Re: [Dovecot] File Permissions and delivery
My guess is your delivering email with postfix to the inbox, instead
of using dovecot-lda. And something odd is going on with that postfix
to get odd permissions like that.
You probably needed to edit the postfix virtual deliever transport, or
maybe you just forget to active the dovecot-lda (deliever) transport.
Quoting Simon Brereton simon.brereton@buongiorno.com:
Hi
I'm very new to Dovecot (been using Courier for 5 years), but I've
been persuaded of the merits of Dovecot and since the server needs
upgrading that seems like the perfect time/excuse.On a test server, I set up postfix and installed Dovecot (running
32-bit Debian Squeeze, installed from apt-get). I mirrored the mail
store (Maildirs, for historical reasons located under
/var/spool/mail/virtual/domain.com/user). Then I ran the courier
migration perl script and everything was fine and dandy.However, when I can to do the production migration, things weren't
as smooth. The new server is 64-bit (not that I think it makes a
difference, but if you're going to help me you should have all the
information :)Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything
At this point everything looked like it was ok. Mail was being
received and delivered to the Maildirs and the IMAP login was fine.
However, I noticed errors in the logs when retreiving mail with the
MUA along the lines of:Aug 26 16:59:48 mail dovecot: IMAP(simon@lydiard.net):
open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm:
/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,)After messing around with the chown and chmod (even though these
were exactly the same as the test server) I finally discovered the
issue.mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33
1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36
1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00
1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22
1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28
1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31
1314372685.V801I166601dM264242.mail.net,S=1097:2,Mails are being delivered with 0600 permissions and not 0660 (the
mails from courier seem to have all been 0770 as you can see). If I
manually change the permission (to 0660) then I can see the mail in
the MUA.After thinking for a while it occurred to me that this is covered in
the LDA section. But making changes to the config file (either
permissions or UID/GID) doesn't seem to make a difference. (Yes, I
did restart postfix and dovecot after the changes).Anyway, here is my dovecot -n:
mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster@net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n
allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildirAs you can see, I tried to go 0660 in both client and master.
The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f
${sender} -d ${user}@${nexthop}Is there anything else I should include?
I'm pretty sure it's an error on my part. I'm just not clued up
enough to know where.My second problem is that I thought I had things back to where they
were before I messed with chown and chmod, but now I get this in the
logsdovecot: dovecot: Fatal:
chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission
denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm:
/var/spool/mail/virtual)But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/
So, now I'm stumped. I hope someone can spot the simple thing I've missed!
Thanks.
Simon
On 26 August 2011 19:35, Patrick Domack patrickdk@patrickdk.com wrote:
My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that.
You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport.
That's why I included the portion from my master.cf
The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
The numbers are just line numbers from vim. The entry reads like:
# SPB - Attempt to deliver with Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
malsystem is the user and /usr/lib/dovecot/deliver exists.
Simon
Quoting Simon Brereton
: Hi
I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse.
On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration perl script and everything was fine and dandy.
However, when I can to do the production migration, things weren't as smooth. The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :)
Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything
At this point everything looked like it was ok. Mail was being received and delivered to the Maildirs and the IMAP login was fine. However, I noticed errors in the logs when retreiving mail with the MUA along the lines of:
Aug 26 16:59:48 mail dovecot: IMAP(simon@lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,)
After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue.
mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2,
Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA.
After thinking for a while it occurred to me that this is covered in the LDA section. But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and dovecot after the changes).
Anyway, here is my dovecot -n:
mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster@net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir
As you can see, I tried to go 0660 in both client and master.
The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
Is there anything else I should include?
I'm pretty sure it's an error on my part. I'm just not clued up enough to know where.
My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs
dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon//) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual)
But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/
So, now I'm stumped. I hope someone can spot the simple thing I've missed!
Thanks.
Simon
Just adding that won't make dovecot use it though, you would have to
include the postconf -n output. Normally something like
virtual_transport=dovecot
Quoting Simon Brereton simon.brereton@buongiorno.com:
On 26 August 2011 19:35, Patrick Domack patrickdk@patrickdk.com wrote:
My guess is your delivering email with postfix to the inbox,
instead of using dovecot-lda. And something odd is going on with
that postfix to get odd permissions like that.You probably needed to edit the postfix virtual deliever transport,
or maybe you just forget to active the dovecot-lda (deliever)
transport.That's why I included the portion from my master.cf
The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
The numbers are just line numbers from vim. The entry reads like:
# SPB - Attempt to deliver with Dovecot LDA dovecot unix - n n - - pipe flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
malsystem is the user and /usr/lib/dovecot/deliver exists.
Simon
Quoting Simon Brereton
: Hi
I'm very new to Dovecot (been using Courier for 5 years), but I've
been persuaded of the merits of Dovecot and since the server needs
upgrading that seems like the perfect time/excuse.On a test server, I set up postfix and installed Dovecot (running
32-bit Debian Squeeze, installed from apt-get). I mirrored the
mail store (Maildirs, for historical reasons located under
/var/spool/mail/virtual/domain.com/user). Then I ran the courier
migration perl script and everything was fine and dandy.However, when I can to do the production migration, things weren't
as smooth. The new server is 64-bit (not that I think it makes a
difference, but if you're going to help me you should have all the
information :)Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything
At this point everything looked like it was ok. Mail was being
received and delivered to the Maildirs and the IMAP login was
fine. However, I noticed errors in the logs when retreiving mail
with the MUA along the lines of:Aug 26 16:59:48 mail dovecot: IMAP(simon@lydiard.net):
open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm:
/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,)After messing around with the chown and chmod (even though these
were exactly the same as the test server) I finally discovered the
issue.mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33
1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36
1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00
1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22
1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28
1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31
1314372685.V801I166601dM264242.mail.net,S=1097:2,Mails are being delivered with 0600 permissions and not 0660 (the
mails from courier seem to have all been 0770 as you can see). If
I manually change the permission (to 0660) then I can see the mail
in the MUA.After thinking for a while it occurred to me that this is covered
in the LDA section. But making changes to the config file (either
permissions or UID/GID) doesn't seem to make a difference. (Yes,
I did restart postfix and dovecot after the changes).Anyway, here is my dovecot -n:
mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster@net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n
allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildirAs you can see, I tried to go 0660 in both client and master.
The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f
${sender} -d ${user}@${nexthop}Is there anything else I should include?
I'm pretty sure it's an error on my part. I'm just not clued up
enough to know where.My second problem is that I thought I had things back to where
they were before I messed with chown and chmod, but now I get this
in the logsdovecot: dovecot: Fatal:
chdir(/var/spool/mail/virtual/domain.net/simon//) failed:
Permission denied (euid=999(mailsystem) egid=115(mailsystem)
missing +x perm: /var/spool/mail/virtual)But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net/
So, now I'm stumped. I hope someone can spot the simple thing I've missed!
Thanks.
Simon
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Patrick Domack Just adding that won't make dovecot use it though, you would have to include the postconf -n output. Normally something like virtual_transport=dovecot
Crap. I had added that. But I'd also forgotten to comment out the original virtual_transport = virtual line.
Thanks. I think that has fixed it though I'm still struggling with directory permissions.
Simon
participants (2)
-
Patrick Domack
-
Simon Brereton