[Dovecot] spamc can't seem to call /usr/lib/dovecot/deliver
Bill Shirley
Bill at KnoxvilleChristian.org
Wed Oct 24 04:32:59 EEST 2012
On 10/23/2012 9:06 PM, Bill Shirley wrote:
>
> On 10/23/2012 4:52 PM, Troy Vitullo wrote:
>> Hi,
>>
>> My server uses a system comprised of postfix, dovecot and dspam to
>> filter and deliver mail.
>>
>> Postfix used the following flags in calling spamc and dovecot:
>>
>> flags=DRhu user=dovecot:secmail argv=/usr/bin/spamc -u ${recipient}
>> -e /usr/lib/dovecot/deliver -d ${recipient}
>>
>> after an upgrade from Debian lenny to squeeze we were able to get
>> everything working except spam filtering. Spamassassin is able to
>> judge whether the mail coming in is spam but everything stops there.
>>
>> In mail.err I see:
>>
>> pamc[3608]: exec failed: Permission denied
>>
>> spamc shows the same thing in syslog:
>>
>> exec failed: Permission denied
>>
>> postfix delays the email:
>>
>> postfix/pipe[3607]: 50DEFF180EE: to=<[mail]>, relay=dovecot,
>> delay=1.7, delays=0.07/0.01/0/1.6, dsn=4.3.0, status=deferred (system
>> resource problem)
>>
>> Here are the permissions for deliver:
>>
>> -rwsr-x--- 1 root dovecot 865084 May 25 2011 /usr/lib/dovecot/deliver
>>
>> Here are the relevant groups:
>>
>> s1:~# grep dovecot /etc/group
>> secmail:x:119:postfix,spamd,dovecot
>> dovecot:x:111:
>>
>> here's the dovecot user:
>> s1:~# grep dovecot /etc/passwd
>> dovecot:x:108:111:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
>>
>> here's dovecot -n:
>>
>> # 1.2.15: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.26-2-686 i686 Debian 6.0.6
>> base_dir: /var/run/dovecot/
>> protocols: imap imaps pop3s pop3
>> ssl_cert_file: /etc/ssl/certs/s1.troyvit.com.cert
>> ssl_key_file: /etc/ssl/private/s1.troyvit.com.key
>> ssl_cipher_list: ALL:!LOW
>> disable_plaintext_auth: no
>> verbose_ssl: yes
>> login_dir: /var/run/dovecot/login
>> login_executable(default): /usr/lib/dovecot/imap-login
>> login_executable(imap): /usr/lib/dovecot/imap-login
>> login_executable(pop3): /usr/lib/dovecot/pop3-login
>> mail_location: maildir:%h/Maildir/
>> mbox_write_locks: fcntl dotlock
>> mail_executable(default): /usr/lib/dovecot/imap
>> mail_executable(imap): /usr/lib/dovecot/imap
>> mail_executable(pop3): /usr/lib/dovecot/pop3
>> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
>> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
>> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
>> pop3_enable_last(default): no
>> pop3_enable_last(imap): no
>> pop3_enable_last(pop3): yes
>> pop3_client_workarounds(default):
>> pop3_client_workarounds(imap):
>> pop3_client_workarounds(pop3): outlook-no-nuls, oe-ns-eoh
>> pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
>> pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
>> pop3_logout_format(pop3): top=%t/%T, retr=%r/%R, del=%d/%m, size=%s
>> namespace:
>> type: private
>> separator: /
>> inbox: yes
>> list: yes
>> subscriptions: yes
>> lda:
>> postmaster_address: postmaster at sphere.local
>> auth_socket_path: /var/run/dovecot/auth-master
>> mail_plugin_dir: /usr/lib/dovecot/modules/lda/
>> mail_plugins: sieve
>> auth default:
>> mechanisms: plain login
>> verbose: yes
>> debug: yes
>> debug_passwords: yes
>> passdb:
>> driver: pam
>> args: dovecot
>> passdb:
>> driver: sql
>> args: /etc/dovecot/dovecot-sql.conf
>> userdb:
>> driver: passwd
>> userdb:
>> driver: sql
>> args: /etc/dovecot/dovecot-sql.conf
>> socket:
>> type: listen
>> client:
>> path: /var/spool/postfix/private/auth
>> mode: 432
>> user: postfix
>> group: postfix
>> master:
>> path: /var/run/dovecot/auth-master
>> mode: 438
>> user: dovecot
>> plugin:
>> sieve_global_path: /etc/dovecot/default.sieve
>> sieve: /srv/%d/mail/%n/%n.sieve
>>
>> Many thanks in advance for any advice you can give.
>>
>> Troy
>
> What is your mailbox_command in main.cf? I just use:
> mailbox_command = /usr/bin/spamc -u "$USER" -e
> /usr/lib64/dovecot/deliver -a "$RECIPIENT" -f "$SENDER" -m "$EXTENSION"
>
> I don't need anything in master.cf. But you should be using -u
> ${user} for spamc.
>
> Bill
>
Forgot to ask, are you using Spamassassin's per-user configs? If you're
not, that probably is your problem. It's probably trying to update
bayes tokens and it doesn't have permission.
I use per-user configs which are nice. One man's spam is another man's
ham. Plus each user can have his/her own whitelist.
I use these spamd args: -d -c -m10 --user-config
You usually can find the args in /etc/sysconfig.
Bill
More information about the dovecot
mailing list