Re: [Dovecot] Problem with Dovecot LDA / Postfix
Thanks.
The log is really useful ;-)
deliver(info@lda.net4all.ch): Fatal: Running as root isn't permitted
So it's not possible acutally to use LDA to deliver mail with different UID/GID
So I need the change all the owner for my mail storage ... update the DB and restart the service ... it's bad !!! I need a lots of downtime to change the owner of 80Go data storage.
So beafore that, I need to test the dovecot-sieve plugin from CVS. Next month a lot of my customer are in holiday and the need auto responders ;-)
I try the dovecot-sieve plugin from the CVS and I have this error when i start make (configure as no error):
libsieve.a(script.o)(.text+0xa23): In function sieve_script_load': /usr/src/dovecot-sieve/src/libsieve/script.c:435: undefined reference to map_refresh'
libsieve.a(script.o)(.text+0xaf0): In function sieve_script_unload': /usr/src/dovecot-sieve/src/libsieve/script.c:462: undefined reference to map_free'
libsieve.a(sieve.o)(.text+0x1e6e): In function verify_flag': /usr/src/dovecot-sieve/src/libsieve/sieve.y:951: undefined reference to imparse_isatom'
collect2: ld returned 1 exit status
make[3]: *** [sievec] Erreur 1
make[3]: Leaving directory /usr/src/dovecot-sieve/src/libsieve' make[2]: *** [all-recursive] Erreur 1 make[2]: Leaving directory /usr/src/dovecot-sieve/src'
make[1]: *** [all-recursive] Erreur 1
make[1]: Leaving directory `/usr/src/dovecot-sieve'
make: *** [all-recursive-am] Erreur 2
I have the same error last week when I try to build dovecot-lda with sieve script support from the CVS.
I use Debian Sarge. I think the macro imparse_isatom is from the cyrus-imapd project. I try to install cyrus-dec and cyrus21-dev with apt-get ... but always the same error.
Do you have a idea ?
Le vendredi 16 juin 2006 à 10:44 -0400, My BSD a écrit :
On Fri, 16 Jun 2006 14:44:51 +0200 Dominique Feyer dfeyer@net4all.ch wrote:
I have only postfix log (in syslog mail facility), no dovecot log from the LDA deliver binary (with mail_debug = yes), this is strange ...
Jun 16 14:37:58 mail2 postfix/pickup[6014]: 5407F7FF3: uid=0 from=<root> Jun 16 14:37:58 mail2 postfix/cleanup[6073]: 5407F7FF3: message-id=20060616123758.5407F7FF3@mail2.clm.net4all.ch Jun 16 14:37:58 mail2 postfix/qmgr[6015]: 5407F7FF3: from=root@localhost.localdomain, size=326, nrcpt=1 (queue active) Jun 16 14:37:58 mail2 postfix/pipe[6076]: 5407F7FF3: to=info@lda.net4all.ch, relay=dovecot, delay=0, status=bounced (Command died with status 89: "/usr/local/dovecot-1.0-beta9/libexec/dovecot/deliver")
Can i activate log for the LDA in the configuration file or deliver command argument in master.cf ?
...
My dovecot setup logs to a file, settings below:
mail_debug = yes log_path = /var/log/dovecot/dovecot info_log_path = /var/log/dovecot/dovecot.info
Make sure that the socket user has write access to the file, otherwise it won't work (and thinking of it, also make sure that the socket user also has access to the socket itself -- that was one of my biggest problems before I got it to work).
You may also want to add the following until you get it working:
auth_verbose = yes auth_debug = yes auth_debug_passwords = yes
Good luck!
-- Dominique Feyer Administrateur Système Ch. de la Colline 5bis CH-1007 Lausanne dfeyer@net4all.ch
On Fri, 2006-06-16 at 16:57 +0200, Dominique Feyer wrote:
Thanks.
The log is really useful ;-)
deliver(info@lda.net4all.ch): Fatal: Running as root isn't permitted
So it's not possible acutally to use LDA to deliver mail with different UID/GID
Unless your mails are owned by root user, that's not really the problem. Rather it looks like your userdb query returns user's UID as 0. I guess I'll have to add some extra code to give nicer error message in that case.
Timo Sirainen wrote:
Unless your mails are owned by root user, that's not really the problem. Rather it looks like your userdb query returns user's UID as 0. I guess I'll have to add some extra code to give nicer error message in that case.
Nope, here's the output after an upgrade to beta9: Jun 18 15:18:23 [dovecot] auth(default): master out: USER_1_postmaster@obfusc8.org_uid=10006_gid=10001_home=/users/obfusc8.org/postmaster Jun 18 15:18:23 [dovecot] auth(default): Jun 18 15:18:23 [deliver(postmaster@obfusc8.org)] uid: (null), gid: 10001, chroot: (null) Jun 18 15:18:23 [deliver(postmaster@obfusc8.org)] Running as root isn't permitted The attached patch solves the problem --- src/deliver/auth-client.c.orig 2006-06-11 21:37:10.000000000 +1000 +++ src/deliver/auth-client.c 2006-06-18 15:24:19.000000000 +1000 @@ -49,7 +49,9 @@ for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) { if (strncmp(*tmp, "uid=", 4) == 0) { - if (conn->euid != strtoul(*tmp + 3, NULL, 10)) { + uid_t uid = strtoul(*tmp + 4, NULL, 10); + + if (conn->euid == 0 || geteuid() != uid) { env_put(t_strconcat("RESTRICT_SETUID=", *tmp + 4, NULL)); }
userdb query return correct UID/GID, I test this before. The log show the correct UID/GID.
I have "Fatal: Running as root isn't permitted" only if I had setuid bit to deliver.
I use pgsql for userdb
Le vendredi 16 juin 2006 à 21:17 +0300, Timo Sirainen a écrit :
On Fri, 2006-06-16 at 16:57 +0200, Dominique Feyer wrote:
Thanks.
The log is really useful ;-)
deliver(info@lda.net4all.ch): Fatal: Running as root isn't permitted
So it's not possible acutally to use LDA to deliver mail with different UID/GID
Unless your mails are owned by root user, that's not really the problem. Rather it looks like your userdb query returns user's UID as 0. I guess I'll have to add some extra code to give nicer error message in that case.
-- Dominique Feyer Administrateur Système Ch. de la Colline 5bis CH-1007 Lausanne dfeyer@net4all.ch
As Timo said, this has been fixed in CVS, will be in the next release. A patch to make this work quickly is in my post from a couple of days ago...
Dominique Feyer wrote:
userdb query return correct UID/GID, I test this before. The log show the correct UID/GID.
I have "Fatal: Running as root isn't permitted" only if I had setuid bit to deliver.
I use pgsql for userdb
Le vendredi 16 juin 2006 à 21:17 +0300, Timo Sirainen a écrit :
On Fri, 2006-06-16 at 16:57 +0200, Dominique Feyer wrote:
Thanks.
The log is really useful ;-)
deliver(info@lda.net4all.ch): Fatal: Running as root isn't permitted
So it's not possible acutally to use LDA to deliver mail with different UID/GID
Unless your mails are owned by root user, that's not really the problem. Rather it looks like your userdb query returns user's UID as 0. I guess I'll have to add some extra code to give nicer error message in that case.
participants (3)
-
Dominique Feyer
-
Peter Fern
-
Timo Sirainen