep 01 20:00:59 auth-worker(14793): Debug: mysql(localhost): Finished query 'SELECT username AS user,password FROM mailbox WHERE username = 'test' AND active='1'' in 0 msecs
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): auth-worker<1>: sql(test,[IP Address],<fheTBDemh3aZpZ2C>): Finished passdb lookup
Sep 01 20:00:59 auth-worker(14793): Debug: conn unix:auth-worker (pid=14792,uid=115): auth-worker<1>: Finished: user_unknown
Sep 01 20:00:59 auth: Debug: sql(test,[IP Address],<fheTBDemh3aZpZ2C>): Finished passdb lookup
Sep 01 20:00:59 auth: Debug: auth(test,[IP Address],<fheTBDemh3aZpZ2C>): Auth request finished
Sep 01 20:01:01 auth: Debug: client passdb out: FAIL    1       user=test

You can see where it is performing the lookup without the domain component and as a result it fails. After adding the account manually, you can see in the same debug log where the lookup is performed using the full email address and passes successfully.

anx
  • 8,963
  • 5
  • 24
  • 48
stix
  • 11
  • 2
  • "found by trying common server names" sounds like the client made an educated guess about the domains. But it should have tried to learn the domain names via [rfc6186](https://datatracker.ietf.org/doc/html/rfc6186) and then should have tried the full email first. Have you setup those records? – anx Sep 02 '22 at 06:26

1 Answers1

2

E-mail client auto configuration is a can of worms.

RFC 6186 is/was one attempt to define a set of DNS SRV records that allow a client to look up how and where to connect to but the adaptation seems lacking.

That standard requires:

 IMAP, POP3, and SMTP (submission) servers SHOULD be configured to 
 allow authentication with email addresses or email local-parts.
 In the former case, the email addresses MUST NOT conflict with
 other forms of permitted user login name.

You have done that, so that should be good.

Most email clients do (also) use some other form of auto discovery to derive email client settings from the email address a user enters.

If a user enters first.lastname@example.com, depending on the client those typically involve either:

  • an _autodiscover._tcp.example.com. SRV record such as used by MS Exchange and Outlook

  • an actual host called autoconfig.example.com. with an A record and webservice.

  • a lookup in "central database" with settings from many of the larger ISP's

  • educated guessing

  • When all fails - revert to manual configuration

It seems that for your domain "educated guessing" finds the correct incoming and outgoing mail servers but fails to guess the correct login name format.

As seen in your screenshot Thunderbird uses "test" rather than "test@example.com".

That is the problem you need to solve, there is no misconfiguration in dovecot.

You can get better auto-configuration by setting up an autoconfig.example.com website to provide email clients with the correct settings.

A pretty good write up is found here : https://web.archive.org/web/20210402044628/https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration

HBruijn
  • 77,029
  • 24
  • 135
  • 201