Message: 7 Date: Tue, 15 Jan 2008 00:21:02 +0100 From: Andreas Ntaflos daff@pseudoterminal.org Subject: [Dovecot] deliver can't connect to auth server at */usr/local*/var/run/dovecot/auth-master To: dovecot@dovecot.org Message-ID: 200801150021.02689.daff@pseudoterminal.org Content-Type: text/plain; charset="us-ascii"
Hello list,
while fiddling around with the configuration so Dovecot's LDA
"deliver" can be used by multiple users by means of Getmail (you can read about that
in [1]) I always end up running into the error message posted in the subject
line:Jan 15 00:00:02 HOSTNAME deliver(USERID): Can't connect to auth server at /usr/local/var/run/dovecot/auth-master: Permission denied
Notice how it says "/usr/local/var/run/dovecot"! How and why does
dovecot ^^^^^^^^^^ think that anything of any importance can be found under /usr/local/ var/... ? Please see dovecot -n at the end of this message, but as far as I
can tell Imaster: path: /var/run/dovecot/auth-master mode: 432 user: root group: dovecot
Andreas "daff" Ntaflos Vienna, Austria
For the quick answer to your immediate problem / question, try:
cd /path/to/dovecot's/deliver (probably /usr/local/libexec/dovecot/ )
chmod u+s deliver
(enable the setuid bit for the deliver app). Your Getmail app may not
be truly running as root and thus does not really have permission to
do what you want.
you may need to do the same for the group as well
Unix permissions are weird sometimes, like a $100 television tube that
protects a 50 cent fuse by blowing first.
It does look like (from your use of /usr/local/*****) you built
dovecot to run out of /usr/local.
One last thing, as a security idea, try something like
master {
path = /usr/local/var/run/dovecot/auth-master
mode = 0600
user = dovecot_user
group = dovecot_group
}and set your postfix line that calls deliver to match:
dovecot unix - n n - - pipe flags=DRhu user=dovecot_user:dovecot_group argv=/usr/local/libexec/dovecot/ deliver -f ${sender} -d ${recipient}
(try to have dovecot run as an unprivileged user as much as you can)