Thanks, Tom.
Here's an update to the sequence of the issue...
For some reason dovecot/auth is repeatedly trying to write to /var/lib/plesk/mail/auth/passwd.db I have confirmed that passwd.db is indeed the database that holds the email account passwords. Dovecot is doing this about 1-3 times per minute.
SELinux blocks these attempts and the denials are stored /var/log/audit/audit.log as type AVC.
The Fedora Project's SETroubleshoot processes runs twice per minute, and detects the new denial(s) in the audit.log.
SETroubleshoot reports "SELinux is preventing /usr/libexec/dovecot/auth from write access on the file passwd.db." to the /var/log/messages file.
The question remains, what is causing dovecot/auth to repeatedly try to write to /var/lib/plesk/mail/auth/passwd.db?
The IMAP protocol does allow a client to change the account password, so this is a possible reason why dovecot is attempting to write. Is there any other reason? Can dovecot be configured to disallow this? If these are password change attempts, how can I determine for which email account(s)? Can I find associated IPs?
The constant repeated nature of this issue has me baffled. Is there something cached in dovecot that needs to be cleared out? If so, how? I have of course tried restarting dovecot and also rebooting, but the issue persists.
I am seeing no problems with any of my clients' email accounts, including the clients who are using IMAP.
I see now that I can turn on debugging output for dovecot... I'll try that.
On 3/3/25 11:54 AM, Tom Hendrikx via dovecot wrote:
On 01-03-2025 13:38, jcalvert--- via dovecot wrote:
Greetings,
I'm running dovecot 2.3.21.1 (Plesk says up-to-date) on AlmaLinux 8.10, Plesk Obsidian 18.0.67 #3.
I'm getting this repeated error in /var/log/messages...
"SELinux is preventing /usr/libexec/dovecot/auth from write access on the file passwd.db."
(I think passwd.db is the one in /var/lib/plesk/mail/auth/)
This causes...
"Activating via systemd: service name='org.fedoraproject.Setroubleshootd'"
which is taking a lot of CPU.
This error is happening continuously, about 1-3 times per minute.
Am I correct in thinking that an email client or webmail client is trying to change an email account password via IMAP?
If so, I would like to know how to disable this ability in dovecot. (I would like to change email account passwords only via Plesk.)
If not, why is dovecot trying to write to the passwd.db file? The fact that SELinux is blocking this is concerning.
Hi,
Maybe the problem gets clearer when you can show the passwd configuration in dovecot that Plesk has added.
Normally the passdb should be okay being read-only (see: https://doc.dovecot.org/2.3/configuration_manual/authentication/sql/ where SELECT queries are used).
Password changes can't be done through IMAP iirc, but maybe the lookup query does something weird.
Kind regards,
Tom
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org