[Dovecot] Quota-warning and setresgid
Hi!
Please help me with this. The problem exists when quota-warning is executing:
LOG: Jan 10 10:15:06 lmtp(85973): Debug: none: root=, index=, control=, inbox=, alt= Jan 10 10:15:06 lmtp(85973): Info: Connect from local Jan 10 10:15:06 lmtp(85973): Debug: Loading modules from directory: /usr/local/lib/dovecot Jan 10 10:15:06 lmtp(85973): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so Jan 10 10:15:06 lmtp(85973): Debug: Module loaded: /usr/local/lib/dovecot/lib90_sieve_plugin.so Jan 10 10:15:06 lmtp(85973): Debug: auth input: tester@domain.eu home=/home/vmail/domain.eu/tester/ mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public uid=101 gid=12 quota_rule=*:storage=2097 acl_groups= Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting: mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting: plugin/quota_rule=*:storage=2097 Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting: plugin/acl_groups= Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Effective uid=101, gid=12, home=/home/vmail/domain.eu/tester/ Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota root: name=user backend=dict args=:proxy::quotadict Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule: root=user mailbox=* bytes=2147328 messages=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule: root=user mailbox=Trash bytes=+429465 (20%) messages=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule: root=user mailbox=SPAM bytes=+429465 (20%) messages=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=1717862 (80%) messages=0 reverse=no command=quota-warning 80 tester@domain.eu Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=1932595 (90%) messages=0 reverse=no command=quota-warning 90 tester@domain.eu Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=2039961 (95%) messages=0 reverse=no command=quota-warning 95 tester@domain.eu Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: dict quota: user=tester@domain.eu, uri=proxy::quotadict, noenforcing=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: maildir++: root=/home/vmail/domain.eu/tester, index=/var/mail/vmail/domain.eu/tester@domain.eu/index/public, control=, inbox=/home/vmail/domain.eu/tester, alt= Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:/home/vmail/public/:CONTROL=/var/mail/vmail/domain.eu/tester/control/public:INDEX=/var/mail/vmail/domain.eu/tester/index/public:LAYOUT=fs Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: fs: root=/home/vmail/public, index=/var/mail/vmail/domain.eu/tester/index/public, control=/var/mail/vmail/domain.eu/tester/control/public, inbox=, alt= Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/shared/%u Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: shared: root=/var/run/dovecot, index=, control=, inbox=, alt= ... Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: quota: Executing warning: quota-warning 95 tester@domain.eu Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Info: bLUfAJoBDE/VTwEA9hAjDg: sieve: msgid=4F0C0180.3040704@domain.eu: stored mail into mailbox 'INBOX' Jan 10 10:15:06 lmtp(85973): Info: Disconnect from local: Client quit (in reset) Jan 10 10:15:06 lda: Debug: Loading modules from directory: /usr/local/lib/dovecot Jan 10 10:15:06 lda: Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so Jan 10 10:15:06 lda: Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so Jan 10 10:15:06 lda: Debug: Module loaded: /usr/local/lib/dovecot/lib90_sieve_plugin.so Jan 10 10:15:06 lda: Debug: auth input: tester@domain.eu home=/home/vmail/domain.eu/tester/ mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public uid=101 gid=12 quota_rule=*:storage=2097 acl_groups= Jan 10 10:15:06 lda: Debug: Added userdb setting: mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public Jan 10 10:15:06 lda: Debug: Added userdb setting: plugin/quota_rule=*:storage=2097 Jan 10 10:15:06 lda: Debug: Added userdb setting: plugin/acl_groups= Jan 10 10:15:06 lda(tester@domain.eu): Fatal: setresgid(12(mail),12(mail),101(vmail)) failed with euid=101(vmail): Operation not permitted Jan 10 10:15:06 master: Error: service(quota-warning): child 85974 returned error 75
dovecot -n # 2.0.16: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE-p3 amd64 auth_master_user_separator = * auth_mechanisms = plain login cram-md5 auth_username_format = %Lu dict { quotadict = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf } disable_plaintext_auth = no first_valid_gid = 12 first_valid_uid = 101 log_path = /var/log/dovecot.log mail_debug = yes mail_gid = vmail mail_plugins = " quota acl" mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/home/vmail/public/:CONTROL=/var/mail/vmail/%d/%n/control/public:INDEX=/var/mail/vmail/%d/%n/index/public:LAYOUT=fs prefix = Public/ separator = / subscriptions = yes type = public } namespace { list = children location = maildir:%%h/:INDEX=/var/mail/vmail/%d/%u/index/shared/%%u prefix = Shared/%%u/ separator = / subscriptions = no type = shared } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql } passdb { args = /usr/local/etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { acl = vfile:/usr/local/etc/dovecot/acls acl_shared_dict = file:/usr/local/etc/dovecot/shared/shared-mailboxes.db autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autocreate5 = Archives autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts autosubscribe5 = Public/Poczta autosubscribe6 = Archives fts = squat fts_squat = partial=4 full=10 quota = dict:user::proxy::quotadict quota_rule2 = Trash:storage=+20%% quota_rule3 = SPAM:storage=+20%% quota_warning = storage=80%% quota-warning 80 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /usr/local/etc/dovecot/sieve sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve } protocols = imap pop3 sieve lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0660 user = vmail } } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap { executable = imap postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve { drop_priv_before_exec = yes } service pop3 { drop_priv_before_exec = yes } service postlogin { executable = script-login rawlog } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_plugins = " acl imap_acl autocreate fts fts_squat quota imap_quota" } protocol lmtp { mail_plugins = quota sieve } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve acl quota postmaster_address = postmaster@domain.eu sendmail_path = /usr/sbin/sendmail }
-- Łukasz
Anyone?
W dniu 2012-01-10 10:34, l.chelchowski napisał(a):
Hi!
Please help me with this. The problem exists when
quota-warning is executing:
LOG: Jan 10 10:15:06 lmtp(85973):
Debug: none: root=, index=, control=,
inbox=, alt= Jan 10 10:15:06 lmtp(85973): Info: Connect from local Jan 10 10:15:06 lmtp(85973): Debug: Loading modules from directory: /usr/local/lib/dovecot Jan 10 10:15:06 lmtp(85973): Debug: Module loaded:
/usr/local/lib/dovecot/lib10_quota_plugin.so
Jan 10 10:15:06 lmtp(85973): Debug: Module loaded:
/usr/local/lib/dovecot/lib90_sieve_plugin.so
Jan 10 10:15:06 lmtp(85973): Debug: auth input: tester@domain.eu
home=/home/vmail/domain.eu/tester/
mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public
uid=101 gid=12 quota_rule=*:storage=2097 acl_groups= Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting:
mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public
Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting:
plugin/quota_rule=*:storage=2097
Jan 10 10:15:06 lmtp(85973): Debug: Added userdb setting: plugin/acl_groups= Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Effective uid=101, gid=12, home=/home/vmail/domain.eu/tester/ Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota root: name=user backend=dict args=:proxy::quotadict Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule: root=user mailbox=* bytes=2147328 messages=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule:
root=user mailbox=Trash bytes=+429465 (20%) messages=0
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota rule: root=user mailbox=SPAM bytes=+429465 (20%) messages=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=1717862 (80%) messages=0 reverse=no command=quota-warning 80
tester@domain.eu
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=1932595 (90%) messages=0 reverse=no command=quota-warning 90 tester@domain.eu Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Quota warning: bytes=2039961 (95%) messages=0 reverse=no command=quota-warning 95
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: dict quota: user=tester@domain.eu, uri=proxy::quotadict, noenforcing=0 Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no,
tester@domain.eu list=yes,
subscriptions=yes
location=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: maildir++:
root=/home/vmail/domain.eu/tester,
index=/var/mail/vmail/domain.eu/tester@domain.eu/index/public, control=,
inbox=/home/vmail/domain.eu/tester, alt= Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=children,
subscriptions=yes
location=maildir:/home/vmail/public/:CONTROL=/var/mail/vmail/domain.eu/tester/control/public:INDEX=/var/mail/vmail/domain.eu/tester/index/public:LAYOUT=fs
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: fs:
root=/home/vmail/public,
index=/var/mail/vmail/domain.eu/tester/index/public,
control=/var/mail/vmail/domain.eu/tester/control/public, inbox=, alt=
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: Namespace :
type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no,
list=children, subscriptions=no
location=maildir:%h/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/shared/%u
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: shared:
root=/var/run/dovecot, index=, control=, inbox=, alt=
... Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Debug: quota: Executing
warning: quota-warning 95 tester@domain.eu
Jan 10 10:15:06 lmtp(85973, tester@domain.eu): Info: bLUfAJoBDE/VTwEA9hAjDg: sieve: msgid=4F0C0180.3040704@domain.eu: stored mail into mailbox 'INBOX' Jan 10 10:15:06 lmtp(85973): Info: Disconnect from local: Client quit (in reset) Jan 10 10:15:06 lda: Debug: Loading modules from directory: /usr/local/lib/dovecot Jan 10 10:15:06 lda: Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so Jan 10 10:15:06 lda: Debug: Module loaded:
/usr/local/lib/dovecot/lib10_quota_plugin.so
Jan 10 10:15:06 lda: Debug: Module loaded: /usr/local/lib/dovecot/lib90_sieve_plugin.so
Jan 10 10:15:06 lda: Debug: auth input: tester@domain.eu
home=/home/vmail/domain.eu/tester/
mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public
uid=101 gid=12 quota_rule=*:storage=2097 acl_groups= Jan 10 10:15:06 lda: Debug: Added userdb setting:
mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public
Jan 10 10:15:06 lda: Debug: Added userdb setting:
plugin/quota_rule=*:storage=2097
Jan 10 10:15:06 lda: Debug: Added userdb setting: plugin/acl_groups= Jan 10 10:15:06 lda(tester@domain.eu): Fatal: setresgid(12(mail),12(mail),101(vmail)) failed with euid=101(vmail): Operation not permitted Jan 10 10:15:06 master: Error: service(quota-warning): child 85974 returned error 75
dovecot -n # 2.0.16: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE-p3 amd64 auth_master_user_separator = * auth_mechanisms = plain login cram-md5 auth_username_format = %Lu dict { quotadict = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf }
disable_plaintext_auth = no
first_valid_gid = 12 first_valid_uid = 101 log_path = /var/log/dovecot.log mail_debug = yes mail_gid = vmail mail_plugins = " quota acl" mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
namespace { inbox = yes location =
prefix =
separator = / type = private } namespace { list = children location =
maildir:/home/vmail/public/:CONTROL=/var/mail/vmail/%d/%n/control/public:INDEX=/var/mail/vmail/%d/%n/index/public:LAYOUT=fs
separator = / subscriptions = yes type =
prefix = Public/ public
} namespace { list = children location = maildir:%%h/:INDEX=/var/mail/vmail/%d/%u/index/shared/%%u prefix = Shared/%%u/ separator = / subscriptions = no type = shared }
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql } passdb { args = /usr/local/etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes pass = yes } plugin { acl = vfile:/usr/local/etc/dovecot/acls acl_shared_dict =
file:/usr/local/etc/dovecot/shared/shared-mailboxes.db
autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts
autocreate5 = Archives
autosubscribe = Trash autosubscribe2 = Junk
autosubscribe4 = Drafts autosubscribe5 = Public/Poczta autosubscribe6 = Archives fts = squat fts_squat =
autosubscribe3 = Sent partial=4 full=10
quota = dict:user::proxy::quotadict quota_rule2 = Trash:storage=+20%% quota_rule3 = SPAM:storage=+20%% quota_warning = storage=80%% quota-warning 80 %u quota_warning2 = storage=90%% quota-warning 90 %u quota_warning3 = storage=95%% quota-warning 95 %u sieve = ~/.dovecot.sieve sieve_before = /usr/local/etc/dovecot/sieve/default.sieve sieve_dir = ~/sieve
sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve } protocols = imap pop3 sieve lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user =
sieve_global_dir = /usr/local/etc/dovecot/sieve postfix
} unix_listener auth-userdb { group = mail mode = 0660
} } service dict { unix_listener dict { mode = 0600 user = vmail } } service imap { executable = imap
user = vmail postlogin
} service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve {
drop_priv_before_exec = yes
} service pop3 { drop_priv_before_exec = yes } service postlogin { executable = script-login rawlog }
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } ssl = no userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql }
verbose_proctitle = yes
protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_plugins = " acl imap_acl autocreate fts fts_squat quota imap_quota" } protocol lmtp {
mail_plugins = quota sieve
} protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv } protocol lda { deliver_log_format = msgid=%m: %$
postmaster_address =
mail_plugins = sieve acl quota postmaster@domain.eu
sendmail_path = /usr/sbin/sendmail }
--
Pozdrawiam Łukasz
On 10.1.2012, at 11.34, l.chelchowski wrote:
Jan 10 10:15:06 lda: Debug: auth input: tester@domain.eu home=/home/vmail/domain.eu/tester/ mail=maildir:/home/vmail/domain.eu/tester/:INDEX=/var/mail/vmail/domain.eu/tester@domain.eu/index/public uid=101 gid=12 quota_rule=*:storage=2097 acl_groups=
Note that userdb lookup returns gid=12(mail)
Jan 10 10:15:06 lda(tester@domain.eu): Fatal: setresgid(12(mail),12(mail),101(vmail)) failed with euid=101(vmail): Operation not permitted
But you're running it with gid=101(vmail).
mail_gid = vmail mail_privileged_group = vmail mail_uid = vmail
Here you're also using gid=101(vmail). (The mail_privileged_group=vmail is a useless setting BTW)
userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf driver = sql }
My guess for the best fix: Change the user_query not to return uid or gid fields at all.
participants (2)
-
l.chelchowski
-
Timo Sirainen