Hi Guys, Since few weeks, our email server based on Dovecot and Postfix has been returning this error with some users without any changes made to the configuration:

mailserver dovecot: imap(user)<1115049><sEfO8d8nm/1dIlwX>: Error: Mailbox INBOX: open(/mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2,) failed: Permission denied (euid=501(vmail) egid=501(vmail) missing +r perm: /mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2, stat(/mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2,) failed: Permission denied)

mailserver dovecot: imap(user)<1115049><sEfO8d8nm/1dIlwX>: Disconnected: FETCH failed: Mailbox INBOX: open(/mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2,) failed: Permission denied (euid=501(vmail) egid=501(vmail) missing +r perm: /mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2, stat(/mnt/mail-storage/user/Maildir/cur/1732656368.M835097P860226.mailserver,S=43548,W=44150:2,) failed: Permission denied) in=429 out=24093 deleted=0 expunged=0 trashed=0 hdr_count=2 hdr_bytes=6437 body_count=0 body_bytes=0

This is the stat of the file after reboot the server: stat 1732656368.M835097P860226.ganimede,S=43548,W=44150:2, File: 1732656368.M835097P860226.ganimede,S=43548,W=44150:2, Size: 43548 Blocks: 88 IO Block: 262144 regular file Device: 0,41 Inode: 2155401218 Links: 1 Access: (0600/-rw-------) Uid: ( 501/ vmail) Gid: ( 501/ vmail) Access: 2024-11-26 22:26:09.925862755 +0100 Modify: 2024-11-26 22:26:10.005861434 +0100 Change: 2024-11-26 22:26:11.175842122 +0100 Birth: -

The strange thing is that the issue seems to this impact only some Users and looks like the error disappear after restarting the server, and reappear few time later.

Dovecot -n: # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 6.1.0-26-amd64 x86_64 Debian 12.7 auth_mechanisms = plain login default_vsz_limit = 1 G doveadm_password = # hidden, use -P to show it doveadm_port = 12345 mail_gid = 501 mail_location = maildir:~/Maildir:INDEX=/var/indexes/%n mail_max_userip_connections = 50 mail_plugins = " notify replication zlib" mail_privileged_group = vmail mail_uid = 501 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Posta inviata" { special_use = \Sent } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { mail_replica = tcp:192.168.3.250 sieve = file:/var/www/html/ooo/%n;active=/var/www/html/ooo/%n/script sieve_default = /var/www/html/ooo/default.sieve sieve_duplicate_default_period = 14d sieve_duplicate_max_period = 7d sieve_extensions = +duplicate +notify +imapflags +vacation-seconds sieve_user_log = /var/www/html/ooo/%n/sieve_error.log } protocols = " imap lmtp sieve pop3" replication_max_conns = 2 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } } service doveadm { inet_listener { port = 12345 } } service imap-login { process_limit = 200 } service imap { vsz_limit = 1 G } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 10 service_count = 1 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 user = vmail } } service stats { unix_listener stats-reader { group = vmail mode = 0666 user = vmail } unix_listener stats-writer { group = vmail mode = 0666 user = vmail } } ssl_cert = </etc/dovecot/private/chain-star_trustitalia_it.pem ssl_cipher_list = ALL:!LOW:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } protocol lmtp { mail_plugins = " notify replication zlib sieve quota zlib" postmaster_address = postmaster@trustitalia.it } protocol lda { auth_socket_path = /var/run/dovecot/auth-master hostname = ganimede.trustitalia.it mail_plugins = " notify replication zlib sieve quota zlib" } protocol imap { mail_plugins = " notify replication zlib zlib" } protocol sieve { mail_max_userip_connections = 10 managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 64 k } protocol pop3 { mail_plugins = " notify replication zlib zlib" }

Thanks