Getting dovecot to run on Mojave
I’m using great dovecot as a local email server. By local, I mean it runs on
my laptop and binds to 127.0.0.1
. This way, I have a nice IMAP server
hosting most of my emails (my main account is elsewhere) and acting as an
archive, which I can access with any email client. In no way I’m left locked
into a particular email client or provider.
However, little did I notice (since dovecot is mostly for archiving) that my email clients actually don’t connect to it, after one of the upgrades. To debug, I reached to the command line:
$ telnet localhost 143
Trying ::1...
Connection failed: Connection refused
Trying fe80::1%lo0...
Connection failed: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready.
tag1 login me secret_password
Connection closed by foreign host.
Ok, that was not good. I thought that disable_plaintext_auth
(defaults to
no
) might be at fault, so I changed it in /usr/local/etc/dovecot/local.conf
and restarted dovecot:
sudo brew services restart dovecot
The issue persisted.
Unfortunately, dovecot doesn’t log much by default. To get that working, I just
added log_path=/dev/stderr
to local.conf
and restarted. This time, I got
something in the logs:
Mar 10 23:38:42 imap-login: Info: Login: user=<me>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6331, secured, session=<FK4uVDa9acl/AAAB>
Mar 10 23:38:42 imap(me)<6331><FK4uVDa9acl/AAAB>: Fatal: setgroups(6) failed: Too many extra groups
Indeed:
$ id -G me
20 12 61 79 80 81 98 701 405 702 33 100 204 250 395 398 399
After a bit of duckduckgoing, it turns out that a simple fix is to add this to
local.conf
:
last_valid_gid=100
Restarting poor dovecot for the n+1
-th time and telneting proved that I
can now login and my email client started fetching mailboxes. (Incidentally,
I figured out that the problem is there because filing/moving messages
didn’t work).
For reference, these are the changes I ended up in the local.conf
file:
log_path=/dev/stderr
disable_plaintext_auth=no
# This is really important in order to make it work on Mojave
last_valid_gid=100