Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective uid=1003, gid=1003, home=/home/granitemon
Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted
so it's running as the normal user, and NOT with the mail group.
I'm using exim with LMTP. LMTP is NOT a bad thing, and might make your life easier. It does allow you to add sieve scripting if you want to via pigeonhole.
Sorry, I'm at a loss, as I do NOT run postfix. I'm not sure what it needs to invoke dovecot-lda with gid mail in the group list.
On Tue, Nov 3, 2015 at 2:40 PM, John Clements johnbclements@gmail.com wrote:
Well, first, here are the logs I generated:
Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective uid=1003, gid=1003, home=/home/granitemon Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mbox:~/mail:INBOX=/var/mail/granitemon Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: fs: root=/home/granitemon/mail, index=, indexpvt=, control=, inbox=/var/mail/granitemon, alt= Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: userdb lookup skipped, username taken from USER environment Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Destination address: granitemon@desmond.brinckerhoff.org (source: user@hostname) Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted Nov 3 12:23:05 desmond dovecot: lda(granitemon): msgid=< 20151103202305.88BE05FF39@desmond.brinckerhoff.org>: save failed to INBOX: BUG: Unknown internal error Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted Nov 3 12:23:05 desmond postfix/local[26490]: 88BE05FF39: to=granitemon@localhost, relay=local, delay=0.04, delays=0.01/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure)
At this point... well, I don't understand why dovecot signals an "Unknown internal error," but I think I understand that even if I *do* get this working, I'm pretty much throwing in the towel, because since postfix invokes the lda as the user receiving the mail, then this only works if all users receiving mail are in the mail group, which means any of them can mess up any other's mbox.
So, it looks like even if this bug is fixed, I'm left with two obvious choices:
- make /var/mail writeable by all users that receive mail, or
- use LMTP instead.
Many thanks for your help,
John Clements
On Tue, Nov 3, 2015 at 12:13 PM, Larry Rosenman larryrtx@gmail.com wrote:
and, are you SURE that dovecot-lda has mail in it's group list when it is executing?
On Tue, Nov 3, 2015 at 2:12 PM, Larry Rosenman larryrtx@gmail.com wrote:
Hrm. if you turn up the debug on lda, do you get any more of a clue?
Those permissions look fine to me.
On Tue, Nov 3, 2015 at 2:10 PM, John Clements johnbclements@gmail.com wrote:
clements@desmond:/var/log$ ls -lda /var/mail drwxrwsr-x 2 root mail 4096 Nov 2 22:07 /var/mail
Best,
John Clements
On Tue, Nov 3, 2015 at 11:52 AM, Larry Rosenman larryrtx@gmail.com wrote:
what is the full permissions of /var/mail?
ls -lda /var/mail
On Tue, Nov 3, 2015 at 1:49 PM, John Clements
wrote:
I've been using dovecot+postfix happily for many years, and I'm now configuring it for a new machine. However, I'm running into an old problem again, and thinking that there must be a better solution.
The problem is that dovecot-lda is unable to create dotlock files in the /var/mail directory.
Dovecot version: 1:2.2.13-12~deb8u1 (I'm guessing this is upstream version 2.2.13) OS: Debian Jessie
Currently, my mail directory has these permissions:
clements@desmond:~$ ls -ld /var/mail drwxrwsr-x 2 root mail 4096 Nov 2 22:07 /var/mail clements@desmond:~$ ls -l /var/mail total 8 -rw------- 1 clements mail 1382 Nov 2 21:59 clements -rw------- 1 granitemon mail 530 Nov 2 22:07 granitemon
I've added mail_privileged_group = mail to allow creation of the dotlock files.
When I configure postfix to deliver using dovecot-lda, I get logs that look like this:
Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< 20151103181306.A4B5B5FF32@desmond.XXXDOMAIN.org>: save failed to INBOX: BUG: Unknown internal error
In order to isolate the error, I took postfix out of the equation, and called dovecot-lda directly:
clements@desmond:/tmp$ cat bogusmail From: clements@XXXDOMAIN.org To: granitemon@localhost Date: November 3 2015 Subject: graaaah
this is the body clements@desmond:/tmp$ /usr/lib/dovecot/dovecot-lda -e -d clements < bogusmail BUG: Unknown internal error clements@desmond:/tmp$
In response to this, mail.log now contains this similar error:
Nov 3 11:34:57 desmond dovecot: lda(clements): msgid=unspecified: save failed to INBOX: BUG: Unknown internal error Nov 3 11:34:57 desmond dovecot: lda(clements): Error: setegid(privileged) failed: Operation not permitted
I've tried a number of "random internet search" solutions, including
- changing perms on mail files from 660 to 600
- enabling 'mail_access_groups=mail' in 10-mail.conf
- adding individual users to the mail group.
I guess I'm pretty confident that if dovecot is writing "BUG: Unknown internal error" in the logs, that this is is actually a bug in dovecot.
OBresearch: I read through the release notes of 2.2.14 -- 2.2.19 to see if a relevant-looking bug had been fixed, but nothing jumped out at me. OBresearch: searching the dovecot mailing list, I found one *extremely* relevant thread called "Re: [Dovecot] started with dovecot sieve http://dovecot.markmail.org/message/kgd34wberxuvmrsa?q=setegid", but there didn't seem to be a solution contained in the thread.
Final note: this doesn't appear to be confined to debian jessie: I took a look at my existing installation, and I see that in fact I just went ahead and made /var/mail world-writeable, which seems... sub-optimal. I'm sure I could do that here, too, but I'd certainly rather not.
Thanks in advance, and let me know if I've left out relevant crucial information.
Best,
John Clements
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961