It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is.
Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot.
Regards, Tom
I've enabled dovecot-lda logging with:
protocol lda { log_path = info_log_path = syslog_facility = mail }
However it's not producing any entries in the mail syslog. I'm wondering if it's not even executing dovecot-lda then. As a test I tried running "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what happens, and I got a blank email delivered to "username" OK. So based on this I think lda is OK? I am not seeing any errors logged when sendmail tries to use dovecot-lda though.
Here's what "dovecot -n" shows:
# 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) ext4 mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u mail_plugins = " quota" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { driver = pam } plugin { quota = fs:User quota:user quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@localhost protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Thank you very much for any further thoughts on this.
Chris
These errors just started showing up in the mail syslog, FINALLY. Not sure why it took this long.
dovecot: lda(username): Fatal: setresgid(1000(username),1000(username),12(mail)) failed with euid=0(root): Operation not permitted
After turning off SELinux, mail was finally being delivered! So, I adjusted SELinux to allow a few denied errors for dovecot-lda (including filesystem quotas):
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotlda.te
Then, verified the contents of "dovecotlda.te":
module local 1.0; require { type fs_t; type mqueue_spool_t; type dovecot_deliver_t; class capability { setuid setgid }; class file write; class filesystem quotaget; } #============= dovecot_deliver_t ============== allow dovecot_deliver_t fs_t:filesystem quotaget; allow dovecot_deliver_t mqueue_spool_t:file write; allow dovecot_deliver_t self:capability { setuid setgid };
Then create the policy file and activate it:
checkmodule -M -m -o dovecotlda.mod dovecotlda.te semodule_package -o dovecotlda.pp -m dovecotlda.mod semodule -i dovecotlda.pp
Now with SELinux enforcing, I'm getting mail delivered OK.
Also just to confirm, this is the line I'm using in /etc/mail/sendmail.mc:
FEATURE(local_procmail', /usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d
$u')dnl
Thanks again for the help, hopefully this helps others in the future with sendmail.
-- Chris