[Dovecot] auth-master: Permission denied [sigh]

James Butler jbutler at thebestdefense.com
Tue Apr 14 23:05:34 EEST 2009 

Here is everything I could think of that might pertain to this, as
currently configured on my dedicated server. It's all fresh! :)

## SYSTEM ##

Fedora 10
Postfix 2.55
Dovecot 1.2.rc2
Spamassassin 3.2.5

SELinux (no SELinux restrictions. Testing done with SELinux=permissive.)
SASLAuthd (not required for local delivery)

## dovecot -n ##

# 1.2.rc2: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.27.15-170.2.24.fc10.i686 i686 Fedora rel 10 (Cambridge)
protocols: imaps
listen: *:993
ssl_cert_file: /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file: /etc/pki/dovecot/private/dovecot.pem
login_dir: /usr/local/var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
first_valid_gid: 0
mail_location: maildir:~/Maildir
auth default:
  passdb:
    driver: pam
  userdb:
    driver: passwd


## /usr/local/etc/dovecot.conf ##

socket listen {
 master {
  path = /var/run/dovecot/auth-master
  mode = 0666
  # user =
  group = dovecot
 }
 client {
  path = /var/run/dovecot/auth-client
  mode = 0666
  # user =
  group = dovecot
 }
}


## POSTFIX CONFIG ##

/etc/postfix/main.cf:

mailbox_transport = spamassassin

/etc/postfix/master.cf:

spamassassin unix - n n - - pipe
  user=spam:dovecot argv=/usr/bin/spamc -f -e
  /usr/libexec/dovecot/deliver  -f ${sender} -d ${user} -m ${extension}


## PERMISSIONS / OWNERSHIP ##

/usr/local/libexec/dovecot:

-rwxr-xr-x 1 root root     197513 2009-04-03 13:52 checkpassword-reply
-rwxr-xr-x 1 root dovecot 4044835 2009-04-14 13:52 deliver
-rwxr-xr-x 1 root root    1044608 2009-04-03 13:52 dovecot-auth

/var/run:

drwxrwxrwx 3 root dovecot    4096 2009-04-14 12:07 dovecot

/var/run/dovecot:

drwxr-x--- 2 root dovecot    4096 2009-04-09 06:56 login

/usr/bin/spamassassin:

-rwxr-xr-x 1 root root      27023 2008-09-04 14:51 spamassassin

/home/user:

drwx------ 4 user dovecot    4096 2009-04-14 12:00 user


## 'ps aux' OUTPUT (trimmed) ##

root Ss 11:14 0:02 /usr/local/sbin/dovecot
root S  12:07 0:00 dovecot-auth
root S  12:07 0:00 dovecot-auth -w
root Ss 11:14 0:31 /usr/bin/spamd -d -c -m5 -H --username spam -r \
 /var/run/spamd.pid
spam S  11:14 0:27 spamd child
spam S  11:14 0:08 spamd child

## 'ps aux | grep deliver' numerous times until I caught one: ##

postfix S  12:47 0:00 pipe -n spamassassin -t unix user=spam:dovecot \
 argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender} \
 -d ${user} -m ${extension}
spam    Ss 12:47 0:00 /usr/bin/spamc -f -e /usr/libexec/dovecot/deliver \
 -f sender at example.com -d user -m


## /var/log/maillog OUTPUT ##

Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: connect from \
 IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: C7FB9FA00FA: \
 client=IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:15 ltfs450 postfix/cleanup[23177]: C7FB9FA00FA: \
 message-id=<49E4EA41.6020908 at example-send.com>
Apr 14 14:53:15 ltfs450 postfix/qmgr[23171]: C7FB9FA00FA: \
 from=<sender at example-send.com>, size=2215, nrcpt=1 (queue active)
Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: disconnect from \
 IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:16 ltfs450 spamd[4121]: spamd: connection from \
 localhost.localdomain [127.0.0.1] at port 50035
Apr 14 14:53:16 ltfs450 spamd[4121]: spamd: processing message \
 <49E4EA41.6020908 at example-send.com> for spam:653
Apr 14 14:53:20 ltfs450 spamd[4121]: spamd: clean message (2.2/5.0) \
 for spam:653 in 4.7 seconds, 2167 bytes.
Apr 14 14:53:21 ltfs450 spamd[4121]: spamd: result: . 2 - \
 AWL,RDNS_DYNAMIC,TVD_SPACE_RATIO scantime=4.7,size=2167,user=spam,\
 uid=653,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,\
 rport=50035,mid=<49E4EA41.6020908 at example-send.com>,autolearn=no
Apr 14 14:53:21 ltfs450 deliver(user): Can't connect to auth server \
 at /var/run/dovecot/auth-master: Permission denied
Apr 14 14:53:21 ltfs450 postfix/pipe[23179]: C7FB9FA00FA: \
 to=<user at example-receive.com>, relay=spamassassin, delay=5.2, \
 delays=0.01/0.01/0/5.2, dsn=4.3.0, status=deferred (temporary failure)
Apr 14 14:53:21 ltfs450 spamd[4119]: prefork: child states: II

More information about the dovecot mailing list