# Dovecot userdb failed: Internal failure



## Mayhem30 (Apr 1, 2015)

I'm attempting to secure mail/dovecot by adding the 'allow_nets' option in the MySQL password query. When I do so, I can check mail just fine.

However, any mail that is sent to the mailbox fails with:

```
Apr 1 09:38:59 localhost dovecot: deliver(brian@*****.com): userdb lookup(brian@*****.com) failed: Internal failure
```
My dovecot-mysql.conf file contains :

```
connect = host=localhost dbname=*** user=*** password=***
default_pass_scheme = CRYPT
password_query = SELECT password, allow_nets FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 5003 AS uid, 5003 AS gid FROM mailbox WHERE username = '%u'
```
If I remove the 'allow_nets' from the password_query, everything works fine again.

In the MySQL DB, the 'allow_nets' field contains:

```
127.0.0.1,Postfix IP,My IPaddress
```
Any ideas what I'm doing wrong? I know it's mostly working - as if I change my IP address to something different, my mail client returns "bad password" like the docs says it should.


----------



## junovitch@ (Apr 8, 2015)

Not a mail/dovecot user, but by any chance is anything here jailed?  The 127.0.0.1 for an ACL won't work out in that case.


----------



## Mayhem30 (Apr 8, 2015)

No, I don't use Jails on my system.


----------



## Mayhem30 (Apr 8, 2015)

I forgot to mention, I did upgrade to Dovecot 2.2.16 and now receive this error message when adding "allow_nets" to the "password_query" :

```
dovecot: lda(brian@*****.com): Error: user brian@*****.com: Auth USER lookup failed
```
Here is my Dovecot config file :

```
auth_mechanisms = plain digest-md5 login
first_valid_gid = 5000
first_valid_uid = 5000
info_log_path = /dev/null
listen = 127.0.0.1
mail_location = maildir:/opt/virtual/%d/%n
mmap_disable = yes
passdb {
args = /dovecot/dovecot-mysql.conf
driver = sql
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-master {
group = virtual
mode = 0600
user = virtual
}
}
service imap-login {
chroot = login
inet_listener imaps {
address = 12.34.56.78
}
process_min_avail = 1
service_count = 0
user = dovecot
vsz_limit = 64 M
}
service imap {
drop_priv_before_exec = yes
vsz_limit = 768 M
}
service pop3-login {
chroot = login
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
address = 12.34.56.78
}
process_min_avail = 1
service_count = 0
user = dovecot
vsz_limit = 64 M
}
service pop3 {
drop_priv_before_exec = yes
vsz_limit = 768 M
}
ssl_cert = </etc/ssl/cert.crt
ssl_key = </etc/ssl/key.key
userdb {
args = uid=5003 gid=5003 home=/var/virtual/%d/%n
driver = static
}
verbose_proctitle = yes
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
hostname = example.com
postmaster_address = postmaster@example.com
sendmail_path = /usr/sbin/sendmail
}
```


----------

