LDA ignores virtual mailbox settings

Toni Mueller support at oeko.net
Sun Dec 27 22:18:53 EET 2020


Hi Aki,

thanks for your quick response!

On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote:
> > On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote:
> > > > 16:04:16 dovecot: auth: Debug: master in: USER#0111#011user at example.com#011service=lda
> > > > 16:04:16 dovecot: auth: Debug: prefetch(user at example.com): passdb didn't return userdb entries, trying the next userdb
> > > > 16:04:16 dovecot: auth: Debug: sql(user at example.com): SELECT '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as quota_rule FROM virtual_users WHERE email = 'user at example.com' AND status = 'A'
> > > > 16:04:16 dovecot: auth: Debug: userdb out: USER#0111#011user at example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0
> > > > 
> > > > ^^^^^^^^^^^^^^^^^^^^^^
> > > > 
> > > > This shows that the database lookup works. The intended effect should be
> > > > that the message is delivered to
> > > > 
> > > > /path-to-mailboxen/example.com/user/Maidir/new
> > > > 
> > > > 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: setegid(privileged) failed: Operation not permitted
> > > > 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > > 
> > > > ^^^^^^^^^^^^^^^^^^^^^^
> > > > 
> > > > And this shows that dovecot-lda just ignores the result.
> > > > 
> > > > 
> > > > 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > > 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: msgid=<20201226224933.014608 at laptop.example.com>: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=<user at example.com>, orig_to=<userA at example2.com>, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
> > > > 
> > > > 
> > > > In /etc/postfix/master.cf, I have this to call it:
> > > > 
> > > > dovecot   unix  -       n       n       -       -       pipe
> > > >   flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient}
> > > > 
> > > Try adding
> > > 
> > > mail_privileged_group = mail
> > 
> > I am not sure why you recommend this. I never ever want to deliver to
> > /var/mail, and my mailbox directory has group 'mailbox' - hence I have
> > 
> > mail_privileged_group = mailbox
> > 
> > in my configuration.
> > 
> > My question is why this thing wants to deliver to /var/mail, despite
> > having a different location from the userdb, and how I can force it to
> > use the location from the userdb.
> > 
> > 
> > Thanks,
> > Toni
> 
> Sorry, I misread your problem.. 
> 
> can you try checking output of
> 
> `doveadm user <username>`

# doveadm user user at example.com
field	value
uid	12345
gid	12345
home	/path-to-mailboxen/example.com/user
mail	maildir:~/Maildir:INBOX=~/Maildir
quota_rule	*:storage=0

> and 
> 
> `doveadm auth lookup <username>`

# doveadm -v auth lookup user at example.com
passdb: user at example.com
  user      : user at example.com

> Also, including `doveconf -n` would be useful.



# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7 
# Hostname: testvm.example.com
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 0
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time} %{storage_id} %{secured}
disable_plaintext_auth = no
login_access_sockets = tcpwrap
mail_debug = yes
mail_location = maildir:~/Maildir:INBOX=~/Maildir
mail_privileged_group = mailbox
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = maildir:~/Maildir:INBOX=~/Maildir
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  expire = Trash 30 Spam 30
  quota = maildir
  quota_rule = *:storage=50000
  quota_rule2 = Trash:ignore
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_dir = ~/sieve
  trash = /etc/dovecot/dovecot-trash.conf
}
protocols = pop3 imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service tcpwrap {
  unix_listener login/tcpwrap {
    group = $default_login_user
    mode = 0600
    user = $default_login_user
  }
}
ssl = no
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocol lda {
  mail_plugins = autocreate quota mail_log trash virtual notify
}
protocol imap {
  mail_max_userip_connections = 10
  mail_plugins = autocreate quota imap_quota mail_log trash virtual notify
}



Thank you!

-Toni



More information about the dovecot mailing list