Re: [Dovecot] auth-master: Permission denied [sigh]
Here is everything I could think of that might pertain to this, as currently configured on my dedicated server. It's all fresh! :)
## SYSTEM ##
Fedora 10 Postfix 2.55 Dovecot 1.2.rc2 Spamassassin 3.2.5
SELinux (no SELinux restrictions. Testing done with SELinux=permissive.) SASLAuthd (not required for local delivery)
## dovecot -n ##
# 1.2.rc2: /usr/local/etc/dovecot.conf # OS: Linux 2.6.27.15-170.2.24.fc10.i686 i686 Fedora rel 10 (Cambridge) protocols: imaps listen: *:993 ssl_cert_file: /etc/pki/dovecot/certs/dovecot.pem ssl_key_file: /etc/pki/dovecot/private/dovecot.pem login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login first_valid_gid: 0 mail_location: maildir:~/Maildir auth default: passdb: driver: pam userdb: driver: passwd
## /usr/local/etc/dovecot.conf ##
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 # user = group = dovecot } client { path = /var/run/dovecot/auth-client mode = 0666 # user = group = dovecot } }
## POSTFIX CONFIG ##
/etc/postfix/main.cf:
mailbox_transport = spamassassin
/etc/postfix/master.cf:
spamassassin unix - n n - - pipe user=spam:dovecot argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender} -d ${user} -m ${extension}
## PERMISSIONS / OWNERSHIP ##
/usr/local/libexec/dovecot:
-rwxr-xr-x 1 root root 197513 2009-04-03 13:52 checkpassword-reply -rwxr-xr-x 1 root dovecot 4044835 2009-04-14 13:52 deliver -rwxr-xr-x 1 root root 1044608 2009-04-03 13:52 dovecot-auth
/var/run:
drwxrwxrwx 3 root dovecot 4096 2009-04-14 12:07 dovecot
/var/run/dovecot:
drwxr-x--- 2 root dovecot 4096 2009-04-09 06:56 login
/usr/bin/spamassassin:
-rwxr-xr-x 1 root root 27023 2008-09-04 14:51 spamassassin
/home/user:
drwx------ 4 user dovecot 4096 2009-04-14 12:00 user
## 'ps aux' OUTPUT (trimmed) ##
root Ss 11:14 0:02 /usr/local/sbin/dovecot
root S 12:07 0:00 dovecot-auth
root S 12:07 0:00 dovecot-auth -w
root Ss 11:14 0:31 /usr/bin/spamd -d -c -m5 -H --username spam -r
/var/run/spamd.pid
spam S 11:14 0:27 spamd child
spam S 11:14 0:08 spamd child
## 'ps aux | grep deliver' numerous times until I caught one: ##
postfix S 12:47 0:00 pipe -n spamassassin -t unix user=spam:dovecot
argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender}
-d ${user} -m ${extension}
spam Ss 12:47 0:00 /usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
-f sender@example.com -d user -m
## /var/log/maillog OUTPUT ##
Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: connect from
IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: C7FB9FA00FA:
client=IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:15 ltfs450 postfix/cleanup[23177]: C7FB9FA00FA:
message-id=<49E4EA41.6020908@example-send.com>
Apr 14 14:53:15 ltfs450 postfix/qmgr[23171]: C7FB9FA00FA:
from=<sender@example-send.com>, size=2215, nrcpt=1 (queue active)
Apr 14 14:53:15 ltfs450 postfix/smtpd[23173]: disconnect from
IP-ADD-RES-SS.dedicatedprovider.com[IP.ADD.RES.SS]
Apr 14 14:53:16 ltfs450 spamd[4121]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 50035
Apr 14 14:53:16 ltfs450 spamd[4121]: spamd: processing message
<49E4EA41.6020908@example-send.com> for spam:653
Apr 14 14:53:20 ltfs450 spamd[4121]: spamd: clean message (2.2/5.0)
for spam:653 in 4.7 seconds, 2167 bytes.
Apr 14 14:53:21 ltfs450 spamd[4121]: spamd: result: . 2 -
AWL,RDNS_DYNAMIC,TVD_SPACE_RATIO scantime=4.7,size=2167,user=spam,
uid=653,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,
rport=50035,mid=<49E4EA41.6020908@example-send.com>,autolearn=no
Apr 14 14:53:21 ltfs450 deliver(user): Can't connect to auth server
at /var/run/dovecot/auth-master: Permission denied
Apr 14 14:53:21 ltfs450 postfix/pipe[23179]: C7FB9FA00FA:
to=<user@example-receive.com>, relay=spamassassin, delay=5.2,
delays=0.01/0.01/0/5.2, dsn=4.3.0, status=deferred (temporary failure)
Apr 14 14:53:21 ltfs450 spamd[4119]: prefork: child states: II
I'm not all that good with Postfix configuration, but:
On Tue, 2009-04-14 at 13:05 -0700, James Butler wrote:
## POSTFIX CONFIG ##
/etc/postfix/main.cf:
mailbox_transport = spamassassin
Remove this.
/etc/postfix/master.cf:
spamassassin unix - n n - - pipe user=spam:dovecot argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender} -d ${user} -m ${extension}
Remove this and add to main.cf:
mailbox_command = /usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
Well bust my buttons! Thanks, Timo! FUNCTIONING! Let Postfix figure out the proper user. BTW, my 'deliver' is set to 755. Nothing special.
I'm not all that good with Postfix configuration, but:
Clearly quite good enough.
On Tue, 2009-04-14 at 13:05 -0700, James Butler wrote:
## POSTFIX CONFIG ##
/etc/postfix/main.cf:
mailbox_transport = spamassassin
Remove this.
Right ... don't bother sending to the custom Postfix transport, below.
/etc/postfix/master.cf:
spamassassin unix - n n - - pipe user=spam:dovecot argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver -f ${sender} -d ${user} -m ${extension}
Remove this (JB: CUSTOM TRANSPORT) and add to main.cf:
mailbox_command = /usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
Et voila. Once the SELinux policies were adjusted to allow Postfix to run spamc, we're off and running!
Here is my current setup that's WORKING:
Mail => Postfix => spamc | deliver => INBOX
/etc/postfix/main.cf: mailbox_command = /usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
/etc/postfix/master.cf: [no changes to default]
/usr/local/etc/dovecot.conf:
socket listen { master { path = /var/run/dovecot/auth-master # Fairly permissive mode ... might be unnecessary mode = 0666 # Default user (root) # user = # Group with access to /var/run/dovecot ... might be unnecessary group = dovecot } client { path = /var/run/dovecot/auth-client # Permissive mode ... might be unnecessary mode = 0666 # Default user (root) # user = # Group with access to /var/run/dovecot ... might be unnecessary group = dovecot } }
If anyone wants a copy of my SELinux local_postfix.te and instructions for using it, I'll happily post them.
The "might be unnecessary" items above I just left as they were because the setup is working and I really don't want to futz with it any further, today. I'll probably test different settings in dovecot.conf over the next couple of days, and if something changes, I'll post back under this thread.
Thank you all so much for your time and effort in helping me solve this problem.
James
(Merry Christmas, Noel!)
participants (2)
-
James Butler
-
Timo Sirainen