[Dovecot] Help - I keep getting LSUB permission denied
Hi,
I am using dovecot: 1.0.rc15
I was upgrading Debian and installed new versions of lots of things.My mail came fine and I though there was not problem until a user called and said it was not working through webmail. I tried, it it worked fine and I realized the problem was with dovecot. I have created new users, tried different UIDs. Removed any protections but when I telnet to the port, I get this:
a02 LSUB "" "*"
- LSUB () "/" "Trash"
- LSUB () "/" "Junk"
- LSUB () "/" "Sent"
- LSUB () "/" "Junk E-mail"
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 NO Permission denied
when I do it on my account, I get:
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 OK Lsub completed.
I have tried making the directory 777, checked the owners. Copied my Maildir into the other user's to see if I could figure out what could be going on, but I still get the same behavior.
HELP, my user needs his mail.
THANKS
-Don
On Oct 6, 2008, at 7:40 AM, Don Steiny wrote:
a02 LSUB "" "*"
- LSUB () "/" "Trash"
- LSUB () "/" "Junk"
- LSUB () "/" "Sent"
- LSUB () "/" "Junk E-mail"
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 NO Permission denied
Anything in error logs? Post your dovecot -n output?
Timo Sirainen wrote:
On Oct 6, 2008, at 7:40 AM, Don Steiny wrote:
a02 LSUB "" "*"
- LSUB () "/" "Trash"
- LSUB () "/" "Junk"
- LSUB () "/" "Sent"
- LSUB () "/" "Junk E-mail"
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 NO Permission denied
Anything in error logs? Post your dovecot -n output?
No, nothing in the error logs, but here is the -a output. I tried to upgrade, but I am using Debian and have been trying to just use the released packages. It will take a bit of work to get it to compile here because the pathnames are very different. For instance, it can't find libeopenssl in the configure step so I have to figure out the best way to deal with that. I have been hunting for a newer Debian release.
-Don
login_processes_count: 3 login_max_processes_count: 128 login_max_connections: 256 valid_chroot_dirs: mail_chroot: max_mail_processes: 1024 verbose_proctitle: no first_valid_uid: 108 last_valid_uid: 0 first_valid_gid: 1 last_valid_gid: 0 mail_extra_groups: mail_access_groups: mail_privileged_group: default_mail_env: mail_location: maildir:~/Maildir mail_cache_fields: flags mail_never_cache_fields: imap.envelope mail_cache_min_mail_count: 0 mailbox_idle_check_interval: 30 mail_debug: yes mail_full_filesystem_access: no mail_max_keyword_length: 50 mail_save_crlf: no mail_read_mmaped: no mmap_disable: no mmap_no_write: no lock_method: fcntl maildir_stat_dirs: no maildir_copy_with_hardlinks: no mbox_read_locks: fcntl mbox_write_locks: dotlock fcntl mbox_lock_timeout: 300 mbox_dotlock_change_timeout: 120 mbox_min_index_size: 0 mbox_dirty_syncs: yes mbox_very_dirty_syncs: no mbox_lazy_writes: yes dbox_rotate_size: 2048 dbox_rotate_min_size: 16 dbox_rotate_days: 1 umask: 63 mail_drop_priv_before_exec: no mail_executable: /usr/lib/dovecot/imap mail_process_size: 256 mail_plugins: mail_plugin_dir: /usr/lib/dovecot/modules/imap mail_log_prefix: %Us(%u): imap_max_line_length: 65536 imap_capability: imap_client_workarounds: outlook-idle pop3_no_flag_updates: no pop3_enable_last: no pop3_reuse_xuidl: no pop3_lock_session: no pop3_uidl_format: %08Xu%08Xv pop3_client_workarounds: pop3_logout_format: top=%t/%p, retr=%r/%b, del=%d/%m, size=%s namespace: type: private separator: / prefix: location: maildir:~/Maildir inbox: yes hidden: no namespace: type: shared separator: / prefix: FB12/ location: mbox:/var/export/mailfb12:INDEX=/var/export/dovecot/%u inbox: no hidden: no auth default: mechanisms: plain realms: default_realm: cache_size: 0 cache_ttl: 3600 executable: /usr/lib/dovecot/dovecot-auth user: root chroot: username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ username_translation: username_format: master_user_separator: anonymous_username: anonymous krb5_keytab: verbose: yes debug: yes debug_passwords: yes ssl_require_client_cert: no ssl_username_from_cert: no count: 1 worker_max_count: 30 process_size: 256 passdb: driver: pam args: imap deny: no pass: no master: no userdb: driver: passwd args:
On Oct 6, 2008, at 8:36 PM, Don Steiny wrote:
Timo Sirainen wrote:
On Oct 6, 2008, at 7:40 AM, Don Steiny wrote:
a02 LSUB "" "*"
- LSUB () "/" "Trash"
- LSUB () "/" "Junk"
- LSUB () "/" "Sent"
- LSUB () "/" "Junk E-mail"
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 NO Permission denied
Anything in error logs? Post your dovecot -n output?
No, nothing in the error logs, but here is the -a output. I tried to upgrade, but I am using Debian and have been trying to just use the released packages. It will take a bit of work to get it to compile
here because the pathnames are very different. For instance, it can't find libeopenssl in the configure step so I have to figure out the best way to deal with that. I have been hunting for a newer Debian release.
backports.org has newer releases.
namespace: type: private separator: / prefix: location: maildir:~/Maildir inbox: yes hidden: no namespace: type: shared separator: / prefix: FB12/ location: mbox:/var/export/mailfb12:INDEX=/var/export/dovecot/%u inbox: no hidden: no
The problem is most likely that Dovecot tries to read the shared
namespace's subscriptions from /var/export/mailfb12/.subscriptions
file and that's not working too well since the same file is shared by
all users. There's really no good way to handle this situation with
v1.0 + mbox format. I guess the best you could do is to make sure that
no-one has write accesss to the mailfb12 directory so no-one can
modify the .subscriptions file (because the file is modified by
recreating it, so the directory +w permission matters, the file's +w
permission doesn't). Then you'll make the file contain all the
mailboxes and make it world-readable.
Or you could see if backports.org has a v1.1 release and set
subscriptions=no to the shared namespace. Although with mboxes you
should be using v1.1.4 release since it fixes several bugs.
Timo ,
I fixed it. I have not exactly figure out the purpose of the/export (which I changed to /var/export) but there is directory in there that seems to need to be mode 777. When I created it, I accidentally created it as being owned by me, which explains why dovecot worked for me and no one else.
I can't compile dovecot-1.4.1 on Debian 2.6.8-4 with ssl, soupgrading it is not really an option. I get the message from config that it can't find libssl, but I linked copies of it everywhere and I don't know configure scripts well enough to guess where it is looking.
-Don
On Oct 6, 2008, at 8:36 PM, Don Steiny wrote:
Timo Sirainen wrote:
On Oct 6, 2008, at 7:40 AM, Don Steiny wrote:
a02 LSUB "" "*"
- LSUB () "/" "Trash"
- LSUB () "/" "Junk"
- LSUB () "/" "Sent"
- LSUB () "/" "Junk E-mail"
- LSUB () "/" "INBOX/Sent"
- LSUB () "/" "INBOX/Trash"
- LSUB () "/" "INBOX/Drafts" a002 NO Permission denied
Anything in error logs? Post your dovecot -n output?
No, nothing in the error logs, but here is the -a output. I tried to upgrade, but I am using Debian and have been trying to just use the released packages. It will take a bit of work to get it to compile here because the pathnames are very different. For instance, it can't find libeopenssl in the configure step so I have to figure out the best way to deal with that. I have been hunting for a newer Debian release.
backports.org has newer releases.
namespace: type: private separator: / prefix: location: maildir:~/Maildir inbox: yes hidden: no namespace: type: shared separator: / prefix: FB12/ location: mbox:/var/export/mailfb12:INDEX=/var/export/dovecot/%u inbox: no hidden: no
The problem is most likely that Dovecot tries to read the shared namespace's subscriptions from /var/export/mailfb12/.subscriptions file and that's not working too well since the same file is shared by all users. There's really no good way to handle this situation with v1.0 + mbox format. I guess the best you could do is to make sure that no-one has write accesss to the mailfb12 directory so no-one can modify the .subscriptions file (because the file is modified by recreating it, so the directory +w permission matters, the file's +w permission doesn't). Then you'll make the file contain all the mailboxes and make it world-readable.
Or you could see if backports.org has a v1.1 release and set subscriptions=no to the shared namespace. Although with mboxes you should be using v1.1.4 release since it fixes several bugs.
participants (3)
-
Charles Marcus
-
Don Steiny
-
Timo Sirainen