[Dovecot] Integrating dovecot 1.01 into CentOS-3.8 systemw with chroot passwd dirs?
Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from /home/group but then places them into their home directories, in this case /home/group/pop/user. dovecot can't seem to locate their mail directory.
Can anyone offer any advice on this situation?
Please respond to my email address <og at digimark.net> if you could.
Here are some relevant stats:
example user: lda01 home directory (in /etc/passwd: /home/lda/./pop/lda01 mail folder directory: /home/lda/pop/lda01/mail INBOX: /home/mail/lda01 (/var/mail, /var/spool/mail symlinked to /home/mail.)
dovecot 1.01
output of dovecot -n:
#1.0.1: /etc/dovecot.conf base_dir: /var/run/dovecot log_path: /var/log/dovecot.log protocols: imap imaps pop3 pop3s ssl_disable: yes ssl_cert_file: /usr/share/ssl/certs/dovecot.pem ssl_key_file: /usr/share/ssl/certs/dovecot.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: mail.digimark.net ready. valid_chroot_dirs: /var/mail:/var/spool/mail:/home/mail:/home mail_extra_groups: mail mail_location: mbox:~/mail:INBOX=/home/mail/%u mail_debug: yes mail_full_filesystem_access: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xv%08Xu auth default: passdb: driver: pam args: blocking=yes dovecot userdb: driver: passwd
attempt to login using a Squirrelmail (webmail) client gave these entries in the dovecot.log error log:
dovecot: Jul 12 16:22:50 Info: imap-login: Login: user=<lda01>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured dovecot: Jul 12 16:22:50 Info: IMAP(lda01): Effective uid=10572, gid=510, home=/pop/lda01 dovecot: Jul 12 16:22:50 Info: IMAP(lda01): mbox: data=/pop/lda01/mail:INBOX=/home/mail/lda01 dovecot: Jul 12 16:22:50 Info: IMAP(lda01): mbox: root=/pop/lda01/mail, index=/pop/lda01/mail, inbox=/home/mail/lda01 dovecot: Jul 12 16:23:04 Error: IMAP(lda01): open(/home/mail/lda01, O_CREAT) failed: No such file or directory dovecot: Jul 12 16:23:04 Error: IMAP(lda01): access() failed with mbox file /home/mail/lda01: No such file or directory dovecot: Jul 12 16:23:04 Error: IMAP(lda01): stat() failed with mbox file /home/mail/lda01: No such file or directory dovecot: Jul 12 16:23:58 Info: IMAP(lda01): Disconnected: Logged out
-- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <og@digimark.net> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
On Thu, 2007-07-12 at 17:33 -0400, Gary Goldberg wrote:
Hello. I'm administrating a CentOS 3.8 linux system (RHEL3) and I just replaced the imap-2002d-12 package that came with the system, with a dovecot 1.01 package I obtained through the dovecot home page. The problem I have, is that many of my POP3 users have jailed user accounts set up through wu-ftpd, where the dir field is of the form /home/group/./pop/user, and wu-ftpd chroots them from /home/group but then places them into their home directories, in this case /home/group/pop/user. dovecot can't seem to locate their mail directory.
Dovecot chroots the users as well then.
mail_location: mbox:~/mail:INBOX=/home/mail/%u
Change this to:
mail_location: mbox:~/mail:INBOX=~/%u
Does it work then?
On Fri, 13 Jul 2007, Timo Sirainen wrote:
Dovecot chroots the users as well then.
Thanks for the reply; That's good news.
mail_location: mbox:~/mail:INBOX=/home/mail/%u
Change this to: mail_location: mbox:~/mail:INBOX=~/%u Does it work then?
Wouldn't that parse to $HOME/$USER for each inbox? Currently sendmail/procmail delivers mail to /var/mail, which is symlinked to /home/mail in my system.
-- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <og@digimark.net> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
On 13.7.2007, at 3.57, Gary Goldberg wrote:
mail_location: mbox:~/mail:INBOX=/home/mail/%u
Change this to: mail_location: mbox:~/mail:INBOX=~/%u Does it work then?
Wouldn't that parse to $HOME/$USER for each inbox? Currently
sendmail/procmail delivers mail to /var/mail, which is symlinked to /home/mail in my
system.
Yes, but $HOME expands to / since you have the chroot.
I dug deep into the documentation and I think I understand what's happening, but I have no idea what to do about it. I also took a moment and moved the user INBOX files back from /home/mail to /var/mail, so that wouldn't confuse anything.
(My mail_location is set to mail_location: mbox:~/mail:INBOX=/var/mail/%u )
I have two types of users on my system -- those with home directories (set in /etc/passwd) of the form
/home/group/pop/userwho are allowed to access the file system, and
/home/group/./pop/userwho are chrooted to their home directories for things like ftp.
dovecot appears to be working fine with those users without /./ in their password directory fields.
When dovecot gets the user home directory field from PAM, if it sees the /./, it chroots them so that their home directory is /pop/user, and their mail subdirectory is /pop/user/mail.
But I can't see how dovecot would then access their INBOX, which is located outside the chroot in /var/mail/%u.
For example:
dovecot: Jul 13 10:59:13 Info: pop3-login: Login: user=<lda07>, method=PLAIN, rip=70.21.123.223, lip=64.191.213.14 dovecot: Jul 13 10:59:13 Info: POP3(lda07): Effective uid=10578, gid=510 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: data=/pop/lda07/mail:INBOX=/var/mail/lda07 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: root=/pop/lda07/mail, index=/pop/lda07/mail, inbox=/var/mail/lda07 dovecot: Jul 13 10:59:13 Error: POP3(lda07): open(/var/mail/lda07, O_CREAT) failed: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): access() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): stat() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2007-07-13 10:59:13] dovecot: Jul 13 10:59:13 Info: POP3(lda07): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0
Any thoughts? Thanks. -Gary
-- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <og@digimark.net> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
On Fri, 13 Jul 2007, Timo Sirainen wrote:
On 13.7.2007, at 3.57, Gary Goldberg wrote:
mail_location: mbox:~/mail:INBOX=/home/mail/%u
Change this to: mail_location: mbox:~/mail:INBOX=~/%u Does it work then?
Wouldn't that parse to $HOME/$USER for each inbox? Currently sendmail/procmail delivers mail to /var/mail, which is symlinked to /home/mail in my system.
Yes, but $HOME expands to / since you have the chroot.
I had this error, it was a problem of mailbox size from procmail+postfix I add this to /etc/postfix/mainc.cf file, in order to set the max size of inbos at 1Go : mailbox_size_limit = 1073741824 virtual_mailbox_limit = 1073741824
Sophie
Gary Goldberg a écrit :
I dug deep into the documentation and I think I understand what's happening, but I have no idea what to do about it. I also took a moment and moved the user INBOX files back from /home/mail to /var/mail, so that wouldn't confuse anything.
(My mail_location is set to mail_location: mbox:~/mail:INBOX=/var/mail/%u )
I have two types of users on my system -- those with home directories (set in /etc/passwd) of the form
/home/group/pop/userwho are allowed to access the file system, and
/home/group/./pop/userwho are chrooted to their home directories for things like ftp.
dovecot appears to be working fine with those users without /./ in their password directory fields.
When dovecot gets the user home directory field from PAM, if it sees the /./, it chroots them so that their home directory is /pop/user, and their mail subdirectory is /pop/user/mail.
But I can't see how dovecot would then access their INBOX, which is located outside the chroot in /var/mail/%u.
For example:
dovecot: Jul 13 10:59:13 Info: pop3-login: Login: user=<lda07>, method=PLAIN, rip=70.21.123.223, lip=64.191.213.14 dovecot: Jul 13 10:59:13 Info: POP3(lda07): Effective uid=10578, gid=510 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: data=/pop/lda07/mail:INBOX=/var/mail/lda07 dovecot: Jul 13 10:59:13 Info: POP3(lda07): mbox: root=/pop/lda07/mail, index=/pop/lda07/mail, inbox=/var/mail/lda07 dovecot: Jul 13 10:59:13 Error: POP3(lda07): open(/var/mail/lda07, O_CREAT) failed: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): access() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): stat() failed with mbox file /var/mail/lda07: No such file or directory dovecot: Jul 13 10:59:13 Error: POP3(lda07): Couldn't init INBOX: Internal error occurred. Refer to server log for more information. [2007-07-13 10:59:13] dovecot: Jul 13 10:59:13 Info: POP3(lda07): Mailbox init failed top=0/0, retr=0/0, del=0/0, size=0
Any thoughts? Thanks. -Gary
On Fri, 13 Jul 2007, Sophie Nicoud wrote:
I had this error, it was a problem of mailbox size from procmail+postfix I add this to /etc/postfix/mainc.cf file, in order to set the max size of inbos at 1Go : mailbox_size_limit = 1073741824 virtual_mailbox_limit = 1073741824
Thank you for the feedback. I wasn't able to locate a place to implement this change, because all of the mailboxes have less than 50MB in them, and I'm using sendmail 9.3 plus procmail as the delivery agent. It's defintely clear that if I remove the chroot /./ from the users' passwd file, then everything works fine. I'm going to temporarily remove the /./ from each mail users' account, but I'm still hoping for some insight into a proper fix. -Gary
-- -- "Outside of a dog, a book is a man's best friend. -- Inside of a dog, it is too dark to read." -- Groucho Marx. Gary Goldberg KA3ZYW <og@digimark.net> V:301/249-6501 F:301/390-1955 AIM:OgGreeb Digital Marketing/Bowie MD/Systems & Networks Consult <http://www.digimark.net/>
On Fri, 2007-07-13 at 11:06 -0400, Gary Goldberg wrote:
But I can't see how dovecot would then access their INBOX, which is located outside the chroot in /var/mail/%u.
It couldn't. Your original mail had:
mail_location: mbox:~/mail:INBOX=/home/mail/%u
So I thought the mailboxes were in home directory (and symlinked to /var/mail/).
So the only way to get chrooting to work would be to place all the mailboxes inside the chroot.
participants (3)
-
Gary Goldberg
-
Sophie Nicoud
-
Timo Sirainen