[Dovecot] LDA/Postfix with quotas and without LMTP
Timo Sirainen
tss at iki.fi
Tue Oct 18 17:52:35 EEST 2011
On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote:
> dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied
>
>
> Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want.
>
> So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work?
>
> Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue?
The possibilities are:
a) Start dovecot-lda so that the process belongs to extra group (e.g.
dovecot) and make the socket rw for that group. I don't know if Postfix
can do this for system users..
b) Use filesystem setgid bit for dovecot-lda
c) Run via sudo
The b) and c) are explained in wiki in the "multiple UIDs" section
(although for setuid-root rather than setgid-dovecot).
More information about the dovecot
mailing list