Thank you very much for your quick response. Problem solved (see below for details).
On 2013-05-08, at 6:47 PM, Ben Morrow ben@morrow.me.uk wrote:
At 12AM +0000 on 9/05/13 you (Earles, Jill) wrote:
I've been pouring over the documentation for dovecot, but can't find a solution to this problem. I recently took over administration of the dovecot email service at the University where I work, and things were going smoothly. We've been creating email accounts for use with JIRA, a bug reporting/tracking system, and one day recently, when I tried to add a new account to JIRA, I got this error returned from dovecot:
"AuthenticationFailedException: [IN-USE] Couldn't open INBOX: Permission denied"
This is not a dovecot message: presumably it's from JIRA?
You're right, that is how JIRA translated the message it got from dovecot. The message I found in the dovecot log was very similar.
I got help from Atlassian, the creators of JIRA, and they sent me links to some forum posts that said that changing the permissions of that user's /var/mail/ directory to 0600 would solve the problem. I changed that and no longer got the error.
You say '/var/mail directory' but your dovecot.conf suggests you mean a file in /var/spool/mail. You need to be clear about which you mean.
Sorry about that. There is a symlink between the two. Yes, I changed it on /var/spool/mail.
Dovecot changes down to the user's uid to access the mail folders, so assuming the owners are correct either 0600 or 0660 should be fine. (Which you choose depends on how paranoid you are about users reading each others' mail, and what the group ownership is.
Being satisfied that this was a solution, I created a bunch of new email accounts today to replace exchange accounts, and then changed the permissions on all the /var/mail/ directories to 0600. Now I'm getting that error again, even for pre-existing email addresses, including the one that I had previously fixed by changing the permissions the same way. I tried changing some of the older accounts back to 0660, which is what they had before, and I still get the error even after restarting dovecot. [...] # dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux Server release 6.4 (Santiago) auth_debug = yes auth_debug_passwords = yes
Careful with this. You end up with passwords in the logs.
I'll get rid of this - was just grasping at straws trying to find a solution.
[...]
Here's an except of the maillog from a recent attempt: [...]
May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error: stat(/var/spool/mail/lib.sysadmin) failed: Permission denied
This is interesting: normally stat only fails if the permissions on the directory (that is, /var/spool/mail itself) are wrong. Check you haven't changed them by mistake.
Yes, that was it. Thank you! Do you know what the permissions should be on that directory? I used 0770 for now, but could change it if that's not ideal.
So glad it was a simple thing after all. And, as stupid as I feel for doing this, it's a much better feeling than having taken down the mail server and not knowing how to fix it.
May 8 17:46:50 moose dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip removed}#011lport=110#011rport=64420#011resp=XXXXXXXXXXXXXXXXXXXX
See? You've just posted the password for 'bvauw.relais'. Change it, now.
Damn, and there I was thinking I'd been careful about removing the sensitive stuff. It's been changed.
Ben
Thank you again. Have a great day.
Jill