[Dovecot] help with LMTP setup
Im trying to convert my dovecot-lda setup to use LMTP for better security. My setup is postfix + dovecot + mysql with virtual users. Im setting up dovecot 2.2.1 w/postfix 2.10.0
Im still learning dovecot so Im not totally sure where Im going wrong. Can someone point out why Im getting permission problems? Im also concerned with server security, so if you notice anything that should be better, please point that out. I am the only user on this Linux box.
Thank you!
ls -l /opt/imapdata/j/jeff/INBOX total 8 drwxr-xr-x 2 vmail vmail 4096 Apr 27 14:21 ./ drwxr-xr-x 3 vmail vmail 4096 Apr 27 14:21 ../
Dovecot is running with the following users: root 20847 0.0 0.0 15572 1108 ? Ss 10:23 0:00 /opt/optdovecot/sbin/dovecot dovenull 20848 0.0 0.0 46752 2724 ? S 10:23 0:00 dovecot/imap-login dovenull 20849 0.0 0.0 46752 2720 ? S 10:23 0:00 dovecot/imap-login vmail 20850 0.0 0.0 13408 1068 ? S 10:23 0:00 dovecot/anvil root 20851 0.0 0.0 13540 1192 ? S 10:23 0:00 dovecot/log root 20853 0.0 0.0 16504 2128 ? S 10:23 0:00 dovecot/config vmail 20854 0.0 0.0 136448 2972 ? S 10:23 0:00 dovecot/auth
Im getting the following when an email comes in:
Apr 29 10:11:57 fed8 postfix/virtual[20666]: D88F3DF3BD: to=<jeff@mydomain.com>, relay=virtual, delay=370, delays=370/0.03/0/0.07, dsn=4.2.0, status=deferred (delivery failed to mailbox ///opt/imapdata/j/jeff/INBOX/inbox: unable to create lock file ///opt/imapdata/j/jeff/INBOX/inbox.lock: Permission denied)
my postfix/master.cf entry:
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient}
doveconf -n:
# 2.2.1: /opt/dovecot221/etc/dovecot/dovecot.conf # OS: Linux 3.8.5-201.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain default_internal_user = vmail first_valid_gid = 2000 first_valid_uid = 2000 listen = * lock_method = flock login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_gid = vmail mail_privileged_group = vmail mail_uid = vmail mbox_lock_timeout = 1 mins mbox_write_locks = fcntl passdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } postmaster_address = jeff@otherdomain.com protocols = imap lmtp sendmail_path = /usr/lib/sendmail service auth { inet_listener { port = 12345 } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0660 user = vmail } user = $default_internal_user } service imap-login { inet_listener imaps { port = 993 ssl = yes } process_min_avail = 2 service_count = 1 vsz_limit = 64 M } service lmtp { executable = lmtp -L inet_listener lmtp { address = 192.168.1.22 127.0.0.1 port = 24 } unix_listener lmtp { mode = 0666 } user = vmail } ssl = required ssl_cert = </opt/dovecot/etc/dovecot/conf.d/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!MEDIUM:!SSLv1:!SSLv2:!MD5:!SSL1:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA:TLSv1 ssl_key = </opt/dovecot/etc/dovecot/conf.d/ssl/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/opt/imapdata/%1n/%n driver = static } userdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } userdb { args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext driver = sql } verbose_ssl = yes protocol lmtp { info_log_path = /var/log/dovelmtp.log mail_plugins = " sieve" } protocol lda { info_log_path = /var/log/doveinfo.log log_path = /var/log/dovelda.log } protocol imap { imap_idle_notify_interval = 1 mins imap_max_line_length = 64 k mail_max_userip_connections = 5 }
/mf/home/jeep/shell/.signature
Am 29.04.2013 19:26, schrieb Jeff Lacki:
my postfix/master.cf entry:
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient}
with short look you mixed wrong with lda setup ?
which may setup i.e like this
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
i.e lmtp can be done like this
/etc/postfix/main.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
/etc/dovecot/conf.d/10-master.conf
service lmtp { vsz_limit = ... unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } process_min_avail = ... }
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Robert Schetterer <rs@sys4.de> wrote:
Am 29.04.2013 19:26, schrieb Jeff Lacki:
my postfix/master.cf entry:
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient}
with short look you mixed wrong with lda setup ?
which may setup i.e like this
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
i.e lmtp can be done like this
/etc/postfix/main.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
/etc/dovecot/conf.d/10-master.conf
service lmtp { vsz_limit = ... unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } process_min_avail = ... }
Best Regards MfG Robert Schetterer
Thanks Robert, unfortunately I still get the same error after making those modifications. Any other suggestions?
Thanks!
/mf/home/jeep/shell/.signature
jeep@rahul.net (Jeff Lacki) wrote:
Thanks Robert, unfortunately I still get the same error after making those modifications. Any other suggestions?
Thanks!
/mf/home/jeep/shell/.signature
Ok I changed the permissions on the directory:
/opt/imapdata/j/jeff/INBOX to 777:
total 20 drwxrwxrwx 2 postfix postfix 4096 Apr 29 17:46 ./ drwxr-xr-x 3 postfix postfix 4096 Apr 27 14:21 ../ -rw------- 1 2000 2000 8490 Apr 29 17:46 inbox
I realize this isnt the most secure, but it is working.
If anyone has the proper suggestion for me please let me know. I forgot to mention that the uid/gid are coming from the database.
Thanks for any help, Jeff
/mf/home/jeep/shell/.signature
Am 30.04.2013 02:48, schrieb Jeff Lacki:
jeep@rahul.net (Jeff Lacki) wrote:
Thanks Robert, unfortunately I still get the same error after making those modifications. Any other suggestions?
Thanks!
/mf/home/jeep/shell/.signature
Ok I changed the permissions on the directory:
/opt/imapdata/j/jeff/INBOX to 777:
total 20 drwxrwxrwx 2 postfix postfix 4096 Apr 29 17:46 ./ drwxr-xr-x 3 postfix postfix 4096 Apr 27 14:21 ../ -rw------- 1 2000 2000 8490 Apr 29 17:46 inbox
I realize this isnt the most secure, but it is working.
If anyone has the proper suggestion for me please let me know. I forgot to mention that the uid/gid are coming from the database.
Thanks for any help, Jeff
/mf/home/jeep/shell/.signature
depends what you wanna goal, you shouldnt use user postfix better create a seperate new user vmail group vmail in virtual setups
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (2)
-
jeep@rahul.net
-
Robert Schetterer