On 6/21/2013 3:01 PM, Mrten wrote:
On 21/6/2013 19:34 , Ben Johnson wrote:
Please do reply if you have any additional thoughts. I'm at my wit's end here!
When all else failes, use strace -f -F :)
(add it in front of the deliver call and expect LOTS of output)
Maarten.
YES! Brilliant, Maarten! That tells us what we need to know. Here is the relevant bit:
write(2, "\1\00429770 user sa-training@exampl"..., 139^A^D29770 user sa-training@example.com: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied
It seems the issue here is that "root" is the only user who is allowed to read Dovecot's configuration file. Presumably, Dovecot, like most services, is started as "root" and then drops its permissions to least-required once started.
Obviously, it would be imprudent to modify the permissions on /var/run/dovecot/config; they're set that way for a good reason.
What are the other options? I did see the "System Users" section at http://wiki.dovecot.org/LDA , and maybe that's what I missed.
System users
You can use deliver with a few selected system users (ie. user is found from /etc/passwd / NSS) by calling deliver in the user's ~/.forward file:
| "/usr/local/libexec/dovecot/deliver" This should work with any MTA which supports per-user .forward files. For qmail's per-user setup, see LDA/Qmail.
This method doesn't require the authentication socket explained below since it's executed as the user itself.
I'm struggling to identify this section's relevance to my situation. I thought, "Maybe I need to add the above-cited line to the vmail user's ~/.forward file." But I don't see how that will have any effect.
I feel like I'm almost there; just need one more nudge :)
Thanks for all the help!
-Ben