[Dovecot] Deliver EX_TEMPFAIL's without giving any information
Denis Khromov
dgk at tcde.ru
Tue Dec 29 11:04:15 EET 2009
Hi all.
I've had a hard time trying to find out why deliver isn't working
after I've updated dovecot from v1.11 to v1.2.8. It just gave me
EX_TEMPFAIL without any info in the logs. My deliver was setuid-root.
Once I've made a simple shell wrapper script for the deliver
executable which saves deliver's stdout+stderr, I've found the reason:
/usr/local/libexec/dovecot/deliver must not be both world-executable
and setuid-root. This allows root exploits. See
http://wiki.dovecot.org/LDA#multipleuids
Did a 'chmod o-x deliver' and fixed groups/owners and now everything
works as it should.
I think this error message should go to log files, not just to
stdout/stderr. And it's worth to describe this behaviour in the Wiki.
Cheers,
Denis
More information about the dovecot
mailing list