Using dovecot-lda with sendmail
Hello:
I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 server. I've tried following the instructions at the wiki, http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and restarting sendmail -- the process for any sendmail config change. However it is still not working and in the maillog, it shows:
sendmail[31949]: sAEM4GTt031742: to=<user@localhost>, ctladdr=<test@localhost> (1000/1000), delay=00:08:31, xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0, stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL
I verified that SELinux is not interfering in this case.
I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda as other users, but I see that the file on my system is uid/gid as: root/root.
Is there a way to get this working? Thanks much!
-- Chris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 15-11-14 00:00, Chris Szilagyi wrote:
It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is.
Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot.
Regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCAAGBQJUZ1KuAAoJEJPfMZ19VO/1iPIP/jMZsmCEvPpcTgLoIdU0/Nig lTPk1NlXYfxyQhYQan1pvpNRvGuVjRvYQMJyTtYKuXlHKqVhlw3R1+ma5uvUNiUr 81vh+cX8r5beKwD0+l+LJCu8/pDr30xggauMndCJ4hIGdtjAwp19DB+eBPpOz46Y zxPc0B4fx7MPTwJJkmt9xKomuz6/EB96L8NFaurgDxpP9xZjPuo2Sr5i9gbwYBr7 x6EtoksBe/9pUo8M/NMNE4miIMyn0bBtgEc6sZ6PFMIPj9+qPIhTShDMAQnXdKSl gPCxCN5GhQF1sYDgu7GQ0pCmTxbaIOGfn4/o9lLuUTk0uj20bQ/pOJCipz0A/Zig rJHxFDp1kS2/JWKqQtqWZvGfsBz8ubAJUcOOtuu0I2hbU/215eY7rTbBojFtRQxD 7TCyOnSDOcjQ7AAlUPDhbAxmhEReiZMHNP4IsdqEFuw0MG3v5PFHdVzLh3P1kV6e yHyibVakQWUCTrqpxPuPnCJE0IJ2jmvYqOz6aAV1mKrdkjLddt4DsuvJ1093M9vw O49pPt+PhDQoPlDhVW6gZBaUiUc1O6ZKsGSAGkvIQyk2YqKqQvMjnegQlHgr6HQ9 oFtSmrTjcE38gJGyi4YgmweWH/R1x6YcU8jxbAz1tdFbhN7zD0kEsmXe8xqHcGVj jGD5h9UrFrbFIERAZQKQ =/fSL -----END PGP SIGNATURE-----
I've enabled dovecot-lda logging with:
protocol lda { log_path = info_log_path = syslog_facility = mail }
However it's not producing any entries in the mail syslog. I'm wondering if it's not even executing dovecot-lda then. As a test I tried running "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what happens, and I got a blank email delivered to "username" OK. So based on this I think lda is OK? I am not seeing any errors logged when sendmail tries to use dovecot-lda though.
Here's what "dovecot -n" shows:
2.2.10: /etc/dovecot/dovecot.conf
OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406
(Core) ext4 mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u mail_plugins = " quota" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { driver = pam } plugin { quota = fs:User quota:user quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@localhost protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = </etc/pki/tls/certs/mailcert.crt ssl_key = </etc/pki/tls/private/mailcert.key userdb { driver = passwd } protocol lda { info_log_path = log_path = syslog_facility = mail } protocol imap { mail_plugins = " quota imap_quota" }
Thank you very much for any further thoughts on this.
Chris
These errors just started showing up in the mail syslog, FINALLY. Not sure why it took this long.
dovecot: lda(username): Fatal: setresgid(1000(username),1000(username),12(mail)) failed with euid=0(root): Operation not permitted
After turning off SELinux, mail was finally being delivered! So, I adjusted SELinux to allow a few denied errors for dovecot-lda (including filesystem quotas):
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotlda.te
Then, verified the contents of "dovecotlda.te":
module local 1.0; require { type fs_t; type mqueue_spool_t; type dovecot_deliver_t; class capability { setuid setgid }; class file write; class filesystem quotaget; } #============= dovecot_deliver_t ============== allow dovecot_deliver_t fs_t:filesystem quotaget; allow dovecot_deliver_t mqueue_spool_t:file write; allow dovecot_deliver_t self:capability { setuid setgid };
Then create the policy file and activate it:
checkmodule -M -m -o dovecotlda.mod dovecotlda.te semodule_package -o dovecotlda.pp -m dovecotlda.mod semodule -i dovecotlda.pp
Now with SELinux enforcing, I'm getting mail delivered OK.
Also just to confirm, this is the line I'm using in /etc/mail/sendmail.mc:
FEATURE(local_procmail',
/usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d
$u')dnl
Thanks again for the help, hopefully this helps others in the future with sendmail.
-- Chris
participants (2)
-
Chris Szilagyi
-
Tom Hendrikx