Hello,
we've been using dovecot for pop3 and imap for some time now and we're in the middle of deploying lmtp as well, however we're run into a problem we can't solve. Specifically for some reason it seems that dovecot tries to write to the wrong index file during some, but not all, lmtp deliveries. If lmtp tries to deliver to person user_a@domain, sometimes it'll try to write to index directory user_b@domain using user_a euid. We haven't found and pattern in the problem. A user may receive multiple mails with only 1 in 20 or more deliveries having problems. The only things that we know is that user_b (the wrong one) is always from the same domain as the correct user and always (so far) also a recipient in the same mail.
Feb 25 09:07:01 pop02 dovecot: lmtp(20931, sub1ika@ika.gr): Error: stat(/indexes/2/b/0/diefecon.log@ika.gr/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=10054601(<unknown>) egid=165(<unknown>) missing +x perm: /indexes/2/b/0/diefecon.log@ika.gr, dir owned by 10107819:165 mode=0700) Feb 25 09:07:01 pop02 dovecot: lmtp(20931, sub1ika@ika.gr): Error: nfs_flush_chown_uid: stat(/indexes/2/b/0/diefecon.log@ika.gr/.imap/INBOX) failed: Permission denied Feb 25 09:07:01 pop02 dovecot: lmtp(20931, sub1ika@ika.gr): Error: stat(/indexes/2/b/0/diefecon.log@ika.gr/.imap/INBOX/dovecot.index) failed: Permission denied (euid=10054601(<unknown>) egid=165(<unknown>) missing +x perm: /indexes/2/b/0/diefecon.log@ika.gr, dir owned by 10107819:165 mode=0700) Feb 25 09:07:01 pop02 dovecot: lmtp(20931, sub1ika@ika.gr): T8WxCGwHK1HDUQAAB7uMaw: msgid=542C6CCE00F7433B9F5E0860C32F87FE@sofia: save failed to INBOX: Timeout while waiting for lock
As you can see below it seems that failure to write to the index doesn't stop the mail being delivered.
Feb 25 10:47:36 pop08 dovecot: lmtp(19139, d.lefkona@kep.gov.gr): Error: stat(/var/index/dovecot/4/c/6/d.irakleias-serron@kep.gov.gr/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=10096573(<unknown>) egid=165(<unknown>) missing +x perm: /var/index/dovecot/4/c/6/d.irakleias-serron@kep.gov.gr, dir owned by 10096925:165 mode=0700) Feb 25 10:47:36 pop08 dovecot: lmtp(19139, d.lefkona@kep.gov.gr): Error: stat(/var/index/dovecot/4/c/6/d.irakleias-serron@kep.gov.gr/.imap/INBOX/dovecot.index) failed: Permission denied (euid=10096573(<unknown>) egid=165(<unknown>) missing +x perm: /var/index/dovecot/4/c/6/d.irakleias-serron@kep.gov.gr, dir owned by 10096925:165 mode=0700) Feb 25 10:47:36 pop08 dovecot: lmtp(19139, d.lefkona@kep.gov.gr): ua0ANmIeK1HDSgAADehEhg: sieve: msgid=E299E69CBA0EFA4C9870A944ACBC4DCC03AA9C3F@SYZ3MAIL01.exchange.n3.syzefxis.gov.gr: stored mail into mailbox 'INBOX'
Our current setup is 3 directors (dovecot 2.1.12) proxying pop3/imap and lmtp to a farm of 8 dovecot servers (all of them 2.1.15). All of our mailboxes are stored in NFS. A seperate farm of postfix MX servers will be responsible to send mails via lmtp to our directors. Currently we're keeping dovecot indexes locally but we're beginning to move them to NFS as well (we've changed 2 of the 8 servers and hopefully today the 6 remaining)
Our configuration is :
# 2.1.15: /opt/dovecot-2.1.15/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-92.1.22.el5 x86_64 CentOS release 5.9 (Final) auth_cache_negative_ttl = 10 mins auth_cache_size = 5 M auth_cache_ttl = 10 mins auth_verbose = yes default_client_limit = 5000 default_process_limit = 500 disable_plaintext_auth = no first_valid_uid = 20 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = OTENET ready login_trusted_networks = 83.235.66.0/24 mail_access_groups = mail otemail disk root mail_fsync = always mail_location = mbox:INDEX=/var/index/dovecot/%1Mu/%2.1Mu/%3.1Mu/%u mail_nfs_index = yes mail_nfs_storage = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags notify mbox_lock_timeout = 3 secs mbox_read_locks = dotlock fcntl mmap_disable = yes passdb { args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dirsize:User quota quota_warning = storage=95%% quota-warning 95 %u sieve = ~/.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags } postmaster_address = postmaster@otenet.gr quota_full_tempfail = yes service auth-worker { user = dovenull } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { client_limit = 1 inet_listener lmtp { port = 24 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /opt/dovecot/etc/dovecot/quota-warning.sh user = dovecot } ssl = no userdb { args = /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { mail_plugins = " sieve" } protocol lda { mail_plugins = " sieve quota" } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_max_userip_connections = 100 } protocol pop3 { mail_max_userip_connections = 100 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_lock_session = yes pop3_reuse_xuidl = yes pop3_uidl_format = %08Xu%08Xv }
[root@pop02 ~]# egrep -v "^#|^$" /opt/dovecot/etc/dovecot/dovecot-ldap.conf.ext hosts = 62.103.147.203 dn = "cn=*****,ou=people,dc=otenet,dc=gr" dnpass = ***** base = ou=people,dc=otenet,dc=gr scope = onelevel user_attrs = folderPath=home,mailQuota=quota_rule=*:storage=%$M,uidNumber=uid,gidNumber=gid,mailPath=mail=mbox:~/:INBOX=%$:INDEX=/indexes/%1Mu/%2.1Mu/%3.1Mu/%u user_filter = (&(|(objectClass=otenetMailAccount)(objectClass=otenetservices))(|(uid=%u)(mail=%u)(mailAlternateAddress=%u))) pass_attrs = mail=user,userpassword=password pass_filter = (&(|(objectClass=otenetMailAccount)(objectClass=otenetservices))(|(uid=%u)(mail=%u)(mailAlternateAddress=%u))) default_pass_scheme = CRYPT
Dimos Alevizos