[Dovecot] Something weird happening...
Hi to all,
I use Dovecot dovecot11-1.1.3-5.1 from OpenSuSE 11, when i send a mail from the logs i read:
Oct 8 10:36:31 mail postfix/pipe[17934]: A360A851: to=mediatest@atpss.net, relay=dovecot, delay=0.22, delays=0.18/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
But, log files seems ok:
-rw------- 1 777 root 56 Oct 8 10:35 dovecot-err.log -rw------- 1 777 root 302 Oct 8 10:35 dovecot-inf.log
Also processess seems right:
root 17965 0.0 0.0 2052 584 ? Ss 10:35 0:00 /usr/sbin/dovecot root 17966 0.0 0.2 8564 2172 ? S 10:35 0:00 dovecot-auth root 17967 0.0 0.2 8564 2356 ? S 10:35 0:00 dovecot-auth -w dovecot 17969 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17970 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17971 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17972 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17973 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17974 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login
Here is my config:
log_path: /var/log/dovecot-err.log info_log_path: /var/log/dovecot-inf.log protocols: imap pop3 ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 51 last_valid_uid: 51 mail_location: maildir:/var/mail/virtual/%n@%d mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib64/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib64/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %Mf auth default: passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf userdb: driver: passwd userdb: driver: sql args: /etc/dovecot/dovecot-mysql.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 plugin: quota: maildir quota_warning: storage=80%% /usr/local/bin/quota-warning.sh 80
So, what can be the problem?
Thanks,
Claudio Prono.
--
Claudio Prono Systems Development @ Atpss.net Srl, Divisione Implementazione Sistemi Via San Bernardino, 17 - 10137 Torino (TO) - IT Tel +39-011.32.72.100 Fax +39-011.32.46.497 PGP Fingerprint: 75C2 4049 E23D 2FBF A65F 40DB EA5C 11AC C2B0 3647 Disclaimer: http://atpss.net/disclaimer
On Wed, 08 Oct 2008 10:44:25 +0200, Claudio Prono wrote:
Hi to all,
I use Dovecot dovecot11-1.1.3-5.1 from OpenSuSE 11, when i send a mail from the logs i read:
Oct 8 10:36:31 mail postfix/pipe[17934]: A360A851: to=mediatest@atpss.net, relay=dovecot, delay=0.22, delays=0.18/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
But, log files seems ok:
-rw------- 1 777 root 56 Oct 8 10:35 dovecot-err.log -rw------- 1 777 root 302 Oct 8 10:35 dovecot-inf.log
According to the below output, the above output is wrong. User with UID 777 does not exist, hence, the Permission denied.
You should chown dovecot /var/log/dovecot-*.log
Also processess seems right:
root 17965 0.0 0.0 2052 584 ? Ss 10:35 0:00 /usr/sbin/dovecot root 17966 0.0 0.2 8564 2172 ? S 10:35 0:00 dovecot-auth root 17967 0.0 0.2 8564 2356 ? S 10:35 0:00 dovecot-auth -w dovecot 17969 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17970 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17971 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17972 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17973 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17974 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login
-- Elisamuel Resto | GPG: 18615F19 samuel@dragonboricua.net | Source Mage GNU/Linux Tome Lead http://simplysam.us/ | http://www.sourcemage.org/
Sorry, mine error. I have tried to make readable and writeble to all the files, so i have do wrongly chown 777 files. Now is fixed, but still recieve error:
-rw------- 1 root root 224 Oct 8 10:57 dovecot-err.log -rw------- 1 root root 888 Oct 8 10:57 dovecot-inf.log
The log is:
Oct 8 10:57:28 mail postfix/smtpd[18296]: C878485F: client=localhost[127.0.0.1] Oct 8 10:57:28 mail postfix/cleanup[18288]: C878485F: message-id=48EC762D.6080106@atpss.net Oct 8 10:57:28 mail postfix/qmgr[3303]: C878485F: from=claudio.prono@atpss.net, size=1310, nrcpt=1 (queue active) Oct 8 10:57:28 mail postfix/smtpd[18296]: disconnect from localhost[127.0.0.1] Oct 8 10:57:28 mail postfix/pipe[18290]: 8E90385E: to=mediatest@atpss.net, relay=dspam, delay=0.39, delays=0.1/0.01/0/0.28, dsn=2.0.0, status=sent (delivered via dspam service) Oct 8 10:57:28 mail postfix/qmgr[3303]: 8E90385E: removed Oct 8 10:57:29 mail postfix/pipe[18298]: C878485F: to=mediatest@atpss.net, relay=dovecot, delay=0.23, delays=0.17/0.01/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
What can be?
Elisamuel Resto ha scritto:
On Wed, 08 Oct 2008 10:44:25 +0200, Claudio Prono wrote:
Hi to all,
I use Dovecot dovecot11-1.1.3-5.1 from OpenSuSE 11, when i send a mail from the logs i read:
Oct 8 10:36:31 mail postfix/pipe[17934]: A360A851: to=mediatest@atpss.net, relay=dovecot, delay=0.22, delays=0.18/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
But, log files seems ok:
-rw------- 1 777 root 56 Oct 8 10:35 dovecot-err.log -rw------- 1 777 root 302 Oct 8 10:35 dovecot-inf.log
According to the below output, the above output is wrong. User with UID 777 does not exist, hence, the Permission denied.
You should chown dovecot /var/log/dovecot-*.log
Also processess seems right:
root 17965 0.0 0.0 2052 584 ? Ss 10:35 0:00 /usr/sbin/dovecot root 17966 0.0 0.2 8564 2172 ? S 10:35 0:00 dovecot-auth root 17967 0.0 0.2 8564 2356 ? S 10:35 0:00 dovecot-auth -w dovecot 17969 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17970 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17971 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17972 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17973 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17974 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login
--
Claudio Prono Systems Development @ Atpss.net Srl, Divisione Implementazione Sistemi Via San Bernardino, 17 - 10137 Torino (TO) - IT Tel +39-011.32.72.100 Fax +39-011.32.46.497 PGP Fingerprint: 75C2 4049 E23D 2FBF A65F 40DB EA5C 11AC C2B0 3647 Disclaimer: http://atpss.net/disclaimer
Very strange, i have tryied to chmod 666 all log files, like that:
-rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log
(Is terrible i know, but only a test)
Now i have another error (written in log of dovecot!)
deliver(mediatest@atpss.net): Oct 08 11:08:20 Error: Can't connect to auth server at /var/run/dovecot/auth-master: Permission denied
Seems all a problem of user running dovecot...is not root? Dunno why... In config there isn't nothing to do so.
Any suggestion?
Thank you,
Claudio.
Claudio Prono ha scritto:
Sorry, mine error. I have tried to make readable and writeble to all the files, so i have do wrongly chown 777 files. Now is fixed, but still recieve error:
-rw------- 1 root root 224 Oct 8 10:57 dovecot-err.log -rw------- 1 root root 888 Oct 8 10:57 dovecot-inf.log
The log is:
Oct 8 10:57:28 mail postfix/smtpd[18296]: C878485F: client=localhost[127.0.0.1] Oct 8 10:57:28 mail postfix/cleanup[18288]: C878485F: message-id=48EC762D.6080106@atpss.net Oct 8 10:57:28 mail postfix/qmgr[3303]: C878485F: from=claudio.prono@atpss.net, size=1310, nrcpt=1 (queue active) Oct 8 10:57:28 mail postfix/smtpd[18296]: disconnect from localhost[127.0.0.1] Oct 8 10:57:28 mail postfix/pipe[18290]: 8E90385E: to=mediatest@atpss.net, relay=dspam, delay=0.39, delays=0.1/0.01/0/0.28, dsn=2.0.0, status=sent (delivered via dspam service) Oct 8 10:57:28 mail postfix/qmgr[3303]: 8E90385E: removed Oct 8 10:57:29 mail postfix/pipe[18298]: C878485F: to=mediatest@atpss.net, relay=dovecot, delay=0.23, delays=0.17/0.01/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
What can be?
Elisamuel Resto ha scritto:
On Wed, 08 Oct 2008 10:44:25 +0200, Claudio Prono wrote:
Hi to all,
I use Dovecot dovecot11-1.1.3-5.1 from OpenSuSE 11, when i send a mail from the logs i read:
Oct 8 10:36:31 mail postfix/pipe[17934]: A360A851: to=mediatest@atpss.net, relay=dovecot, delay=0.22, delays=0.18/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
But, log files seems ok:
-rw------- 1 777 root 56 Oct 8 10:35 dovecot-err.log -rw------- 1 777 root 302 Oct 8 10:35 dovecot-inf.log
According to the below output, the above output is wrong. User with UID 777 does not exist, hence, the Permission denied.
You should chown dovecot /var/log/dovecot-*.log
Also processess seems right:
root 17965 0.0 0.0 2052 584 ? Ss 10:35 0:00 /usr/sbin/dovecot root 17966 0.0 0.2 8564 2172 ? S 10:35 0:00 dovecot-auth root 17967 0.0 0.2 8564 2356 ? S 10:35 0:00 dovecot-auth -w dovecot 17969 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17970 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17971 0.0 0.1 3476 1572 ? S 10:36 0:00 pop3-login dovecot 17972 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17973 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login dovecot 17974 0.0 0.1 3484 1584 ? S 10:36 0:00 imap-login
--
Claudio Prono Systems Development @ Atpss.net Srl, Divisione Implementazione Sistemi Via San Bernardino, 17 - 10137 Torino (TO) - IT Tel +39-011.32.72.100 Fax +39-011.32.46.497 PGP Fingerprint: 75C2 4049 E23D 2FBF A65F 40DB EA5C 11AC C2B0 3647 Disclaimer: http://atpss.net/disclaimer
On Wed, 2008-10-08 at 11:12 +0200, Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that:
-rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log
(Is terrible i know, but only a test)
Now i have another error (written in log of dovecot!)
deliver(mediatest@atpss.net): Oct 08 11:08:20 Error: Can't connect to auth server at /var/run/dovecot/auth-master: Permission denied
Seems all a problem of user running dovecot...is not root? Dunno why... In config there isn't nothing to do so.
deliver isn't normally run as root, unless you've made it setuid-root. So the log files and the auth-master socket need to be writable by the user who runs deliver (as defined in Postfix's master.cf).
(Of course the user running deliver also needs to have access to all users' mails. If you're using system users you'll need to make deliver setuid-root.)
Timo Sirainen wrote:
On Wed, 2008-10-08 at 11:12 +0200, Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that:
-rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log
(Is terrible i know, but only a test)
Now i have another error (written in log of dovecot!)
deliver(mediatest@atpss.net): Oct 08 11:08:20 Error: Can't connect to auth server at /var/run/dovecot/auth-master: Permission denied
Seems all a problem of user running dovecot...is not root? Dunno why... In config there isn't nothing to do so.
deliver isn't normally run as root, unless you've made it setuid-root. So the log files and the auth-master socket need to be writable by the user who runs deliver (as defined in Postfix's master.cf).
(Of course the user running deliver also needs to have access to all users' mails. If you're using system users you'll need to make deliver setuid-root.)
Since I just went through this I can offer these settings that worked for me for virtual domains.
In dovecot.conf
log_path = /var/log/dovecot/dovecot.log info_log_path = /var/log/dovecot/dovecot-info.log
protocol lda { log_path = /var/log/dovecot/dovecot-deliver.log ... } auth default { ... socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = vmail } }
In /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
And these file and directory ownership and permissions.
/var/log drwxrwx--- 2 root vmail 4096 Oct 7 07:41 dovecot
/var/log/dovecot -rw-rw---- 1 root vmail 1658 Oct 8 12:32 dovecot-deliver.log -rw-rw---- 1 root vmail 6572 Oct 8 12:35 dovecot-info.log -rw-rw---- 1 root vmail 448 Oct 8 12:35 dovecot.log
This on a CentOS 5 system (running in a Linux-Vserver guest -- not that that makes a difference) using the additional Yum repositories: rpmforge and atrpms.
The cheap trick I used until I had it all working was to just log to maillog using syslog.
HTH, Rod
Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that:
-rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log
(Is terrible i know, but only a test)
I think you should follow the suggestion already provided:
You should chown dovecot /var/log/dovecot-*.log
Now i have another error (written in log of dovecot!)
deliver(mediatest@atpss.net): Oct 08 11:08:20 Error: Can't connect to auth server at /var/run/dovecot/auth-master: Permission denied
Seems all a problem of user running dovecot...is not root? Dunno why... In config there isn't nothing to do so.
Any suggestion?
The auth-master permission problem is different, but the configuration you provided does not give enough information to identify a certain solution. It does imply that you have not followed the relevant documentation for using the LDA:
http://wiki.dovecot.org/LDA http://wiki.dovecot.org/LDA/Postfix
You need to make sure that whatever user you are running *deliver* as (which is a function of your postfix config) has read/write access to the master socket, which has its user, group, and permissions set by the dovecot config.
On Oct 9, 2008, at 12:43 AM, Bill Cole wrote:
Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that: -rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log (Is terrible i know, but only a test)
I think you should follow the suggestion already provided:
You should chown dovecot /var/log/dovecot-*.log
dovecot? In the preferred configuration only login processes run using
dovecot user, and the dovecot user has access to nothing. Login
processes don't need to access log files.
Timo Sirainen wrote:
On Oct 9, 2008, at 12:43 AM, Bill Cole wrote:
Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that: -rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log (Is terrible i know, but only a test)
I think you should follow the suggestion already provided:
You should chown dovecot /var/log/dovecot-*.log
dovecot? In the preferred configuration only login processes run using dovecot user, and the dovecot user has access to nothing. Login processes don't need to access log files.
An excellent point!
I guess the better alternatives to 666 logs would be
- use syslog
- split deliver logs off to their own files
- Depending on how deliver is being run, chown the logs to the user that runs deliver or put all of the uid's it might run as (i.e. all mail users) into a group and chgrp the logs to that group with 660 permissions.
On Thu, 09 Oct 2008 11:30:43 -0400, Bill Cole wrote:
Timo Sirainen wrote:
On Oct 9, 2008, at 12:43 AM, Bill Cole wrote:
Claudio Prono wrote:
Very strange, i have tryied to chmod 666 all log files, like that: -rw-rw-rw- 1 root root 681 Oct 8 11:08 dovecot-err.log -rw-rw-rw- 1 root root 1039 Oct 8 11:02 dovecot-inf.log (Is terrible i know, but only a test)
I think you should follow the suggestion already provided:
You should chown dovecot /var/log/dovecot-*.log
dovecot? In the preferred configuration only login processes run using dovecot user, and the dovecot user has access to nothing. Login processes don't need to access log files.
An excellent point!
I guess the better alternatives to 666 logs would be
- use syslog
- split deliver logs off to their own files
- Depending on how deliver is being run, chown the logs to the user that runs deliver or put all of the uid's it might run as (i.e. all mail users) into a group and chgrp the logs to that group with 660 permissions.
I prefer syslog and then doing any particular routing of information by rsyslog (my syslog daemon), that solves any permission issues with the logs.
-- Elisamuel Resto | GPG: 18615F19 samuel@dragonboricua.net | Source Mage GNU/Linux Tome Lead http://simplysam.us/ | http://www.sourcemage.org/
On 2008-10-08 10:44:25 +0200, Claudio Prono wrote:
I use Dovecot dovecot11-1.1.3-5.1 from OpenSuSE 11, when i send a mail from the logs i read:
Oct 8 10:36:31 mail postfix/pipe[17934]: A360A851: to=mediatest@atpss.net, relay=dovecot, delay=0.22, delays=0.18/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot-err.log: Permission denied )
But, log files seems ok:
-rw------- 1 777 root 56 Oct 8 10:35 dovecot-err.log -rw------- 1 777 root 302 Oct 8 10:35 dovecot-inf.log
remove the log_path from your config and let it send it to syslog? it will go to /var/log/mail in that case.
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
participants (6)
-
Bill Cole
-
Claudio Prono
-
Elisamuel Resto
-
Marcus Rueckert
-
Roderick A. Anderson
-
Timo Sirainen