[Dovecot] Mail root to root and permissions problem
Hi all! I got a Debian with postfix-dovecot-spamassassin.
I got a non perfect installation: when an internal mail has been sent i got this error: <error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and grupped by "adm" (chmodded 640). Where is the problem? I'm really blind now!
Tx 4 suggestions! Bye, Antonello
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 15 Dec 2009, Antonello Onida wrote:
I got a non perfect installation: when an internal mail has been sent i got this error:
You don't get this error, when receiving an external message??
<error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and grupped by "adm" (chmodded 640).
At first shot (if you would always get the error), I would say, you use system users and those users must not write to the log file.
Add write-permission for all (chmod a+w) or reconfigure Dovecot to let deliver use syslog:
protocol lda { ... # Log to syslog log_path = info_log_path = syslog_facility = mail }
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSydn6HWSIuGy1ktrAQLw+Qf8DVBYS1nTKTi0TdmVpBkxfoRkyxPLbg6j XVj5V1U5w/bF+2WFMDOhvmw0icp6nmcdS9Y/lUZLfHr+u40xguaSL5tB+buWdBLr yq2S3wV85DolR7Xt/GbHg1d0UDZ+YlK3UiLtmuMldMrFa4JzPuzVPTsMWiHVod5K A20lraSWetDa9CWNbihtFHmJr/wID38l0nLt+UE2P3KWKrHiNf2nqNTPsQll68ny AGGtkG8SqmxQ2p7KYpVbVHy+fAyxz99I4LTUDSfwajFJPIbup3Uv95WlxqOOz+BX Cu1uNw31kKVzoKISfweWUmZRPftQOh5GChQrEBTPOTRHwnjZ8yzubA== =SMR4 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 15 Dec 2009, Steffen Kaiser wrote:
BTW: "root" is denied by Dovecot, dunno if in deliver as well. Can you mail to another user?
regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSydq8nWSIuGy1ktrAQL+twf7BmXZefbUHQU1br8bEhSbEpv7kEhbLnzm bmCv5uz+BNDmYIq9f6X5TwfrYmXG551wcGE12H80KWUdP4P3K4AQ1UeG82UWqA+9 7m36mWZPUFTTZlm01PCz4Tn0BLWOa93+DYaR239n+T4P9dN02zeRDJz1cDBK2MOx GAKeYWBUzr18qCTA1hvflK8rLBrBwCzK0aYXlmTQJtLbVtMnO60r0RO1h8zgzyrn pq4ExEQf/7XxOujJlpkUqx1ajtPH0iCI/maAGJIx/U9Fq3C1tkn5og7FRszIm2Ok dMUG3rr5MzHeD+14/hLJTL/Fmw6BlyTkLOZxwpAOsNhlMi4TmTxiLw== =zNw6 -----END PGP SIGNATURE-----
On tir 15 dec 2009 11:41:41 CET, Steffen Kaiser wrote
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 15 Dec 2009, Antonello Onida wrote:
I got a non perfect installation: when an internal mail has been
sent i got this error:You don't get this error, when receiving an external message??
<error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with
signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and
grupped by "adm" (chmodded 640).At first shot (if you would always get the error), I would say, you
use system users and those users must not write to the log file.Add write-permission for all (chmod a+w) or reconfigure Dovecot to
let deliver use syslog:protocol lda { ...
Log to syslog
log_path = info_log_path = syslog_facility = mail }
or more simple :)
mkdir -p /var/log/dovecot chown dovecot /var/log/dovecot
chgrp mail /var/log/dovecot
configure global dovecot to use logdir as /var/log/dovecot
rule to remember is permissons got the parent permissions, and this is
why it fails above
please correct me if i am wrong
-- xpoint
In various point of the instructions can read that dovecot is only for dovecot internal use, and as user it must not have any permission! My problem is related to the deliver of local mail, such as mail to root from root sent by cronjob! I tried also to send a mail from root@localhost to vmail@localhost and the problem is the same...
Maybe internal mail don't pass through dovecot-postfix?!?!?
Benny Pedersen ha scritto:
On tir 15 dec 2009 11:41:41 CET, Steffen Kaiser wrote
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 15 Dec 2009, Antonello Onida wrote:
I got a non perfect installation: when an internal mail has been sent i got this error:
You don't get this error, when receiving an external message??
<error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and grupped by "adm" (chmodded 640).
At first shot (if you would always get the error), I would say, you use system users and those users must not write to the log file.
Add write-permission for all (chmod a+w) or reconfigure Dovecot to let deliver use syslog:
protocol lda { ...
Log to syslog
log_path = info_log_path = syslog_facility = mail }
or more simple :)
mkdir -p /var/log/dovecot chown dovecot /var/log/dovecot
chgrp mail /var/log/dovecot
configure global dovecot to use logdir as /var/log/dovecot
rule to remember is permissons got the parent permissions, and this is why it fails above
please correct me if i am wrong
Nessun virus nel messaggio in arrivo. Controllato da AVG - www.avg.com Versione: 9.0.716 / Database dei virus: 270.14.108/2566 - Data di rilascio: 12/15/09 08:52:00
On Tue, Dec 15, 2009 at 02:11:28PM +0100, Benny Pedersen wrote:
On tir 15 dec 2009 11:41:41 CET, Steffen Kaiser wrote
On Tue, 15 Dec 2009, Antonello Onida wrote:
<error> ex: from root@* to root@*. Command output: Can't open log file /var/log/dovecot.log: Permission denied </error> Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed with signal 15" are writen. It's a permission problem: dovecot.log is owned by "root" and grupped by "adm" (chmodded 640).
At first shot (if you would always get the error), I would say, you use system users and those users must not write to the log file.
Add write-permission for all (chmod a+w) or reconfigure Dovecot to let deliver use syslog:
protocol lda { ...
Log to syslog
log_path = info_log_path = syslog_facility = mail }
or more simple :)
mkdir -p /var/log/dovecot chown dovecot /var/log/dovecot
chgrp mail /var/log/dovecot
configure global dovecot to use logdir as /var/log/dovecot
rule to remember is permissons got the parent permissions, and this is why it fails above
please correct me if i am wrong
I think you might be. The OP has not presented complete information, but my guess is that deliver(1) is being invoked by postfix/local(8), which refuses to run processes as root. Instead, $default_privs (see postconf(5)) is used. root should be aliased to a non-root user.
I'm not clear on why other mail is apparently able to open and write the Dovecot log, but I'm pretty sure that the syslog approach would work. So would a+w, ugly though it is.
I'm not sure about your idea. Yes, *if* deliver runs as dovecot:mail it should work. But lacking information, we don't really know. My advice to OP:
- Check aliases(5), ensure that "root: youruser@localhost" is present. (Also assumes that localhost, localhost.$mydomain are both listed in $mydestination and that "youruser" is a valid system account.)
- Using syslog is a good idea anyway, rather than having each deliver to open, lock, and write the logfile.
If problem persists, complete "postconf -n ; dovecot -n" output and all logging (non-verbose) for a single delivery should be provided, so we don't have to guess.
Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
I get this error only with cron reports sent from root to root! Normal mail activities are all functionally, such as Roundcube or Thunderbird that are working fine.
participants (4)
-
/dev/rob0
-
Antonello Onida
-
Benny Pedersen
-
Steffen Kaiser