On Tue, Dec 15, 2009 at 02:11:28PM +0100, Benny Pedersen wrote:
On tir 15 dec 2009 11:41:41 CET, Steffen Kaiser wrote
On Tue, 15 Dec 2009, Antonello Onida wrote:
<error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and grupped by "adm" (chmodded 640).
At first shot (if you would always get the error), I would say, you use system users and those users must not write to the log file.
Add write-permission for all (chmod a+w) or reconfigure Dovecot to let deliver use syslog:
protocol lda { ... # Log to syslog log_path = info_log_path = syslog_facility = mail }
or more simple :)
mkdir -p /var/log/dovecot chown dovecot /var/log/dovecot # chgrp mail /var/log/dovecot configure global dovecot to use logdir as /var/log/dovecot
rule to remember is permissons got the parent permissions, and this is why it fails above
please correct me if i am wrong
I think you might be. The OP has not presented complete information, but my guess is that deliver(1) is being invoked by postfix/local(8), which refuses to run processes as root. Instead, $default_privs (see postconf(5)) is used. root should be aliased to a non-root user.
I'm not clear on why other mail is apparently able to open and write the Dovecot log, but I'm pretty sure that the syslog approach would work. So would a+w, ugly though it is.
I'm not sure about your idea. Yes, *if* deliver runs as dovecot:mail it should work. But lacking information, we don't really know. My advice to OP:
- Check aliases(5), ensure that "root: youruser@localhost" is present. (Also assumes that localhost, localhost.$mydomain are both listed in $mydestination and that "youruser" is a valid system account.)
- Using syslog is a good idea anyway, rather than having each deliver to open, lock, and write the logfile.
If problem persists, complete "postconf -n ; dovecot -n" output and all logging (non-verbose) for a single delivery should be provided, so we don't have to guess.
Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header