-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug report: setup script alway fail with "setup email list" related on the user name #4011
Comments
Please note that this response was created using generative AI, leveraging previously available information from the repository. This information may be helpful. However, it is our strong recommendation that you carefully consider the information before blindly applying it. It appears that the issue you're encountering with the To troubleshoot this issue, you can try the following steps:
If you need specific guidance on how to access or modify the script functions, or if you need help with enabling detailed logging, please let me know! This comment was generated by Glime. |
Something wrong.
|
$ docker run --rm -itd --hostname mail.example.test --name dms mailserver/docker-mailserver
# You have 120 sec to provision `/tmp/docker-mailserver/postfix-accounts.cf` with a user:
$ docker exec -it dms bash
$ setup email add j5@example.com x
$ setup email add j5v@example.com x
$ setup email list
* j5@example.com ( 0 / ~ ) [0%]
* j5v@example.com ( 0 / ~ ) [0%] No problem it's working fine 👍
This error though when running Basically |
Thanks. I still have problem. Please do not close. I'm thinking I got this problem. https://serverfault.com/questions/260488/dovecot-user-lookup-fails-when-using-usernamedomain-format |
At least I can reproduce this problem even after 2 seconds have passed. In my case, half of days are passed. |
You misread. Every 2 seconds the file is checked for new accounts, if there is any it will trigger the Dovecot update which takes longer. If you add an account, and this check happens, then you add another account after the check, while Dovecot is being updated, this process will start again to update Dovecot. You need adequate time to pass but it should work once Dovecot UserDB is updated.
$ doveadm user j5v@example.com
field value
uid 5000
gid 5000
home /var/mail/example.com/j5v/home
mail maildir:/var/mail/example.com/j5v I cannot reproduce with the basic instructions I provided. Likely your problem is you did not wait long enough before running the command. |
@polarathene At least, half of days are passed after my "setup email add" command. I have hidden my domain name for security reasons, but it seems that this problem related on the domain name or hash value of userdb. |
I could reproduce this with
|
Just look at the commands I gave you please. Run them yourself with any adjustments. You can change the hostname to whatever you're using, and create accounts for whatever mail address you like. This runs perfectly fine locally to test and prove you can reproduce the problem. If you are concerned about privacy, try reproduce with some domain that is not yours, like I have done with UPDATE:
Reproduced, thank you. $ docker run --rm -it --hostname mail.example.test --name dms mailserver/docker-mailserver
$ docker exec -it dms bash -c 'setup email add j5F@example.com x && sleep 10 && setup email list'
doveadm(j5F@example.com): Error: User doesn't exist
[ ERROR ] Supplied non-number argument '' to '_bytes_to_human_readable_size()'
[ ERROR ] Aborting
[ ERROR ] Supplied non-number argument '' to '_bytes_to_human_readable_size()'
[ ERROR ] Aborting
* j5F@example.com ( / ) [%] This is due to uppercase usage in the email address, which AFAIK is being normalized to lowercase somewhere in DMS, but configuration in both EDIT: Here we go, the default is using the
Interestingly no one has reported this thus far, so not many have been attempting to use upper-case letters in their email addresses. Personally it should remain lowercased like this which avoids any deployments that automate user account creation where allowing mixed casing would allow a fake account to exist with any uppercase letter to get mail instead (and various other UX issues). We already prevent creating another account like this via docker-mailserver/target/scripts/helpers/database/manage/postfix-accounts.sh Lines 19 to 20 in 016d6b5
docker-mailserver/target/scripts/helpers/database/manage/postfix-accounts.sh Lines 72 to 77 in 016d6b5
docker-mailserver/target/scripts/helpers/database/db.sh Lines 126 to 135 in 016d6b5
But we don't normalize to lowercase, which affects the files and mailbox location mentioned. We probably should resolve this by normalizing to lowercase on account creation instead, especially since we know that there's already this issue with Dovecot not acknowledging such accounts it would be less invasive. Do you have a specific need for uppercase mail addresses? Or is normalizing to lowercase acceptable? |
There is no strong need for me. I was experimenting with the WordPress email post-submission feature. In doing so, WordPress recommends including a random string of characters as part of the email address so that it cannot be submitted by anyone else. |
👍
I'm not familiar with the advice there, but I do want to point out that by default I can only imagine that the advice from WP is to prevent guessing common usernames easily to try various passwords with 🤷♂️
For high entropy password, look at this site, by selecting 48-bit, here is a passphrase example generated "detailed snail summons slim lab coat" (yes that's a very secure password!). This would at a minimum take 6 years to attack due to the hashing involved for someone with a fairly decent GPU. They can speed that up with more compute but that's still quite expensive (and as a remote login attack there is notable latency involved to the point it's irrelevant), plus with Fail2Ban active any remote login attack should quickly be blocked. If you do want to restrict who can submit mail with your sender addresses, you can use |
The WordPress email post-submission feature does not authenticate. Just simple. Everything is published once the email arrives at that email address. So the email address must be strongly secret. |
DMS won't allow that?
You can relax this of course with Or I've misunderstood, this isn't about WP sending mail through DMS, just reading mail DMS has already received via IMAP/POP3, in which case I understand now 👍
The issue was re-opened, with plans to instead normalize to lowercase on account creation for the next release. That should remove any UX issues, thus no warning needed :) |
The write of the article write and submit the text of the article to a specific (veriy secret) e-mail address. |
For this then, keep in mind that you'll have only lowercase letters (due to planned normalization with DMS) and numbers, 36 values (aka base 36). To avoid malicious abuse from guessing this by sending mail to many addresses, you would want this suffix to have plenty of entropy. The same advice for the passphrase would work here (eg: The equivalent with base 36 is roughly 47-bit (
Hope that helps translate the WP advice to adjust for security equivalence in DMS 👍 |
FYI: This is now a blocker for v14.0.0 - I thought it'd be good to resolve this before we release v14.0.0. |
I will have a look at this later today, just FYI. |
📝 Preliminary Checks
👀 What Happened?
I don't make sure this is really related on the username but:
j5 is ok
but j5v is not ok
👟 Reproduction Steps
No response
🐋 DMS Version
v13.3.1
💻 Operating System and Architecture
Linux docker-mailserver-7b4bd5cdf9-n5vk9 5.15.0-205.149.5.1.el8uek.x86_64 #2 SMP Fri Apr 5 12:44:45 PDT 2024 x86_64 GNU/Linux
⚙️ Container configuration files
I guess this is not a bug related on configuration file but if you want, I'll put my configuretion file here.
📜 Relevant log output
Improvements to this form?
No response
The text was updated successfully, but these errors were encountered: