Postfix - dovecot-lda -> Permission denied
Hi erveryone!
I'm trying to run Postix and Dovecot on a Mac OS X, but somehow, it doesn't work. I probably messed up the privileges or something else. Hopefully someone of you, can help me figure it out. So far, Postfix is delivering the mail into ~/Maildir. But as soon as I add the line:
mailbox_command = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda
in /etc/postfix/main.cf
I get the following entry in the mail.log.
Feb 27 16:08:02 Nils-iMac.local local[53237]: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied Feb 27 16:08:02 Nils-iMac.local postfix/local[53236]: B246837BE40: to=<marc@localhost.local>, orig_to=<marc@localhost>, relay=local, delay=1185, delays=1185/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied )
Here are the rights of dovecot-lda:
-rwxrwx--- 1 root certusers 32144 Dec 5 04:41 /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda
Hope someone has an Idea. :)
Bye, Marcus
In case you need my doveconf:
dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 6 first_valid_uid = 6 hostname = imap_capability = imap_client_workarounds = imap_id_log = * imap_id_send = "name" * "version" * imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imap_urlauth_submit_user = submit imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ info_log_path = /Library/Logs/Mail/mail-info.log instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_mailbox_listid_autosave = no lda_original_recipient_header = libexec_dir = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot listen = *, :: lmtp_address_translate = lmtp_proxy = no lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lock_method = fcntl log_path = /Library/Logs/Mail/mail-err.log log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c login_trusted_networks = mail_access_groups = mail mail_always_cache_fields = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = certusers mail_home = mail_location = maildir:~/Maildir:INBOX=~/Maildir mail_log_prefix = "%s(pid %p user %u): " mail_max_bad_commands = 20 mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /Applications/Server.app/Contents/ServerRoot/usr/lib/dovecot mail_plugins = quota zlib acl fts fts_sk mail_prefetch_count = 0 mail_privileged_group = mail mail_save_crlf = no mail_shared_explicit_inbox = no mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mailbox_idle_check_interval = 30 secs mailbox_list_index = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = dotlock fcntl mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 200 M mmap_disable = no namespace acl-mailboxes { disabled = no hidden = no ignore_on_failure = no inbox = no list = children location = maildir:/Users/%u/Maildir:INDEX=/Users%u/Maildi/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = no driver = special_use = \Drafts } mailbox Junk { auto = no driver = special_use = \Junk } mailbox Sent { auto = no driver = special_use = \Sent } mailbox "Sent Messages" { auto = no driver = special_use = \Sent } mailbox Trash { auto = no driver = special_use = \Trash } prefix = separator = subscriptions = yes type = private } namespace list-archives { disabled = no hidden = no ignore_on_failure = no inbox = no list = children location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/Library/Server/Mail/Data/listserver/messages/archive/shared/%%u prefix = archives.%%u. separator = . subscriptions = no type = shared } passdb { args = default_fields = deny = no driver = od master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } passdb { args = /Library/Server/Mail/Config/dovecot/submit.passdb default_fields = deny = no driver = passwd-file master = no override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never } plugin { acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes fts = sk quota = maildir:User quota quota_warning = storage=100%% quota-exceeded %u sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve sieve_dir = /Library/Server/Mail/Data/rules/%u stats_refresh = 30 secs stats_track_cmds = yes } pop3_client_workarounds = pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = postmaster@localhost protocols = imap pop3 lmtp sieve quota_full_tempfail = yes recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = _keytabusers group = idle_kill = 15 mins privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = _dovecot } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = port = 0 ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = port = 143 ssl = no } inet_listener imaps { address = port = 993 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 0 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 5 drop_priv_before_exec = no executable = imap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 200 process_min_avail = 0 protocol = imap service_count = 0 type = unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = _dovecot vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener lmtp { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = port = 4190 ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 5 drop_priv_before_exec = no executable = pop3 extra_groups = group = idle_kill = 0 privileged_group = process_limit = 200 process_min_avail = 0 protocol = pop3 service_count = 0 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service quota-exceeded { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener quota-exceeded { group = mail mode = 0660 user = _dovecot } user = _dovecot vsz_limit = 18446744073709551615 B } service quota-warning { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener quota-warning { group = mail mode = 0660 user = _dovecot } user = _dovecot vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service ssl-params { chroot = client_limit = 0 drop_priv_before_exec = no executable = ssl-params extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = startup unix_listener login/ssl-params { group = mode = 0666 user = } unix_listener ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = fifo_listener stats-mail { group = mode = 0600 user = _dovecot } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf # OS: Darwin 14.1.0 x86_64 # NOTE: Send doveconf -n output instead when asking for help. aps_topic = auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = $ALL auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login apop digest-md5 gssapi auth_proxy_self = auth_realms = LAPPENBUSCH auth_socket_path = /var/run/dovecot/auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %n auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = /Library/Logs/Mail/mail-debug.log default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = _dovecot default_login_user = _dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 6 first_valid_uid = 6 hostname = imap_capability = imap_client_workarounds = imap_id_log = *
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 27 Feb 2015, Wöltje, Marcus wrote:
I'm trying to run Postix and Dovecot on a Mac OS X, but somehow, it doesn't work. I probably messed up the privileges or something else. Hopefully someone of you, can help me figure it out. So far, Postfix is delivering the mail into ~/Maildir. But as soon as I add the line:
mailbox_command = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda
in /etc/postfix/main.cf
I get the following entry in the mail.log.
Feb 27 16:08:02 Nils-iMac.local local[53237]: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied Feb 27 16:08:02 Nils-iMac.local postfix/local[53236]: B246837BE40: to=<marc@localhost.local>, orig_to=<marc@localhost>, relay=local, delay=1185, delays=1185/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda: Permission denied )
Here are the rights of dovecot-lda:
-rwxrwx--- 1 root certusers 32144 Dec 5 04:41 /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda ^^^^^^^^^^
Only root and users in group certusers may exec the program, as what user postfix tries to run the LDA? Maybe check any directory in path as well.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVPQqm3z1H7kL/d9rAQLpggf/bYcA4tPbo2lChmsuidjXGVp+li1mbQdI enSgxD2dZP/im4Jk9djGH6uPMaPaCUwiRrjR9xIVtMkEv8o0XqgGn3ba4imjOt3t YxZhEx8l8cQQYu/54ATZf8JgaqFhxGxdFGebd5JpR9P1U36y7ZUdH3ukJ+9Yzz9W J2loRSj2+Lvqi6yE4Tcg7HLvdQlM3vycS/9l8pokd+uH3PtiOILHe8Q9wM61CHRv pNlwK/GL8fyBCs8nr1AEd2nwrXx1h4B338lWqfGCTSLTxZoWsLMQCo51BCEITDWQ pzIic7OS1gkxi0DMJ6bQOhoOgQleXu6CE8eBEeDvkKPqrrkEFHERBw== =8Z7u -----END PGP SIGNATURE-----
On 27.02.2015 16:16, Wöltje, Marcus wrote:
So far, Postfix is delivering the mail into ~/Maildir. But as soon as I add the line: mailbox_command = /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda in /etc/postfix/main.cf I get the following entry in the mail.log.
Why don't you let postfix hand over the mail data to dovecot using lmtp?
Regards, Christian
-- No signature available.
participants (3)
-
Christian Schmidt
-
Steffen Kaiser
-
Wöltje, Marcus