Authlib (opens new window) is used by Maildrop to resolve email addresses to physical user accounts. Authlib depends upon PostgreSQL.
# User lookup
authtest performs a lookup request using
Authlib, which is used for last-mile delivery by Maildrop.
authtest cannot test expansion of aliases, but can test delivery to physical users.
Consider a mail routing arrange like this:
authtest will work for the first two lookups, but not last.
authtest firstname.lastname@example.org # Authentication succeeded. # Authenticated: email@example.com (uid 21015, gid 1000) # Home Directory: /home/bar/ # Maildir: Mail/ # Quota: (none) #Encrypted Password: (none) #Cleartext Password: (none) # Options: (none)
getent can be used to resolve the group ID ("gid") to its site storage.
getent group 1000 # Reports # admin2:x:1000:
Now we know this delivers to the user bar under site2.
Log may be examined using
journalctl -u courier-authlib or looking for
authdaemond lines in
# s_connect() deferments
Consider a situation in which mail cannot deliver.
Dec 23 14:34:19 delia postfix/pipe: 5CA13C0F12: to=<firstname.lastname@example.org>, relay=vmaildrop, delay=0.09, delays=0.06/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Connection refused /usr/bin/maildrop: Temporary authentication failure. )
This indicates a communication problem with Authlib. maildrop connects to
/var/spool/authdaemon/socket.tmp, which queries PostgreSQL for the auth data as in User lookup. Communication can fail when authlib processes are maxed out. Default value is 2. This can be raised to a higher value using
cpcmd scope:set cp.bootstrapper courier_workers 5 upcp -sb mail/configure-courier-authlib
# Temporary authentication failure deferments
Deferments of this type can occur when database credentials are invalid. Run
upcp -sb mail/configure-courier-authlib in Bootstrapper to correct credentials.