Hi,

I'm trying to make Postfix hand incoming mail to Dovecot by using Dovecot's deliver. But this fails with a permission error:

Feb 17 15:50:12 debian13-cont postfix/pipe[13133]: 171C17206: to=<recipient@dest.examle.org>, relay=dovecot, delay=0.17, delays=0.1/0/0/0.07, dsn=5.3.0, status=bounced (Command died with status 89: "/usr/lib/dovecot/deliver". Command output: doveconf: Fatal: Error in configuration file /etc/dovecot/certs.conf line 3: key_file: open(/etc/ssl/private/ssl-cert-snakeoil.key) failed: Permission denied )

How can I solve this (short of making the private key file world readable, of course)?

Regards mks

I have this in Postfix' master.cf:

dovecot unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f ${sender} -a ${recipient} -d ${user}@${domain}

LANG=C id vmail

uid=501(vmail) gid=501(vmail) groups=501(vmail),104(ssl-cert)

LANG=C ls -l /etc/ssl/private/

total 4 -rw-r----- 1 root ssl-cert 1704 Feb 4 17:15 ssl-cert-snakeoil.key

doveconf -n

2.4.2-2+debian13 (0962ed2104): /etc/dovecot/dovecot.conf

Pigeonhole version 2.4.2-2+debian13 (767418c3)

OS: Linux 6.19.0-2-MANJARO x86_64 Debian 13.3 btrfs

Hostname: debian13-cont

dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.2 log_debug = category=sql mail_driver = sdbox mail_gid = vmail mail_home = /var/spool/vmail/home/%{user | domain}/%{user | username} mail_path = /var/spool/vmail/mail/%{user | domain}/%{user | username} mail_plugins { quota = yes } mail_uid = vmail protocols = imap lmtp sieve sql_driver = mysql mysql localhost { dbname = postfixadmin password = # hidden, use -P to show it user = postfixadmin } passdb sql { query = SELECT 'vmail' AS userdb_uid, 'vmail' AS userdb_gid, CONCAT('/var/spool/vmail/home/', maildir) AS userdb_home, CONCAT(quota, 'B') AS userdb_quota_storage_size, username AS user, password FROM mailbox WHERE username = '%{user}' AND active = '1'; } userdb prefetch { } userdb sql { iterate_query = SELECT username AS user FROM mailbox WHERE active = '1'; query = SELECT 'vmail' AS uid, 'vmail' AS gid, CONCAT('/var/spool/vmail/home/', maildir) AS home, CONCAT(quota, 'B') AS quota_storage_size, username AS user, password FROM mailbox WHERE username = '%{user}' AND active = '1'; } namespace inbox { inbox = yes separator = / mailbox Drafts { special_use = "\\Drafts" } mailbox Entwürfe { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox "Gelöschte Objekte" { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Gesendete Objekte" { special_use = "\\Sent" } } service auth { inet_listener tcp_auth { port = 12345 } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service auth-worker { } ssl_server { cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem key_file = /etc/ssl/private/ssl-cert-snakeoil.key } protocol imap { mail_plugins { imap_quota = yes } } quota "User quota" { } dict_server { dict mysql { driver = sql sql_driver = mysql dict_map priv/quota/messages { sql_table = quota username_field = username dict_map_value_field messages { } } dict_map priv/quota/storage { sql_table = quota username_field = username dict_map_value_field bytes { } } } } quota_clone { dict proxy { name = mysql } }