[Dovecot] File Permissions and delivery

Patrick Domack patrickdk at patrickdk.com
Sat Aug 27 04:51:36 EEST 2011


Just adding that won't make dovecot use it though, you would have to  
include the postconf -n output. Normally something like  
virtual_transport=dovecot


Quoting Simon Brereton <simon.brereton at buongiorno.com>:

> On 26 August 2011 19:35, Patrick Domack <patrickdk at patrickdk.com> wrote:
>>
>> My guess is your delivering email with postfix to the inbox,  
>> instead of using dovecot-lda. And something odd is going on with  
>> that postfix to get odd permissions like that.
>>
>> You probably needed to edit the postfix virtual deliever transport,  
>> or maybe you just forget to active the dovecot-lda (deliever)  
>> transport.
>
>
> That's why I included the portion from my master.cf
>
>
> The portion of my master.cf
> 81 # SPB - Attempt to deliver with Dovecot LDA
>  82 dovecot   unix  -       n       n       -       -       pipe
>  83   flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f
> ${sender} -d ${user}@${nexthop}
>
> The numbers are just line numbers from vim.  The entry reads like:
>
> # SPB - Attempt to deliver with Dovecot LDA
> dovecot   unix  -       n       n       -       -       pipe
>   flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f
> ${sender} -d ${user}@${nexthop}
>
> malsystem is the user and /usr/lib/dovecot/deliver exists.
>
>
> Simon
>
>
>
>>
>> Quoting Simon Brereton <simon.brereton>:
>>
>>> Hi
>>>
>>> I'm very new to Dovecot (been using Courier for 5 years), but I've  
>>> been persuaded of the merits of Dovecot and since the server needs  
>>> upgrading that seems like the perfect time/excuse.
>>>
>>> On a test server, I set up postfix and installed Dovecot (running  
>>> 32-bit Debian Squeeze, installed from apt-get).  I mirrored the  
>>> mail store (Maildirs, for historical reasons located under  
>>> /var/spool/mail/virtual/domain.com/user).  Then I ran the courier  
>>> migration perl script and everything was fine and dandy.
>>>
>>> However, when I can to do the production migration, things weren't  
>>> as smooth.  The new server is 64-bit (not that I think it makes a  
>>> difference, but if you're going to help me you should have all the  
>>> information :)
>>>
>>> Again, I installed Postfix and Dovecot
>>> Took down the old server
>>> Mirrored the Maildirs
>>> Ran the migration script
>>> Restarted everything
>>>
>>> At this point everything looked like it was ok.  Mail was being  
>>> received and delivered to the Maildirs and the IMAP login was  
>>> fine.  However, I noticed errors in the logs when retreiving mail  
>>> with the MUA along the lines of:
>>>
>>> Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net):  
>>> open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm:  
>>> /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,)
>>>
>>> After messing around with the chown and chmod (even though these  
>>> were exactly the same as the test server) I finally discovered the  
>>> issue.
>>>
>>> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/
>>> -rwxrwx---  1 postfix mailsystem 2.5K Aug 26 03:33  
>>> 1314326000.V801I1666018M803015.mail.net,S=2461:2,
>>> -rwxrwx---  1 postfix mailsystem 2.5K Aug 26 03:36  
>>> 1314326209.V801I1666019M447273.mail.net,S=2460:2,
>>> -rw-rw----  1 postfix mailsystem 2.5K Aug 26 04:00  
>>> 1314327630.V801I166601aM308173.mail.net,S=2477:2,
>>> -rw-------  1 postfix mailsystem 2.5K Aug 26 04:22  
>>> 1314328966.V801I166601bM756462.mail.net,S=2461:2,
>>> -rw-------  1 postfix mailsystem 1.1K Aug 26 16:28  
>>> 1314372534.V801I166601cM615258.mail.net,S=1097:2,
>>> -rw-------  1 postfix mailsystem 1.1K Aug 26 16:31  
>>> 1314372685.V801I166601dM264242.mail.net,S=1097:2,
>>>
>>> Mails are being delivered with 0600 permissions and not 0660 (the  
>>> mails from courier seem to have all been 0770 as you can see).  If  
>>> I manually change the permission (to 0660) then I can see the mail  
>>> in the MUA.
>>>
>>> After thinking for a while it occurred to me that this is covered  
>>> in the LDA section.  But making changes to the config file (either  
>>> permissions or UID/GID) doesn't seem to make a difference.  (Yes,  
>>> I did restart postfix and dovecot after the changes).
>>>
>>> Anyway, here is my dovecot -n:
>>>
>>> mail:~# dovecot -n
>>> # 1.2.15: /etc/dovecot/dovecot.conf
>>> # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3
>>> log_timestamp: %Y-%m-%d %H:%M:%S
>>> protocols: imap imaps pop3 pop3s
>>> ssl_ca_file: /etc/ssl/keys/ca.crt
>>> ssl_cert_file: /etc/ssl/keys/mail.net.crt
>>> ssl_key_file: /etc/ssl/private/mail.net.key
>>> disable_plaintext_auth: no
>>> login_dir: /var/run/dovecot/login
>>> login_executable(default): /usr/lib/dovecot/imap-login
>>> login_executable(imap): /usr/lib/dovecot/imap-login
>>> login_executable(pop3): /usr/lib/dovecot/pop3-login
>>> mail_privileged_group: mailsystem
>>> mail_location: maildir:/var/spool/mail/virtual/%d/%n
>>> maildir_very_dirty_syncs: yes
>>> mbox_write_locks: fcntl dotlock
>>> mail_executable(default): /usr/lib/dovecot/imap
>>> mail_executable(imap): /usr/lib/dovecot/imap
>>> mail_executable(pop3): /usr/lib/dovecot/pop3
>>> mail_plugins(default): quota imap_quota
>>> mail_plugins(imap): quota imap_quota
>>> mail_plugins(pop3): quota
>>> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
>>> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
>>> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
>>> imap_client_workarounds(default): outlook-idle delay-newmail
>>> imap_client_workarounds(imap): outlook-idle delay-newmail
>>> imap_client_workarounds(pop3):
>>> pop3_client_workarounds(default):
>>> pop3_client_workarounds(imap):
>>> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
>>> lda:
>>>  postmaster_address: postmaster at net
>>>  mail_plugins: quota
>>>  log_path:
>>>  info_log_path:
>>>  deliver_log_format: msgid=%m: %f: %$
>>> auth default:
>>>  mechanisms: plain login
>>>  user: mailsystem
>>>  verbose: yes
>>>  passdb:
>>>    driver: sql
>>>    args: /etc/dovecot/dovecot-sql.conf
>>>  userdb:
>>>    driver: prefetch
>>>  userdb:
>>>    driver: static
>>>    args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n  
>>> allow_all_users=yes
>>>  socket:
>>>    type: listen
>>>    client:
>>>      path: /var/spool/postfix/private/auth
>>>      mode: 432
>>>      user: postfix
>>>      group: mailsystem
>>>    master:
>>>      path: /var/run/dovecot/auth-master
>>>      mode: 432
>>>      user: mailsystem
>>>      group: mailsystem
>>> plugin:
>>>  quota: maildir
>>>
>>> As you can see, I tried to go 0660 in both client and master.
>>>
>>> The portion of my master.cf
>>> 81 # SPB - Attempt to deliver with Dovecot LDA
>>>  82 dovecot   unix  -       n       n       -       -       pipe
>>>  83   flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f  
>>> ${sender} -d ${user}@${nexthop}
>>>
>>> Is there anything else I should include?
>>>
>>> I'm pretty sure it's an error on my part.  I'm just not clued up  
>>> enough to know where.
>>>
>>> My second problem is that I thought I had things back to where  
>>> they were before I messed with chown and chmod, but now I get this  
>>> in the logs
>>>
>>> dovecot: dovecot: Fatal:  
>>> chdir(/var/spool/mail/virtual/domain.net/simon//) failed:  
>>> Permission denied (euid=999(mailsystem) egid=115(mailsystem)  
>>> missing +x perm: /var/spool/mail/virtual)
>>>
>>> But the ls on that is exactly the same as on the test server:
>>> ls /var/spool/mail/virtual/
>>> total 44K
>>> drwxrwS--- 11 postfix    mailsystem 4.0K Aug 25 23:07 ./
>>> drwxrwsr-x  5 amavis     mailsystem 4.0K Oct 19  2009 ../
>>> drwxrws---  5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/
>>>
>>> So, now I'm stumped.  I hope someone can spot the simple thing I've missed!
>>>
>>> Thanks.
>>>
>>>
>>> Simon
>>
>>
>>





More information about the dovecot mailing list