My latest test:
spam:dovecot => user: spam user1:dovecot => user: user1 root:dovecot => binary: /usr/local/libexec/deliver root:dovecot 777 => dir: /var/run/dovecot/
Still getting:
deliver(user1): Can't connect to auth server at
/var/run/dovecot/auth-master: Permission denied
What's the key to this problem?
If I set spam, user1, deliver and /var/run/dovecot/ to the same group, and give read/write permission in that directory to that group, why can't they all use auth-master?
- User 'spam:dovecot' runs Smapassassin
- Hands off to deliver (root:dovecot)
- Deliver assumes 'user1:dovecot' identity
- Can't access auth-master in 'root:dovecot' directory (777)
So it's 'auth-master' that is (a) not available to 'user1' AND (b) not available to group 'dovecot'. Huh? Why not?
I'm obviously missing info about the temporary 'auth-master'. Can anyone please give me a hand? I'd really appreciate it. Thank you.
James
Thank you! Even setting the /var/run/dovecot tree to all chmod 777s doesn't help. I'm probably mis-remembering the ownership of auth-master, in my original note. I haven't seen it since I left my notes at work.
With regard to this maillog entry:
postfix/pipe[29452]: 60990FA01BA: to=recipient@example-receive.com,
relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0,
status=deferred (temporary failure)mailbox_command = /usr/local/libexec/dovecot/deliver
It IS a (temporary failure), because soon after I revert to the simple: the message arrives to the recipient user's mailbox.
It's the spamassassin => deliver handoff and user SWITCH that seems to be problematic.
But then, my brain is all garbled, at this point, so I can't really trust any of my logic. I'll check back in, tomorrow.
Thanks, again.
James
Hi,
I was having problems with permissions on auth-master too. I solve them creating manually the folder /var/run/dovecot with correct permissions but i see you already did that :\
On Sun, Apr 12, 2009 at 5:27 PM, James Butler jbutler@thebestdefense.comwrote:
I've been messing with this for too long, now, and I'm blind to whatever's wrong. Or I'm simply being dense. Either way, I need help with a common issue.
I'm trying to get Postfix+Spamassassin+Dovecot going on Fedora 10. (I'll get back to the global Sieve thingy soon, but I need to get this going, first.)
When using the simple: mailbox_command = /usr/local/libexec/dovecot/deliver everything is cool, except there's no Spamassassin involvement, obviously.
The problem shows itself when the Spamassassin user hands off to the recipient user and Deliver + the recipient user tries to access /var/run/dovecot/auth-master.
Thank you for any insight you can provide.
/var/run/dovecot: 755 root:dovecot /var/run/dovecot/login: 750 root:dovecot /var/run/dovecot/auth-master: 750 root:dovecot (I think. auth-master is a temporary file? Comes and goes.)
From /etc/postfix/main.cf
mailbox_transport = spamassassin
From /etc/postfix/master.cf:
spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender} -d ${user} -m ${extension}
Here's my 'socket listen' section from /usr/local/etc/dovecot.conf:
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 #user = group = dovecot } client { path = /var/run/dovecot/auth-client mode = 0666 #user = group = dovecot } }
From /var/log/maillog:
Postfix receives the message:
postfix/smtpd[29447]: connect from
IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS] postfix/smtpd[29447]: 60990FA01BA:
client=IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS] postfix/cleanup[29451]: 60990FA01BA:
message-id=49E20BF2.4090408@example-send.com postfix/qmgr[29441]: 60990FA01BA: from=sender@example-send.com,
size=812, nrcpt=1 (queue active) postfix/smtpd[29447]: disconnect from
IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]Spamassassin processes the message as user 'spam':
spamd[4121]: spamd: processing message
49E20BF2.4090408@example-send.com for spam:653 spamd[4121]: spamd: clean message (3.0/5.0) for spam:653 in 5.2 seconds,
793 bytes. spamd[4121]: spamd: result: . 2 - RDNS_DYNAMIC,TVD_SPACE_RATIO
scantime=5.2,size=793,user=spam,uid=653,required_score=5.0,
rhost=localhost.localdomain,raddr=127.0.0.1,rport=42493,
mid=49E20BF2.4090408@example-send.com,autolearn=noSpamassassin pipes result to Deliver which runs as recipient user.
Deliver as recipient user doesn't have permission to auth:
deliver(recipient): Can't connect to auth server at
/var/run/dovecot/auth-master: Permission denied postfix/pipe[29452]: 60990FA01BA: to=recipient@example-receive.com,
relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0,
status=deferred (temporary failure)
- I must use the 'user=' arg for spamc
- Can't use 'user=${user}' or $user: fatal: get_service_attr: unknown username: ${user}
- Must use '-d ${user}' Deliver arg, otherwise message gets delivered to user 'spam'
AArrgh! TIA.
-- telemóvel: 963446125 mail: rui.arc@gmail.com mail: ei04073@fe.up.pt website: http://paginas.fe.up.pt/~ei04073