On Thu, 2007-02-08 at 13:53 +0000, Dick Middleton wrote:
Feb 8 13:09:35 deliver(<email-addr>): setgid(5002) failed: Operation not permitted Feb 8 13:09:36 deliver(<email-addr>): setgid(5001) failed: Operation not permitted
Your different users have different GIDs? But do they still have all the same UID? Or do you care about GIDs at all? There are two possibilities:
Make deliver setuid-root so it has permissions to do the setgid() calls (and make sure only Postfix has permissions to start the deliver).
Don't use those GIDs. Make userdb return the same GID as what deliver already runs as.
Feb 8 13:09:36 Devil postfix/pipe[9622]: 5AD5C103C: to=<<email-addr>>, orig_to=<<email-addr>>, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=5.3.0, status=bounced (Command died with status 89: \"/usr/libexec/dovecot/deliver\")
When deliver fails because it can't connect to auth-master socket it returns an undeliverable status which causes postfix to defer delivery. I think it should do the same here.
Yea, it should. This has been in my TODO list for a while. Finally implemented:
http://dovecot.org/list/dovecot-cvs/2007-February/007688.html http://dovecot.org/list/dovecot-cvs/2007-February/007689.html
The real question is how I give deliver the permission to do the setgid? Is it enough to just add user vmail to each of the virtual user groups in /etc/group.
No, Dovecot doesn't care about /etc/group.