[Dovecot] Dovecot rejecting Vpopmail User 89
I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a package.
Vpopmail has a widely known assigned user/group ID of 89 and is the owner of all the mail folders.
Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :)
Presently dovecot -n shows:
# 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_debug = yes disable_plaintext_auth = no mail_debug = yes mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir maildir_very_dirty_syncs = yes passdb { driver = vpopmail } protocols = imap pop3 ssl_cert =
--hobie
Quoting hobie@rumormillnews.com:
I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a package.
Vpopmail has a widely known assigned user/group ID of 89 and is the owner of all the mail folders.
Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :)
Here's mine - I set first and last uid AND gid. Can you telnet to port 110 and test?
USER username PASS password LIST
# 2.0.13: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.2-RELEASE amd64 auth_mechanisms = plain login digest-md5 cram-md5 auth_username_translation = %@ auth_verbose = yes base_dir = /var/run/dovecot/ default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 # run under tcpserver log_path = /dev/stderr login_greeting = Ready. mail_fsync = never mail_plugins = " quota zlib" mail_privileged_group = mail namespace { inbox = yes location = prefix = separator = . } namespace { hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } passdb { driver = vpopmail } plugin { quota = maildir } protocols = imap pop3 service anvil { client_limit = 2000 } service auth { unix_listener auth-master { mode = 0600 } } service imap-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service imap-postlogin { executable = script-login rawlog /usr/local/etc/dovecot/lastauth-imap.sh user = vpopmail } service imap { executable = /usr/local/libexec/dovecot/imap } service pop-postlogin { executable = script-login /usr/local/etc/dovecot/lastauth-pop.sh user = vpopmail } service pop3-login { client_limit = 384 process_limit = 512 process_min_avail = 25 service_count = 0 } service pop3 { executable = /usr/local/libexec/dovecot/pop3 } shutdown_clients = no ssl_cert =
On Wed, 2011-08-24 at 15:22 -0400, hobie@rumormillnews.com wrote:
Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :)
Show the EXACT full error message.
Hi, Timo - from mail.warn log file, domain name redacted:
Aug 24 16:32:07 debian dovecot: imap(postmaster@v....org): Error: user postmaster@v....org: Couldn't drop privileges: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup).
--hobie
On Wed, 2011-08-24 at 15:22 -0400, hobie@rumormillnews.com wrote:
Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89. "Couldn't drop privileges", it says. I'd be grateful for fixes, suggestions, or a pointer to an existing answer to this problem. Thanks ahead. :)
Show the EXACT full error message.
On Wed, 2011-08-24 at 16:34 -0400, hobie@rumormillnews.com wrote:
Hi, Timo - from mail.warn log file, domain name redacted:
Aug 24 16:32:07 debian dovecot: imap(postmaster@v....org): Error: user postmaster@v....org: Couldn't drop privileges: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup).
OK, so it is the first_valid_uid that's the problem.. In your previous doveconf -n output you didn't have first_valid_uid set at all, which defaults to 500. So: set first_valid_uid=89, verify that doveconf -n shows it in its output, and check if the error message changes.
(Ah!) Thanks, Timo, that allows Squirrelmail to get access. :) I had been making changes to the files in /conf.d, not directly to dovecot.conf - confusing. :) I'm trying now to connect using Thunderbird and that's not working, but I'll dig into that for awhile before asking for further help.
Thanks kindly,
--hobie
On Wed, 2011-08-24 at 16:34 -0400, hobie@rumormillnews.com wrote:
Hi, Timo - from mail.warn log file, domain name redacted:
Aug 24 16:32:07 debian dovecot: imap(postmaster@v....org): Error: user postmaster@v....org: Couldn't drop privileges: Mail access for users with UID 89 not permitted (see first_valid_uid in config file, uid from userdb lookup).
OK, so it is the first_valid_uid that's the problem.. In your previous doveconf -n output you didn't have first_valid_uid set at all, which defaults to 500. So: set first_valid_uid=89, verify that doveconf -n shows it in its output, and check if the error message changes.
participants (3)
-
hobie@rumormillnews.com
-
Rick Romero
-
Timo Sirainen