Permissions on /var/log/dovecot
/var/log/dovecot exists and has a lot of logging in it, but I get errors (in mail.log) on an always_bcc action in postfix:
mail postfix/pipe[13015]: 401cvS0R8BzbSkL: to=<backup+073.kremels-kreme@doamin.tld>, relay=dovecot, delay=398058, delays=398045/13/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot: Permission denied )
What should the permissions on /var/log/dovecot be? (they are 640 root:wheel on FreeBSD, identical to mail.log)
On 19 March 2018 at 22:06, @lbutlr <kremels@kreme.com> wrote:
/var/log/dovecot exists and has a lot of logging in it, but I get errors (in mail.log) on an always_bcc action in postfix:
mail postfix/pipe[13015]: 401cvS0R8BzbSkL: to=<backup+073.kremels-kreme@doamin.tld>, relay=dovecot, delay=398058, delays=398045/13/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot: Permission denied )
What should the permissions on /var/log/dovecot be? (they are 640 root:wheel on FreeBSD, identical to mail.log)
Is Postfix really supposed to write to this file? Why??
Make Postfix to write it's work in it's own log file please. Let an MTA have it's separate log file from POP3/IMAP4.
Plus, if dovecot is able to write to a file owned by root:wheel, then there is a BIG problem right there!!!
What does your doveconf -n have?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 19 March 2018 at 22:45, @lbutlr <kremels@kreme.com> wrote:
On 2018-03-19 (13:19 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
What does your doveconf -n have?
imap_id_log = * log_path = /var/log/dovecot
This is a very useless response!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
So is yours.
Why not say what SHOULD be done? Since we were discussing logging, including only the lines about logging seem to be a reasonable response to the original open-ended question. “Please include the complete output of ‘dovecot -n’” would get your point across instead of just letting you be a snarky ass. On Mon, Mar 19, 2018 at 1:14 PM Odhiambo Washington <odhiambo@gmail.com> wrote:
On 19 March 2018 at 22:45, @lbutlr <kremels@kreme.com> wrote:
On 2018-03-19 (13:19 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
What does your doveconf -n have?
imap_id_log = * log_path = /var/log/dovecot
This is a very useless response!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 19 March 2018 at 23:19, Roger Klorese <rogerklorese@gmail.com> wrote:
So is yours.
Why not say what SHOULD be done? Since we were discussing logging, including only the lines about logging seem to be a reasonable response to the original open-ended question. “Please include the complete output of ‘dovecot -n’” would get your point across instead of just letting you be a snarky ass. On Mon, Mar 19, 2018 at 1:14 PM Odhiambo Washington <odhiambo@gmail.com> wrote:
On 19 March 2018 at 22:45, @lbutlr <kremels@kreme.com> wrote:
On 2018-03-19 (13:19 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
What does your doveconf -n have?
imap_id_log = * log_path = /var/log/dovecot
This is a very useless response!
Agreed.
Top-posting is evil :-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 2018-03-19 (13:19 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
Plus, if dovecot is able to write to a file owned by root:wheel, then there is a BIG problem right there!!!
Logging is generally done by syslogd, not directly by the process. So no, dovecot is not writing to a file owned by root anymore than postfix is writing to mail.log which is also owned by root.
In my specific case, it is rsyslogd.
-- "Woof bloody woof."
On 19 March 2018 at 22:48, @lbutlr <kremels@kreme.com> wrote:
On 2018-03-19 (13:19 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
Plus, if dovecot is able to write to a file owned by root:wheel, then
there is a BIG problem right there!!!
Logging is generally done by syslogd, not directly by the process. So no, dovecot is not writing to a file owned by root anymore than postfix is writing to mail.log which is also owned by root.
In my specific case, it is rsyslogd.
I have been running FreeBSD since 1997, so I know quite a lot about it! I know about /etc/syslog.conf, but you do realize now that you are conflicting yourself? You want to provide doveconf -n output and get help, or figure it out yourself. I run dovecot and Exim (MTA) on FreeBSD. I don't use syslogd to do the logging as the same can be controlled within the respective daemons. So, figure out what you have done to make Postfix want to write to /var/log/dovecot.log. In the meantime, you can chmod 1777 /var/log/dovecot.log as you figure things out!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 2018-03-19 (14:20 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
I have been running FreeBSD since 1997, so I know quite a lot about it! I know about /etc/syslog.conf, but you do realize now that you are conflicting yourself?
No, I am not, I pointed out that dovecot does not writ ether logs, but that is a task generally managed by syslogd. then I said that in my case it was rsyslogd.
You want to provide doveconf -n output and get help, or figure it out yourself.
the only lines in doveconf -n that relate to logging are the two lines I posted. The rest of dovecot's logging properly shows up in /var/log/dovecot, only the bcc delivery seems to error out.
I run dovecot and Exim (MTA) on FreeBSD. I don't use syslogd to do the logging as the same can be controlled within the respective daemons. So, figure out what you have done to make Postfix want to write to /var/log/dovecot.log.
I never said postfix was writing to dovecot's log. What gave you that idea?
# doveconf -n
# 2.2.34 (874deae): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: FreeBSD 11.1-RELEASE-p4 i386
# Hostname: mail.covisp.net
auth_failure_delay = 5 secs
auth_mechanisms = PLAIN LOGIN
default_client_limit = 4096
default_process_limit = 1024
default_vsz_limit = 768 M
disable_plaintext_auth = no
first_valid_uid = 89
imap_id_log = *
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot
login_log_format_elements = user=<%u> %r %m %c
mail_location = maildir:~/Maildir
mail_max_userip_connections = 90
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
username_filter = !*@*
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert = </usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u mail=maildir:/usr/local/virtual/%u
driver = sql
}
protocol imap {
mail_plugins = " virtual imap_sieve"
}
-- Some books are undeservedly forgotten; none are undeservedly remembered
On 19.03.2018 23:19, @lbutlr wrote:
On 2018-03-19 (14:20 MDT), Odhiambo Washington <odhiambo@gmail.com> wrote:
I have been running FreeBSD since 1997, so I know quite a lot about it! I know about /etc/syslog.conf, but you do realize now that you are conflicting yourself? No, I am not, I pointed out that dovecot does not writ ether logs, but that is a task generally managed by syslogd. then I said that in my case it was rsyslogd.
You want to provide doveconf -n output and get help, or figure it out yourself. the only lines in doveconf -n that relate to logging are the two lines I posted. The rest of dovecot's logging properly shows up in /var/log/dovecot, only the bcc delivery seems to error out.
I run dovecot and Exim (MTA) on FreeBSD. I don't use syslogd to do the logging as the same can be controlled within the respective daemons. So, figure out what you have done to make Postfix want to write to /var/log/dovecot.log. I never said postfix was writing to dovecot's log. What gave you that idea?
# doveconf -n # 2.2.34 (874deae): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.22 (22940fb7) # OS: FreeBSD 11.1-RELEASE-p4 i386
# Hostname: mail.covisp.net auth_failure_delay = 5 secs auth_mechanisms = PLAIN LOGIN default_client_limit = 4096 default_process_limit = 1024 default_vsz_limit = 768 M disable_plaintext_auth = no first_valid_uid = 89 imap_id_log = * lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot This will disable syslog usage.
Also if you use dovecot-lda you probably should run it as root, and let it setuid to target user. It's not 100% required, but does make some things easier.
Aki
On Mar 20, 2018, at 01:23, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
This will disable syslog usage.
Thank you, I’ll disable that and use rsyslogd to split out the dovecot related logging then.
-- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.
participants (5)
-
@lbutlr
-
Aki Tuomi
-
LuKreme
-
Odhiambo Washington
-
Roger Klorese