Dear List!
I have a dovecot installment with postgresql based user management. My problem is i see this in postgresql's log file:
root@c13:/var/lib/postgresql/9.4/main/pg_log# cat postgresql-2016-01-24_12.log | grep 26105 2016-01-24 16:34:43 CET [26105-1] maildata@mail ERROR: permission denied for relation i3sysadm_email_account 2016-01-24 16:34:43 CET [26105-2] maildata@mail STATEMENT: DELETE FROM i3sysadm_email_account WHERE userid = 'account@mydomain.com'
This is the error message from dovecot side (i have a lot, so this is from another date):
root@c10:/var/log/dovecot# cat mail.log | grep "Jan 24 17:41:29" Jan 24 17:41:29 dict: Info: pgsql(127.0.0.1): Disconnected from database, retrying commit Jan 24 17:41:29 dict: Error: sql dict: commit failed: ERROR: permission denied for relation i3sysadm_email_account (query: DELETE FROM i3sysadm_email_account WHERE userid = 'account@mydomain.com')
Why the hack dovecot want to delete my e-mail account? Luckily it don't have the permission.. I tried to look in the source code for "delete from", but founded just a general sql handle method.
One possiblity is dovecot try to delete a cascaded information, but what can it be?
Please help, how can i fix this. Thanks in advance, Csaba
root@c10:/var/log/dovecot# dovecot --version 2.2.9
root@c10:/var/log/dovecot# dovecot -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-44-generic x86_64 Ubuntu 14.10 auth_cache_negative_ttl = 0 auth_failure_delay = 3 secs auth_master_user_separator = * auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb base_dir = /var/run/dovecot/ dict { expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_uid = 5000 hostname = mail.mydomain.com lda_mailbox_autocreate = yes listen = 87.229.104.6, :: lmtp_rcpt_check_quota = yes log_path = /var/log/dovecot/mail.log login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = 192.168.0.0/24 mail_access_groups = dovenull mail_gid = dovenull mail_location = sdbox:~/sdbox mail_plugins = quota mail_uid = dovenull managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = *:storage=100M recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve pop3" service auth-postlogin { executable = script-login /etc/dovecot/update_date_smtp.sh user = $default_internal_user } service auth-worker { unix_listener auth-worker { group = $default_internal_user mode = 0660 user = dovecot } user = $default_internal_user } service auth { executable = auth auth-postlogin unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } user = $default_internal_user } service dict { unix_listener dict { group = $default_internal_user mode = 0666 user = $default_internal_user } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/update_date_imap.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { executable = lmtp -L inet_listener lmtp { address = 127.0.0.1 port = 24 } unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3-postlogin { executable = script-login /etc/dovecot/update_date_pop3.sh user = $default_internal_user } service pop3 { executable = pop3 pop3-postlogin } shutdown_clients = no ssl_cert = </etc/dovecot/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/dovecot/private/dovecot.pem ssl_protocols = !SSLv2 !SSLv3 submission_host = 127.0.0.1:25 userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_proctitle = yes protocol lmtp { info_log_path = /var/log/dovecot/lmtp.log mail_plugins = quota quota sieve postmaster_address = postmaster@mydomain.com } protocol lda { mail_plugins = quota sieve } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 mail_plugins = quota imap_quota } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }
root@c10:/etc/dovecot# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext
driver = pgsql
connect = host=127.0.0.1 port=5432 dbname=mail user=maildata password=*
default_pass_scheme = SSHA512
user_query = SELECT userdb_home AS home, userdb_uid AS uid, userdb_gid
AS gid,
mail_location AS mail, quota_rule
FROM i3sysadm_email_account WHERE userid = '%Lu' AND active is true
AND active_domain is true
password_query = SELECT userid AS user, password,
userdb_home, userdb_uid, userdb_gid,
mail_location, quota_rule
FROM i3sysadm_email_account WHERE userid = '%Lu'
and active IS true AND active_domain IS true
iterate_query = SELECT userid FROM i3sysadm_email_account
WHERE active IS true AND active_domain IS true
On 24 Jan 2016, at 19:40, Tóth Csaba <tsabi@tsabi.hu> wrote:
Dear List!
I have a dovecot installment with postgresql based user management. My problem is i see this in postgresql's log file:
root@c13:/var/lib/postgresql/9.4/main/pg_log# cat postgresql-2016-01-24_12.log | grep 26105 2016-01-24 16:34:43 CET [26105-1] maildata@mail ERROR: permission denied for relation i3sysadm_email_account 2016-01-24 16:34:43 CET [26105-2] maildata@mail STATEMENT: DELETE FROM i3sysadm_email_account WHERE userid = 'account@mydomain.com'
This is the error message from dovecot side (i have a lot, so this is from another date):
root@c10:/var/log/dovecot# cat mail.log | grep "Jan 24 17:41:29" Jan 24 17:41:29 dict: Info: pgsql(127.0.0.1): Disconnected from database, retrying commit Jan 24 17:41:29 dict: Error: sql dict: commit failed: ERROR: permission denied for relation i3sysadm_email_account (query: DELETE FROM i3sysadm_email_account WHERE userid = 'account@mydomain.com')
Why the hack dovecot want to delete my e-mail account?
You've configured dict-sql quota, which deletes the quota row when it wants to recalculate quota. With Dovecot v2.2.20+ you could work around this by setting a new "no-unset" parameter (http://wiki2.dovecot.org/Quota/Dict), except this can't work with the PostgreSQL merge_quota() function. Although nowadays PostgreSQL supports UPSERT, which could be used to replace the merge_quota() function. That would require some new Dovecot code though.
In short: With the current code you can't store the current quota usage to a generic users table. Dovecot must be able to delete rows when it wants to recalculate quota.
Yet another way to handle this would be to not use dict-sql for quota, but e.g. dict-file. Then you can use http://wiki2.dovecot.org/Plugins/QuotaClone plugin to keep the SQL database updated. I'd actually recommend doing this in any case over using dict-sql for quota. This would still require you to upgrade to v2.2.17 or newer.
participants (2)
-
Timo Sirainen
-
Tóth Csaba