Postfix - dovecot-lda -> Permission denied
Wöltje, Marcus
Marcus.Woeltje at neos-it.de
Fri Feb 27 15:16:42 UTC 2015
Hi erveryone!
I'm trying to run Postix and Dovecot on a Mac OS X, but somehow, it doesn't work. I probably messed up the privileges or something else. Hopefully someone of you, can help me figure it out.
So far, Postfix is delivering the mail into ~/Maildir. But as soon as I add the line:
mailbox_command = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda
in /etc/postfix/main.cf
I get the following entry in the mail.log.
Feb 27 16:08:02 Nils-iMac.local local[53237]: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied
Feb 27 16:08:02 Nils-iMac.local postfix/local[53236]: B246837BE40: to=<marc at localhost.local>, orig_to=<marc at localhost>, relay=local, delay=1185, delays=1185/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied )
Here are the rights of dovecot-lda:
-rwxrwx--- 1 root certusers 32144 Dec 5 04:41 /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda
Hope someone has an Idea. :)
Bye,
Marcus
In case you need my doveconf:
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 6
first_valid_uid = 6
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log = *
imap_id_send = "name" * "version" *
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imap_urlauth_submit_user = submit
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ
info_log_path = /Library/Logs/Mail/mail-info.log
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_mailbox_listid_autosave = no
lda_original_recipient_header =
libexec_dir = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot
listen = *, ::
lmtp_address_translate =
lmtp_proxy = no
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = /Library/Logs/Mail/mail-err.log
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
login_trusted_networks =
mail_access_groups = mail
mail_always_cache_fields =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid = certusers
mail_home =
mail_location = maildir:~/Maildir:INBOX=~/Maildir
mail_log_prefix = "%s(pid %p user %u): "
mail_max_bad_commands = 20
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /Applications/Server.app/Contents/ServerRoot/usr/lib/dovecot
mail_plugins = quota zlib acl fts fts_sk
mail_prefetch_count = 0
mail_privileged_group = mail
mail_save_crlf = no
mail_shared_explicit_inbox = no
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid =
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = dotlock fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 200 M
mmap_disable = no
namespace acl-mailboxes {
disabled = no
hidden = no
ignore_on_failure = no
inbox = no
list = children
location = maildir:/Users/%u/Maildir:INDEX=/Users%u/Maildi/shared/%%u
prefix = shared.%%u.
separator = .
subscriptions = no
type = shared
}
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = no
driver =
special_use = \Drafts
}
mailbox Junk {
auto = no
driver =
special_use = \Junk
}
mailbox Sent {
auto = no
driver =
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
driver =
special_use = \Sent
}
mailbox Trash {
auto = no
driver =
special_use = \Trash
}
prefix =
separator =
subscriptions = yes
type = private
}
namespace list-archives {
disabled = no
hidden = no
ignore_on_failure = no
inbox = no
list = children
location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u
prefix = archives.%%u.
separator = .
subscriptions = no
type = shared
}
passdb {
args =
default_fields =
deny = no
driver = od
master = no
override_fields =
pass = no
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
passdb {
args = /Library/Server/Mail/Config/dovecot/submit.passdb
default_fields =
deny = no
driver = passwd-file
master = no
override_fields =
pass = no
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
plugin {
acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300
acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes
fts = sk
quota = maildir:User quota
quota_warning = storage=100%% quota-exceeded %u
sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve
sieve_dir = /Library/Server/Mail/Data/rules/%u
stats_refresh = 30 secs
stats_track_cmds = yes
}
pop3_client_workarounds =
pop3_deleted_flag =
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = %08Xu%08Xv
pop3c_host =
pop3c_master_user =
pop3c_password =
pop3c_port = 110
pop3c_rawlog_dir =
pop3c_ssl = no
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address = postmaster at localhost
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_full_sync_interval = 1 days
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
}
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
}
unix_listener anvil {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups = _keytabusers
group =
idle_kill = 15 mins
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener auth-client {
group =
mode = 0600
user =
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group =
mode = 0666
user = _dovecot
}
unix_listener login/login {
group =
mode = 0666
user =
}
unix_listener token-login/tokenlogin {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = config
unix_listener config {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service dict {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups =
fifo_listener login/proxy-notify {
group =
mode = 00
user =
}
group =
idle_kill = 4294967295 secs
inet_listener {
address =
port = 0
ssl = no
}
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener director-admin {
group =
mode = 0600
user =
}
unix_listener director-userdb {
group =
mode = 0600
user =
}
unix_listener login/director {
group =
mode = 00
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns_client {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dns-client {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener doveadm-server {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
port = 143
ssl = no
}
inet_listener imaps {
address =
port = 993
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 0
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-login {
chroot = token-login
client_limit = 0
drop_priv_before_exec = no
executable = imap-urlauth-login
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
unix_listener imap-urlauth {
group =
mode = 0666
user =
}
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-urlauth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener token-login/imap-urlauth {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap {
chroot =
client_limit = 5
drop_priv_before_exec = no
executable = imap
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 200
process_min_avail = 0
protocol = imap
service_count = 0
type =
unix_listener login/imap {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service indexer-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = indexer-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 10
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer-worker {
group =
mode = 0600
user = $default_internal_user
}
user = _dovecot
vsz_limit = 18446744073709551615 B
}
service indexer {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = indexer
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener ipc {
group =
mode = 0600
user =
}
unix_listener login/ipc-proxy {
group =
mode = 0600
user = $default_login_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener lmtp {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service log {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type = log
unix_listener log-errors {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups =
group =
idle_kill = 0
inet_listener sieve {
address =
port = 4190
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service managesieve {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type =
unix_listener login/sieve {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop3 {
address =
port = 110
ssl = no
}
inet_listener pop3s {
address =
port = 995
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service pop3 {
chroot =
client_limit = 5
drop_priv_before_exec = no
executable = pop3
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 200
process_min_avail = 0
protocol = pop3
service_count = 0
type =
unix_listener login/pop3 {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service quota-exceeded {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener quota-exceeded {
group = mail
mode = 0660
user = _dovecot
}
user = _dovecot
vsz_limit = 18446744073709551615 B
}
service quota-warning {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener quota-warning {
group = mail
mode = 0660
user = _dovecot
}
user = _dovecot
vsz_limit = 18446744073709551615 B
}
service replicator {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = replicator
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replicator-doveadm {
group =
mode = 00
user = $default_internal_user
}
unix_listener replicator {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service ssl-params {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = ssl-params
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = startup
unix_listener login/ssl-params {
group =
mode = 0666
user =
}
unix_listener ssl-params {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0600
user = _dovecot
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
# 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf
# OS: Darwin 14.1.0 x86_64
# NOTE: Send doveconf -n output instead when asking for help.
aps_topic =
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname = $ALL
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login apop digest-md5 gssapi
auth_proxy_self =
auth_realms = LAPPENBUSCH
auth_socket_path = /var/run/dovecot/auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %n
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path = /Library/Logs/Mail/mail-debug.log
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = _dovecot
default_login_user = _dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 6
first_valid_uid = 6
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log = *
More information about the dovecot
mailing list