Using dovecot-lda with sendmail
Hello:
I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 server. I've tried following the instructions at the wiki, http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and restarting sendmail -- the process for any sendmail config change. However it is still not working and in the maillog, it shows:
sendmail[31949]: sAEM4GTt031742: to=user@localhost, ctladdr=test@localhost (1000/1000), delay=00:08:31, xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0, stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL
I verified that SELinux is not interfering in this case.
I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda as other users, but I see that the file on my system is uid/gid as: root/root.
Is there a way to get this working? Thanks much!
-- Chris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 15-11-14 00:00, Chris Szilagyi wrote:
Hello:
I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 server. I've tried following the instructions at the wiki, http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and restarting sendmail -- the process for any sendmail config change. However it is still not working and in the maillog, it shows:
sendmail[31949]: sAEM4GTt031742: to=user@localhost, ctladdr=test@localhost (1000/1000), delay=00:08:31, xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0, stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL
I verified that SELinux is not interfering in this case.
I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda as other users, but I see that the file on my system is uid/gid as: root/root.
Is there a way to get this working? Thanks much!
It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is.
Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot.
Regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCAAGBQJUZ1KuAAoJEJPfMZ19VO/1iPIP/jMZsmCEvPpcTgLoIdU0/Nig lTPk1NlXYfxyQhYQan1pvpNRvGuVjRvYQMJyTtYKuXlHKqVhlw3R1+ma5uvUNiUr 81vh+cX8r5beKwD0+l+LJCu8/pDr30xggauMndCJ4hIGdtjAwp19DB+eBPpOz46Y zxPc0B4fx7MPTwJJkmt9xKomuz6/EB96L8NFaurgDxpP9xZjPuo2Sr5i9gbwYBr7 x6EtoksBe/9pUo8M/NMNE4miIMyn0bBtgEc6sZ6PFMIPj9+qPIhTShDMAQnXdKSl gPCxCN5GhQF1sYDgu7GQ0pCmTxbaIOGfn4/o9lLuUTk0uj20bQ/pOJCipz0A/Zig rJHxFDp1kS2/JWKqQtqWZvGfsBz8ubAJUcOOtuu0I2hbU/215eY7rTbBojFtRQxD 7TCyOnSDOcjQ7AAlUPDhbAxmhEReiZMHNP4IsdqEFuw0MG3v5PFHdVzLh3P1kV6e yHyibVakQWUCTrqpxPuPnCJE0IJ2jmvYqOz6aAV1mKrdkjLddt4DsuvJ1093M9vw O49pPt+PhDQoPlDhVW6gZBaUiUc1O6ZKsGSAGkvIQyk2YqKqQvMjnegQlHgr6HQ9 oFtSmrTjcE38gJGyi4YgmweWH/R1x6YcU8jxbAz1tdFbhN7zD0kEsmXe8xqHcGVj jGD5h9UrFrbFIERAZQKQ =/fSL -----END PGP SIGNATURE-----
It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is.
Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot.
Regards, Tom
I've enabled dovecot-lda logging with:
protocol lda { log_path = info_log_path = syslog_facility = mail }
However it's not producing any entries in the mail syslog. I'm wondering if it's not even executing dovecot-lda then. As a test I tried running "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what happens, and I got a blank email delivered to "username" OK. So based on this I think lda is OK? I am not seeing any errors logged when sendmail tries to use dovecot-lda though.
Here's what "dovecot -n" shows:
# 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) ext4 mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u mail_plugins = " quota" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { driver = pam } plugin { quota = fs:User quota:user quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@localhost protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Thank you very much for any further thoughts on this.
Chris
It seems that sendamil is running the lda, but the lda has problems that are reported by by exiting with tempfail. You should check the logging that is emitted by dovecot-lda to find what the problem is.
Ownership of the binary should not be one of them, I think, but show us logging from dovecot-lda and we can tell you more. 'dovecot -n' output would also help a lot.
Regards, Tom
I've enabled dovecot-lda logging with:
protocol lda { log_path = info_log_path = syslog_facility = mail }
However it's not producing any entries in the mail syslog. I'm wondering if it's not even executing dovecot-lda then. As a test I tried running "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what happens, and I got a blank email delivered to "username" OK. So based on this I think lda is OK? I am not seeing any errors logged when sendmail tries to use dovecot-lda though.
Here's what "dovecot -n" shows:
# 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406 (Core) ext4 mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u mail_plugins = " quota" mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace inbox { inbox = yes location = prefix = } passdb { driver = pam } plugin { quota = fs:User quota:user quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@localhost protocols = imap pop3 sieve service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Thank you very much for any further thoughts on this.
Chris
These errors just started showing up in the mail syslog, FINALLY. Not sure why it took this long.
dovecot: lda(username): Fatal: setresgid(1000(username),1000(username),12(mail)) failed with euid=0(root): Operation not permitted
After turning off SELinux, mail was finally being delivered! So, I adjusted SELinux to allow a few denied errors for dovecot-lda (including filesystem quotas):
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotlda.te
Then, verified the contents of "dovecotlda.te":
module local 1.0; require { type fs_t; type mqueue_spool_t; type dovecot_deliver_t; class capability { setuid setgid }; class file write; class filesystem quotaget; } #============= dovecot_deliver_t ============== allow dovecot_deliver_t fs_t:filesystem quotaget; allow dovecot_deliver_t mqueue_spool_t:file write; allow dovecot_deliver_t self:capability { setuid setgid };
Then create the policy file and activate it:
checkmodule -M -m -o dovecotlda.mod dovecotlda.te semodule_package -o dovecotlda.pp -m dovecotlda.mod semodule -i dovecotlda.pp
Now with SELinux enforcing, I'm getting mail delivered OK.
Also just to confirm, this is the line I'm using in /etc/mail/sendmail.mc:
FEATURE(local_procmail', /usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d
$u')dnl
Thanks again for the help, hopefully this helps others in the future with sendmail.
-- Chris
participants (2)
-
Chris Szilagyi
-
Tom Hendrikx