17 Feb
2026
17 Feb
'26
5:26 p.m.
This looks more like syntax error than permission error.
Aki
On 17/02/2026 17:19 EET Markus Schoenhaber via dovecot
<[1]dovecot@dovecot.org> wrote:
Hi,
I'm trying to make Postfix hand incoming mail to Dovecot by using
Dovecot's deliver. But this fails with a permission error:
Feb 17 15:50:12 debian13-cont postfix/pipe[13133]: 171C17206:
to=<[2]recipient@dest.examle.org>, relay=dovecot, delay=0.17,
delays=0.1/0/0/0.07, dsn=5.3.0, status=bounced (Command died with
status 89: "/usr/lib/dovecot/deliver". Command output: doveconf:
Fatal: Error in configuration file /etc/dovecot/certs.conf line 3:
key_file: open(/etc/ssl/private/ssl-cert-snakeoil.key) failed:
Permission denied )
How can I solve this (short of making the private key file world
readable, of course)?
Regards
mks
I have this in Postfix' master.cf:
dovecot unix - n n - - pipe
flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f
${sender} -a ${recipient} -d ${user}@${domain}
# LANG=C id vmail
uid=501(vmail) gid=501(vmail) groups=501(vmail),104(ssl-cert)
# LANG=C ls -l /etc/ssl/private/
total 4
-rw-r----- 1 root ssl-cert 1704 Feb 4 17:15 ssl-cert-snakeoil.key
# doveconf -n
# 2.4.2-2+debian13 (0962ed2104): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.2-2+debian13 (767418c3)
# OS: Linux 6.19.0-2-MANJARO x86_64 Debian 13.3 btrfs
# Hostname: debian13-cont
dovecot_config_version = 2.4.2
dovecot_storage_version = 2.4.2
log_debug = category=sql
mail_driver = sdbox
mail_gid = vmail
mail_home = /var/spool/vmail/home/%{user | domain}/%{user | username}
mail_path = /var/spool/vmail/mail/%{user | domain}/%{user | username}
mail_plugins {
quota = yes
}
mail_uid = vmail
protocols = imap lmtp sieve
sql_driver = mysql
mysql localhost {
dbname = postfixadmin
password = # hidden, use -P to show it
user = postfixadmin
}
passdb sql {
query = SELECT 'vmail' AS userdb_uid, 'vmail' AS userdb_gid,
CONCAT('/var/spool/vmail/home/', maildir) AS userdb_home, CONCAT(quota,
'B') AS userdb_quota_storage_size, username AS user, password FROM
mailbox WHERE username = '%{user}' AND active = '1';
}
userdb prefetch {
}
userdb sql {
iterate_query = SELECT username AS user FROM mailbox WHERE active = '1';
query = SELECT 'vmail' AS uid, 'vmail' AS gid,
CONCAT('/var/spool/vmail/home/', maildir) AS home, CONCAT(quota, 'B') AS
quota_storage_size, username AS user, password FROM mailbox WHERE
username = '%{user}' AND active = '1';
}
namespace inbox {
inbox = yes
separator = /
mailbox Drafts {
special_use = "\\Drafts"
}
mailbox Entwuerfe {
special_use = "\\Drafts"
}
mailbox Junk {
special_use = "\\Junk"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox "Geloeschte Objekte" {
special_use = "\\Trash"
}
mailbox Sent {
special_use = "\\Sent"
}
mailbox "Gesendete Objekte" {
special_use = "\\Sent"
}
}
service auth {
inet_listener tcp_auth {
port = 12345
}
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service auth-worker {
}
ssl_server {
cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
key_file = /etc/ssl/private/ssl-cert-snakeoil.key
}
protocol imap {
mail_plugins {
imap_quota = yes
}
}
quota "User quota" {
}
dict_server {
dict mysql {
driver = sql
sql_driver = mysql
dict_map priv/quota/messages {
sql_table = quota
username_field = username
dict_map_value_field messages {
}
}
dict_map priv/quota/storage {
sql_table = quota
username_field = username
dict_map_value_field bytes {
}
}
}
}
quota_clone {
dict proxy {
name = mysql
}
}
_______________________________________________
dovecot mailing list -- [3]dovecot@dovecot.org
To unsubscribe send an email to [4]dovecot-leave@dovecot.orgReferences
Visible links
- mailto:dovecot@dovecot.org
- mailto:recipient@dest.examle.org
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org