Re: First steps in Dovecot; IMAP not working
(Sorry I read this list in digest form so frequently I'm half a step behind.)
For sake of ?security?, I chose to not allow plaintext communication (being new to this, I think being strict is a good choice). I?ve tried with the openssl option and it successfully logged in.
Yes, you've included some more log entries, which makes the problem clearer, as it usually does.
Oct 13 05:56:28 imap(webuser): Error: open(/var/mail/webuser) failed: Permission denied (euid=1001(webuser) egid=1000(ftpusers) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) ... I checked, using ls -l /var, and I get this: drwxrwsr-x 2 root mail 4096 Apr 27 11:27 mail so the group looks to be correctly set to 'mail', despite what the log says, right?
No, it's quite explicit. User "webuser" has uid/gid = 1001(webuser)/1000(ftpusers). Your mail spool has permission uid/gid = root(0)/mail(8), neither of which allows webuser to write to this mail spool to creates its own mail folder.
Aki Tuomi aki.tuomi@dovecot.fi replies with several solutions:
In your configuration, dovecot uses whatever user/group returned by PAM. Since the webuser has never logged in, it has no directory under /var/mail. If you want, you can
a) override mail_uid and mail_gid in userdb/passdb b) pre-create /var/mail/webuser and chown it to webuser:ftpusers c) you can let ftpusers write to /var/mail.
Or if you dynamically/frequently onboard mail accounts, and users cannot arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and let dovecot auto-create it (might also want to set "lda_mailbox_autocreate = yes".
Joseph Tam jtam.home@gmail.com
Le 14 octobre 2016 à 14:28, Joseph Tam jtam.home@gmail.com a écrit:
(Sorry I read this list in digest form so frequently I'm half a step behind.)
No problem.
No, it's quite explicit. User "webuser" has uid/gid = 1001(webuser)/1000(ftpusers). Your mail spool has permission uid/gid = root(0)/mail(8), neither of which allows webuser to write to this mail spool to creates its own mail folder.
You're right (I don't have enough Unix habits, it seems...). I couldn't change this user (it must be in the ftpusers group for other purposes), so I tried adding another user for testing mail.
"mailtest", the new user, is in group mail(8). In addition, I've added write permission for "others" to /var/mail. Now, I'm trying to send a message to "mailtest" from another, working, e-mail account and nothing happens. This time, "doveadm log errors" is empty.
In short, I don't get any error but no mail either.
Aki Tuomi aki.tuomi@dovecot.fi replies with several solutions:
In your configuration, dovecot uses whatever user/group returned by PAM. Since the webuser has never logged in, it has no directory under /var/mail. If you want, you can
a) override mail_uid and mail_gid in userdb/passdb b) pre-create /var/mail/webuser and chown it to webuser:ftpusers c) you can let ftpusers write to /var/mail.
Ok, I thought I had to do all of them (and didn't understand step a)). So I've done step c) by allowing everyone write access.
Or if you dynamically/frequently onboard mail accounts, and users cannot arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and let dovecot auto-create it (might also want to set "lda_mailbox_autocreate = yes".
I've done it right now; same problem. Since "doveadm log errors" returns an empty result, where should I look for the problem?
Thank you.
participants (2)
-
Joseph Tam
-
Marnaud