On Aug 24, 2022, at 12:10 PM, lorek <dundir@gmail.com> wrote:There are a number of issues that can appear to be ACL issues when in fact its something else.As other's have mentioned, AppArmor profiles and SELinux contexts can be checked and are the most common. There are ACL permissions as well if you enabled ACL (they are not enabled by default on Ubuntu server).I've occasionally (rarely) seen some weird interactions with sockets between MDA and MTA if the permissions on the directory were not set correctly.Additionally, if a mount permission mask is being used, that can occasionally cause similar issues as well, as is often the case with using an NTFS backing filesystem for maildir that's been mounted with unix perms.There can also be some edge-cases with permissions in Ubuntu's flavored snap containers as well as docker containers and custom sieves.Its difficult to say with any accuracy what is causing your issue with the information provided.Have you increased the verbosity of the logging?If all of the normal culprits do not stand out, maybe some others will have an idea.As a final fallback you can always set a breakpoint and use a reverse debugger. Its not going to be performant but it will at least narrow down where the issue is coming from, and what the intermediate states were that led to the error so you can save/replicate them moving forward for resolution. Non-determinism can creep into code in a lot of different ways.Best Regards,NOn Tue, Aug 23, 2022 at 4:53 AM Austin Witmer <austin96@emypeople.net> wrote:Austin WitmerHere is the output of dovecot -naustin@mail:~$ doveconf -n# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf# Pigeonhole version 0.5.16 (09c29328)# OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS# Hostname: mailauth_mechanisms = plain loginlisten = *mail_location = mbox:~/mail:INBOX=/var/mail/%umail_privileged_group = mailmanagesieve_notify_capability = mailtomanagesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttextnamespace inbox {inbox = yeslocation =mailbox Drafts {special_use = \Drafts}mailbox Junk {special_use = \Junk}mailbox Sent {auto = subscribespecial_use = \Sent}mailbox "Sent Messages" {special_use = \Sent}mailbox Spam {auto = subscribe}mailbox Trash {auto = subscribespecial_use = \Trash}prefix =}passdb {driver = pam}passdb {args = /etc/dovecot/dovecot-sql.confdriver = sql}passdb {args = /etc/dovecot/dovecot-sql.confdriver = sql}plugin {sieve = file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sievesieve_before = /var/lib/dovecot/sieve/sieve_global_dir = /var/lib/dovecot/sieve/sieve_global_path = /var/lib/dovecot/sieve/default.sievesieve_user_log = file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log}protocols = imap lmtp pop3 imap lmtp sieve pop3service auth {unix_listener /var/spool/postfix/private/auth {group = postfixmode = 0660user = postfix}}service imap-login {inet_listener imap {port = 0}inet_listener imaps {port = 993}}service lmtp {unix_listener /var/spool/postfix/private/dovecot-lmtp {group = postfixmode = 0600user = postfix}}service managesieve-login {inet_listener sieve {port = 4190}service_count = 1}ssl = requiredssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pemssl_dh = # hidden, use -P to show itssl_key = # hidden, use -P to show itssl_prefer_server_ciphers = yesuserdb {driver = passwd}userdb {driver = prefetch}userdb {args = /etc/dovecot/dovecot-sql.confdriver = sql}userdb {driver = prefetch}userdb {args = /etc/dovecot/dovecot-sql.confdriver = sql}protocol lmtp {hostname = mail.mydomain.commail_plugins = " sieve"postmaster_address = postmaster@mydomain.com}protocol lda {mail_plugins = " sieve"}
On Aug 20, 2022, at 12:09 PM, Austin Witmer <austin96@emypeople.net> wrote:And no, I don’t think I am using ACL’s.
getfacl austin /mnt/volume1/mailserver/plain/maildir/
getfacl: austin: No such file or directory
getfacl: Removing leading '/' from absolute path names
# file: mnt/volume1/mailserver/plain/maildir/
# owner: austin
# group: austin
user::rwx
group::rwx
other::r--
Austin WitmerOn Aug 20, 2022, at 11:15 AM, spi <spi@nurfuerspam.de> wrote:
Am 20.08.22 um 16:52 schrieb Austin Witmer:
Hello all!
Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
then I am periodically getting some dovecot errors like the below in
my mail log. As far as I can tell, my unix perms are just fine. What
is ACL/MAC?
Aug 20 14:41:58 mail dovecot:
imap(user@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX:
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
<http://domain.com/user/dovecot.index.log>) failed: Permission denied
(euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
wrong?))
And here is the listing showing the permissions for that file.
*austin@mail*:*~*$ ls -la
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
<http://domain.com/user/dovecot.index.log>
-rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
<http://domain.com/user/dovecot.index.log>*
What in the world is causing these errors, and what can I do about them?
Thanks in advance!
Austin Witmer
Do you use any ACLs? Is this just a block device mounted or do you use
any network file sharing like nfs?
ACLs you can check by 'getfacl foo'.
--
Cheers
spi