I found and tried this work around on the man page: https://www.unix.com/man-page/all/5/ngroups_max/ but I still get the same "Too many extra groups" error even when I start dovecot with the above program to limit the # of groups. I suspect that dovecot is adding a number of groups when it starts up.

I've hacked a work around to get it working for me on my laptop:

diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c

@@ -224,7 +224,12 @@ static void fix_groups_list(const struct restrict_access_settings *set,
 
-    if (setgroups(gid_count, gid_list) < 0) {

+    if (setgroups(gid_count > NGROUPS_MAX ? 16 : gid_count, gid_list) < 0) {
         if (errno == EINVAL) {
             i_fatal("setgroups(%s) failed: Too many extra groups",
                 set->extra_groups == NULL ? "" :

and this works.

I'm not sure what the right solution is for a PR. Any suggestions?

Thanks

Mike



On 8/10/18 11:04, Aki Tuomi wrote:
Is the user member of mail group?



---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Mike Makuch <1mikemakuch@gmail.com>
Date: 10/08/2018 19:02 (GMT+02:00)
To: Aki Tuomi <aki.tuomi@dovecot.fi>
Cc: dovecot@dovecot.org
Subject: Re: dying on osx

Maybe an old problem that has resurfaced???

https://bugzilla.samba.org/show_bug.cgi?id=8773

Mike



On 8/10/18 10:54, Aki Tuomi wrote:
I have to see if this is reproducible outside mac. 



---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Mike Makuch <1mikemakuch@gmail.com>
Date: 10/08/2018 18:46 (GMT+02:00)
To: Aki Tuomi <aki.tuomi@dovecot.fi>
Subject: Re: dying on osx

I did find that page and tried a few things there. My config has all of
the settings there except 3:

mail_access_groups = mail
mbox_read_locks = fcntl
mbox_write_locks = fcntl

I add them to my config, restart and get the same abort

20180810-103849 imap(mkm)<79213><MkA5ihZzmdh/AAAB>: Fatal:
setgroups(mail,505) failed: Too many extra groups

I've tried numerous other settings as well.

Thanks for any further advice

Mike


On 8/10/18 08:45, Aki Tuomi wrote:
> Can you try this config and report back?
>
> https://superuser.com/questions/957272/dotlock-permissions-problems-with-dovecot-and-os-x-10-10-3
>
> Aki
>
>> On 10 August 2018 at 16:39 Mike Makuch <1mikemakuch@gmail.com> wrote:
>>
>>
>> OSX 10.13.6 High Sierra, dovecot 2.3.2.1
>>
>> dovecot starts up and runs but dies as soon as my mail client makes a
>> request with log and config below.
>>
>> And advice appreciated.
>>
>> Thanks
>>
>> Mike
>>
>>
>>
>> 20180810-083730 auth: Debug: auth client connected (pid=77432)
>>
>> 20180810-083730 auth: Debug: client in: AUTH    1    PLAIN
>> service=imap    secured    session=xo1p2BRzZNd/AAAB lip=127.0.0.1
>> rip=127.0.0.1    lport=143    rport=55140
>> 20180810-083730 auth: Debug: client passdb out: CONT    1
>> 20180810-083730 auth: Debug: client in: CONT    1 AG1rbQBta20xMjM=
>> (previous base64 data may contain sensitive data)
>> 20180810-083730 auth: Debug: static(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>):
>> lookup
>> 20180810-083730 auth: Debug: client passdb out: OK    1 user=mkm
>> host=localhost    nopasswd=y
>> 20180810-083730 auth: Debug: master in: REQUEST    4201906177 77432
>> 1    b8126b4b71be2959fc7716888eccc566 session_pid=77433
>> request_auth_token
>> 20180810-083730 auth-worker(77426): Debug:
>> passwd(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>): lookup
>> 20180810-083730 auth: Debug: master userdb out: USER 4201906177
>> mkm    system_groups_user=mkm    uid=503 gid=20    home=/Users/mkm
>> auth_token=4d2bb44168df3d63e4e1bb352e59de632bc7da49
>> 20180810-083730 imap-login: Info: Login: user=<mkm>, method=PLAIN,
>> rip=127.0.0.1, lip=127.0.0.1, mpid=77433, secured,
>> session=<xo1p2BRzZNd/AAAB>
>> 20180810-083730 imap(mkm)<77433><xo1p2BRzZNd/AAAB>: Fatal:
>> setgroups(505) failed: Too many extra groups
>>
>> # doveconf -n
>> # 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
>> # OS: Darwin 17.7.0 x86_64
>> # Hostname: pine
>> auth_debug = yes
>> auth_debug_passwords = yes
>> default_internal_user = _dovecot
>> default_login_user = _dovenull
>> disable_plaintext_auth = no
>> listen = 127.0.0.1
>> log_path = /var/log/dovecot
>> log_timestamp = "%Y%m%d-%H%M%S "
>> mail_debug = yes
>> mail_gid = staff
>> mail_location = mbox:~/Mail:INBOX=/var/mail/%u
>> mail_privileged_group = mail
>> mail_uid = _dovecot
>> passdb {
>>     args = password=*** host=localhost nopasswd=y
>>     driver = static
>> }
>> passdb {
>>     args = login
>>     driver = pam
>> }
>> protocols = imap
>> service auth {
>>     user = root
>> }
>> service imap-login {
>>     inet_listener imap {
>>       address = *
>>       port = 143
>>     }
>> }
>> ssl = no
>> userdb {
>>     driver = passwd
>> }
>>
>>