Re: LDA ignores virtual mailbox settings

On 27/12/2020 18:19 Toni Mueller support@oeko.net wrote:

Hi,

I have a Debian/Buster system with Postfix and Dovecot from the Debian repo, and with virtual users only (ie, no system users). These virtual users are having all of their uids, gids, homes and mail quota in an PostgreSQL database. The intent is to have postfix deliver the email via dovecot's LDA, so I can set quota on a per-user basis.

But for some odd reason, Dovecot's LDA can't find the user data from the userdb, and then complains about not being able to write to /var/mail. The following example shows how things fail when delivering a message from Postfix's queue (therefore, the passdb failure is expected):

In /etc/dovecot.conf, I have this, amongst other things:

mail_location = maildir:~/Maildir:INBOX=~/Maildir passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } protocol lda { mail_plugins = autocreate quota mail_log trash virtual notify }

16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=user@example.com, size=880, nrcpt=1 (queue active) 16:04:16 dovecot: auth: Debug: master in: USER#0111#011user@example.com#011service=lda 16:04:16 dovecot: auth: Debug: prefetch(user@example.com): passdb didn't return userdb entries, trying the next userdb 16:04:16 dovecot: auth: Debug: sql(user@example.com): SELECT '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as quota_rule FROM virtual_users WHERE email = 'user@example.com' AND status = 'A' 16:04:16 dovecot: auth: Debug: userdb out: USER#0111#011user@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0

^^^^^^^^^^^^^^^^^^^^^^

This shows that the database lookup works. The intended effect should be that the message is delivered to

/path-to-mailboxen/example.com/user/Maidir/new

16:04:16 dovecot: lda(user@example.com)<5291>: Error: setegid(privileged) failed: Operation not permitted 16:04:16 dovecot: lda(user@example.com)<5291>: Error: Mailbox INBOX: open(/var/mail/user@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)

^^^^^^^^^^^^^^^^^^^^^^

And this shows that dovecot-lda just ignores the result.

16:04:16 dovecot: lda(user@example.com)<5291>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 dovecot: lda(user@example.com)<5291>: msgid=20201226224933.014608@laptop.example.com: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=user@example.com, orig_to=userA@example2.com, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)

In /etc/postfix/master.cf, I have this to call it:

dovecot unix - n n - - pipe flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient}

I've tried strace-ing dovecot-lda, but it didn't really help me to understand why it discards the result of the userdb lookup.

Can anyone please provide a cluebat, please?

Thanks, Toni

Try adding

mail_privileged_group = mail

to your dovecot.conf. See https://doc.dovecot.org/settings/core/#mail-privileged-group

Aki