[Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory
Hi,
I've been working on configuring a new Postfix+Dovecot+Cyrus-SASL
+Postgres server to perform multi-domain virtual hosting with non-unix
accounts. I believe I have everything working correctly and have
tested both the SASL portion and POP authentication through telnet and
all works as expected, with one exception.
When I authenticate using POP3:
# telnet mail.host 110 Trying 192.168.XXX.XXX... Connected to mail.host. Escape character is '^]'. +OK Dovecot ready. user user1@domain1.com +OK pass secret +OK Logged in. -ERR No INBOX for user.
And the maillog reports the following:
Jan 21 13:42:32 mail.host dovecot: pop3-login: Login: user=<user1>,
method=PLAIN, rip=192.168.XXX.XXX, lip=192.168.XXX.XXX
Jan 21 13:42:32 mail.host dovecot: POP3(user1): mkdir(/var/spool/
virtual_mailbox/domain1.com/user1/cur) failed: Permission denied
Jan 21 13:42:32 mail.host dovecot: POP3(user1): mkdir(/var/spool/
virtual_mailbox/domain1.com/user1/cur) failed: Permission denied
Jan 21 13:42:32 mail.host dovecot: POP3(user1): Couldn't open INBOX:
Internal error occurred. Refer to server log for more information.
[2008-01-21 13:42:32]
Jan 21 13:42:32 mason dovecot: POP3(user1): No INBOX for user top=0/0,
retr=0/0, del=0/0, size=0
The directory structures for the virtual mailboxes are:
/var/spool/virtual_mailbox/domain1.com/user1 /var/spool/virtual_mailbox/domain2.com/user1
And the entire tree from virtual_mailbox down is owned by
vuser:vuser. The directories have permissions 700.
What I believe is happening is that Dovecot is trying to use the uid
and gid of user1, who doesn't have a system account, rather than
vuser's when writing to the virtual_mailbox folders. I'm not sure how
I can configure Dovecot to use the vuser information.
Here is my dovecot.conf:
protocols = imap pop3 listen = [*] disable_plaintext_auth = no syslog_facility = mail
mail_location = maildir:/var/spool/virtual_mailbox/%h
# Default umask to use for mail files and directories. #umask = 0077
protocol imap { }
protocol pop3 { }
protocol lda { postmaster_address = postmaster@example.com }
auth_debug_passwords = yes auth_debug = yes auth_verbose = yes auth default { # SQL database passdb sql { args = /etc/dovecot-sql.conf }
userdb sql { args = /etc/dovecot-sql.conf }
user = root }
Any insight will be appreciated, I've been working on this non-stop
for several days now and can't seem to figure it out.
Thanks, John
John Dubchak wrote:
Hi,
I've been working on configuring a new Postfix+Dovecot+Cyrus-SASL+Postgres server to perform multi-domain virtual hosting with non-unix accounts. I believe I have everything working correctly and have tested both the SASL portion and POP authentication through telnet and all works as expected, with one exception.
When I authenticate using POP3:
# telnet mail.host 110 Trying 192.168.XXX.XXX... Connected to mail.host. Escape character is '^]'. +OK Dovecot ready. user user1@domain1.com +OK pass secret +OK Logged in. -ERR No INBOX for user.
And the maillog reports the following:
Jan 21 13:42:32 mail.host dovecot: pop3-login: Login: user=<user1>, method=PLAIN, rip=192.168.XXX.XXX, lip=192.168.XXX.XXX Jan 21 13:42:32 mail.host dovecot: POP3(user1): mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: Permission denied Jan 21 13:42:32 mail.host dovecot: POP3(user1): mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: Permission denied Jan 21 13:42:32 mail.host dovecot: POP3(user1): Couldn't open INBOX: Internal error occurred. Refer to server log for more information. [2008-01-21 13:42:32] Jan 21 13:42:32 mason dovecot: POP3(user1): No INBOX for user top=0/0, retr=0/0, del=0/0, size=0
The directory structures for the virtual mailboxes are:
/var/spool/virtual_mailbox/domain1.com/user1 /var/spool/virtual_mailbox/domain2.com/user1
And the entire tree from virtual_mailbox down is owned by vuser:vuser. The directories have permissions 700.
What I believe is happening is that Dovecot is trying to use the uid and gid of user1, who doesn't have a system account, rather than vuser's when writing to the virtual_mailbox folders. I'm not sure how I can configure Dovecot to use the vuser information. if vuser has uid and gid of 5000
Have the userdb part of the dovecot config set to
userdb static {
args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n allow_all_users=yes
}
instead of using the
userdb sql {
}
That should see you right. However, beware there may be security issues allowing one user to write to all mailboxes.
regards
Iain
Here is my dovecot.conf:
protocols = imap pop3 listen = [*] disable_plaintext_auth = no syslog_facility = mail
mail_location = maildir:/var/spool/virtual_mailbox/%h
# Default umask to use for mail files and directories. #umask = 0077
protocol imap { }
protocol pop3 { }
protocol lda { postmaster_address = postmaster@example.com }
auth_debug_passwords = yes auth_debug = yes auth_verbose = yes auth default { # SQL database passdb sql { args = /etc/dovecot-sql.conf }
userdb sql { args = /etc/dovecot-sql.conf }
user = root }
Any insight will be appreciated, I've been working on this non-stop for several days now and can't seem to figure it out.
Thanks, John
On Jan 22, 2008, at 4:34 AM, Iain M Conochie wrote:
if vuser has uid and gid of 5000
Have the userdb part of the dovecot config set to
userdb static {
args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n
allow_all_users=yes}
instead of using the
userdb sql {
}
That should see you right. However, beware there may be security
issues allowing one user to write to all mailboxes.
Ian,
Thanks for the reply. However, when I make the change, %d (domain) is
not getting populated. I am expecting:
/var/spool/virtual_mailbox/domain1.com/user1
But I get:
/var/spool/virtual_mailbox//user1
And the query I use in the logs returns:
client out: OK 1 user=user1 domain=domain1.com
Where does Dovecot get the %d value when it tries to expand it?
Thanks, John
John Dubchak wrote:
On Jan 22, 2008, at 4:34 AM, Iain M Conochie wrote:
if vuser has uid and gid of 5000
Have the userdb part of the dovecot config set to
userdb static {
args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n allow_all_users=yes
}
instead of using the
userdb sql {
}
That should see you right. However, beware there may be security issues allowing one user to write to all mailboxes.
Ian,
Thanks for the reply. However, when I make the change, %d (domain) is not getting populated. I am expecting:
/var/spool/virtual_mailbox/domain1.com/user1
But I get:
/var/spool/virtual_mailbox//user1
In the sql auth file what is
pass_attrs
set to?
Iain
And the query I use in the logs returns:
client out: OK 1 user=user1 domain=domain1.com
Where does Dovecot get the %d value when it tries to expand it?
Thanks, John
participants (2)
-
Iain M Conochie
-
John Dubchak