Steffen Kaiser wrote:
You are using system users?
I believe so. Running delivery from the command line as the sendmail user works as it should.
*) The setuid users listed in the wiki kept result in setgid()
What setuid users?
Sorry, I typed a little hastily. "setuid user's configuration" - setting the deliver owner to "vmail:vmail" as listed in http://wiki.dovecot.org/LDA/Sendmail resulted in "setgid(1002(vmail)) failed with euid=1002(vmail), gid=8(mail), egid=8(mail): Operation not permitted".
When sendmail attempts delivery, I'm getting "deferred: deliver failed with EX_TEMP", but nothing recorded in the log files. I've embarrassingly widened the permissions of /var/log/dovecot and the
I changed logging of deliver to syslog for this reason:
Fair enough, but I'm happy to tighten the permissions once I've got it working; I just have to get it working first.
=======
My definition of local delivery on Debian is:
dnl -f $g -- sender dnl -d $u -- destination user account name dnl -m $h -- mailbox to deliver to (+detail part of address) dnl -n -- don't create new mailbox dnl -e -- exit code rather DSN FEATURE(
local_procmail',/etc/mail/smrsh/dovecot-deliver', `/etc/mail/smrsh/dovecot-deliver -e -f $g -d $u')dnlsendmail invokes deliver already as the system user, no setuid necessary.
So sendmail and deliver are running as the same user ID?
I'm not sure my mailer definition is an issue here - like I said, if I wrap the invocation in a shell script or use strace as a mailer (that's a first for me) it works correctly. For the record, I'm using:
Mdovecot, P=/opt/dovecot-1.2.9/libexec/dovecot/deliver, F=lADFMPhnu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, T=DNS/RFC822/X-Unix, A=deliver -d $u
#Mdovecot, P=/tmp/strace, F=lADFMPhnu9, # S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, # T=DNS/RFC822/X-Unix, # A=strace -o /tmp/strace.log /opt/dovecot-1.2.9/libexec/dovecot/deliver -d $u
-- Regards, Daryl Tester
Member of the Amalgamated Australian Association Against Apostrophe Abuse. (formerly the 6A's - no, wait ...).