I've been trying a few scenario's.
Scenario 1
I changed the file rights on deliver.
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
from /var/log/mail.log
Jul 19 16:37:03 h1690641 postfix/pipe[15686]: 3195B9C8934: to=<test@ophelia.cocamsterdam.net>, orig_to=<test@cocamsterdam.net>, relay=dovecot, delay=0.03, delays=0.03/0/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
Scenario 2
I changed the file rights on deliver again.
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
from /var/log/mail.log
Jul 19 16:40:38 h1690641 postfix/pipe[17735]: A56E79C8936: to=<test@ophelia.cocamsterdam.net>, orig_to=<test@cocamsterdam.net>, relay=dovecot, delay=0.07, delays=0.03/0.01/0/0.03, dsn=4.3.0, status=deferred (temporary failure)
from /var/log/dovecot.log
2010-07-19 16:40:38 deliver(test): Fatal: setgid(55228) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted (This binary should probably be called with process group set to 55228 instead of 8(mail))
Scenario 3
I've changed /etc/sudoers
Defaults:dovelda !syslog mail ALL=NOPASSWD:/usr/lib/dovecot/deliver
And I've also changed /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -d ${user}
It looks like this is working for me. Is it secure enough?
Best, Frank
From: "Timo Sirainen" <tss@iki.fi> Sent: Monday, July 19, 2010 1:48 AM To: "Frank van Amsterdam" <frank122595@hotmail.com> Cc: <dovecot@dovecot.org> Subject: Re: [Dovecot] Unable to get Dovecot LDA/deliver working
On 19.7.2010, at 0.42, Frank van Amsterdam wrote:
2010-07-18T03:15:55.870734+02:00 h1690529 postfix/pipe[20360]: CC8F2AEC087: to=<test@domain.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure)
I don't have any clue what this warning/error means.
It means you haven't found the real error message. http://wiki.dovecot.org/LDA#logging