2.3 to 2.4 /proc/self/io) failed: Permission denied
I have a dovecot system running in my kubernetes cluster that i use to gateway some emails to imap that are in turn used by systems that poll for email. No people are involved.
Its been running for sometime on 2.3, i've now updated the base container to 2.4 and i have two problems, perhaps related, perhaps not. I'm assuming its related to my config changes for 2.4, but I'm kind of at my wits end.
The first issue: Sep 06 15:05:31 imap(support)<443><YIobSSM+MMoKIAIr>: Debug: open(/proc/self/io) failed: Permission denied (euid=1001(support) egid=1001(support) missing +r perm: /proc/self/io)
I am seeing errors like this. I can't figure why. I tried "doveadm force-resync -u support /home/support/Maildir/" and it returns no errors.
The 2nd error, again, perhaps related, the user doing the poll for new email doesn't see it (despite I see the email delivered to the 'new' dir, it doesn't get picked up and moved to 'cur').
Below is my config file. In /home/support/Maildir i have the new, cur, tmp etc.
There's no mention of 'INBOX', which i think my previous had (mail_location = maildir:/home/%u/Maildir:INBOX=/var/mail/%u/Maildir was previous)
Any advice? I'm not sure where to go from here.
dovecot_config_version = 2.4.1 dovecot_storage_version = 2.4.1 auth_mechanisms = plain login auth_allow_cleartext = yes #disable_plaintext_auth = no mail_privileged_group = mail #mail_location = maildir:/home/%u/Maildir:INBOX=/var/mail/%u/Maildir mail_driver = maildir mail_path = /var/mail/%{user | username}/Maildir mail_inbox_path = /var/mail/%{user | username}/Maildir userdb passwd { fields { home = /home/{%user | username} mail_driver = maildir mail_path = /var/mail/{%user | username}/Maildir mail_inbox_path = /var/mail/%{user | username}/Maildir } } passdb pam { service_name = dovecot } protocols = " imap"
namespace inbox { inbox = yes
mailbox Trash { auto = subscribe # autocreate and autosubscribe the Trash mailbox special_use = \Trash } mailbox Sent { auto = subscribe # autocreate and autosubscribe the Sent mailbox special_use = \Sent } }
service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl=yes ssl_server_cert_file = /run/ca/tls.crt ssl_server_key_file = /run/ca/tls.key log_path = /tmp/dc.log mail_debug = yes ssl_min_protocol = TLSv1.2 log_debug = category=email
verbose_ssl=yes
#auth_verbose=yes #auth_debug=yes
I have a dovecot system running in my kubernetes cluster that i use to gateway some emails to imap that are in turn used by systems that poll for email. No people are involved. Its been running for sometime on 2.3, i've now updated the base container to 2.4 and i have two problems, perhaps related, perhaps not. I'm assuming its related to my config changes for 2.4, but I'm kind of at my wits end. The first issue: Sep 06 15:05:31 imap(support)<443><YIobSSM+MMoKIAIr>: Debug: open(/proc/self/io) failed: Permission denied (euid=1001(support) egid=1001(support) missing +r perm: /proc/self/io) I am seeing errors like this. I can't figure why. I tried "doveadm force-resync -u support /home/support/Maildir/" and it returns no errors. The 2nd error, again, perhaps related, the user doing the poll for new email doesn't see it (despite I see the email delivered to the 'new' dir, it doesn't get picked up and moved to 'cur'). Below is my config file. In /home/support/Maildir i have the new, cur, tmp etc. There's no mention of 'INBOX', which i think my previous had (mail_location = maildir:/home/%u/Maildir:INBOX=/var/mail/%u/Maildir was previous) Any advice? I'm not sure where to go from here. dovecot_config_version = 2.4.1 dovecot_storage_version = 2.4.1 auth_mechanisms = plain login auth_allow_cleartext = yes #disable_plaintext_auth = no mail_privileged_group = mail #mail_location = maildir:/home/%u/Maildir:INBOX=/var/mail/%u/Maildir mail_driver = maildir mail_path = /var/mail/%{user | username}/Maildir mail_inbox_path = /var/mail/%{user | username}/Maildir userdb passwd { fields { home = /home/{%user | username} mail_driver = maildir mail_path = /var/mail/{%user | username}/Maildir mail_inbox_path = /var/mail/%{user | username}/Maildir } } passdb pam { service_name = dovecot } protocols = " imap"
namespace inbox { inbox = yes
mailbox Trash {
auto = subscribe # autocreate and autosubscribe the Trash mailbox
special_use = \Trash
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}}
service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl=yes ssl_server_cert_file = /run/ca/tls.crt ssl_server_key_file = /run/ca/tls.key log_path = /tmp/dc.log mail_debug = yes ssl_min_protocol = TLSv1.2 log_debug = category=email
verbose_ssl=yes
#auth_verbose=yes #auth_debug=yes
Hi Don,
my problem seems to be related. I have the same kind of messages in my logs.
I am on an Ubuntu 20.04.6 LTS v-server. Due to end of life, I build the services (facing to world) myself to fix CVEs. Apache2 and Postfix was not that difficulty - but Dovecot is. Luckily Dovecot 2.3.7.2 has no critical CVEs, yet!
(At the moment I can't upgrade to any newer version of Ubuntu, that is still supported :/)
I built dovecot 2.4.1 from source with following config line:
CPPFLAGS="-I/usr/local/include/openssl" LDFLAGS="-L/usr/local/lib64" ./configure --with-mysql --with-sql=yes --without-apparmor --with-systemd=yes --with-zlib --with-rundir=/run/dovecot-2.4 --with-statedir=/var/lib/dovecot-2.4 make make install
It will install in parallel to 2.3.7.2 - with two systemd scripts I can start both version. For starting 2.4.1 I am using the default script that is installed at /lib/systemd/system/dovecot.conf
Install path is /usr/local
My config (reduced to minimum): --- start --- dovecot_config_version = 2.4.1 auth_allow_weak_schemes = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log dovecot_storage_version = 2.3.7.2 first_valid_uid = 155 info_log_path = /var/log/dovecot-info.log last_valid_uid = 155 lda_mailbox_autocreate = yes log_debug = category=config log_path = /var/log/dovecot.log mail_debug = yes mail_driver = maildir mail_gid = mail mail_path = ~/Maildir mail_uid = vmail passdb_default_password_scheme = MD5-CRYPT protocols = imap lmtp sql_driver = mysql mysql localhost { dbname = postfixadmin password = user = postfixadmin } userdb sql { query = <something> } passdb sql { query = <something> } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_server { cert_file = file.pem key_file = file.key } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol lmtp { postmaster_address = postmaster@something } protocol lda { deliver_log_format = msgid=:%{mechanism} %$ info_log_path = /var/log/dovecot-lda.log log_path = /var/log/dovecot-lda-errors.log mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to <> was automatically rejected:%{user | username}%{remote_ip} } --- end ---
When starting my mail client (Evolution), the connect to imaps works pretty fine. So authentication via mysql / postfixadmin is ok. But I just see the empty folders: Inbox, Trash, "Unwanted". With 2.3.7.2 I can see all folders with content.
Message in Debug Log: Sep 28 20:50:35 imap(supertest)<24384><zRuC>: Debug: open(/proc/self/io) failed: Permission denied (euid=155(vmail) egid=8(mail) missing +r perm: /proc/self/io)
This "error" message does not make sense. sudo -u vmail,dovecot,dovenull cat /proc/self/io works pretty fine.
The mails are stored at /var/vmail/domain/supertest (for account "supertest"):
drwx------ 9 vmail mail 4096 Sep 28 18:37 . drwxr-x--- 5 vmail mail 4096 Mai 24 13:37 .. drwx------ 2 vmail mail 4096 Jun 2 20:06 cur -rw------- 1 vmail mail 1224 Mai 28 01:31 dovecot.index -rw------- 1 vmail mail 16980 Sep 27 23:27 dovecot.index.cache -rw------- 1 vmail mail 29836 Jun 2 20:06 dovecot.index.log -rw------- 1 vmail mail 664 Mai 31 23:15 dovecot.list.index -rw------- 1 vmail mail 1564 Sep 28 18:37 dovecot.list.index.log -rw------- 1 vmail mail 72 Okt 18 2022 dovecot.mailbox.log -rw------- 1 vmail mail 48 Sep 14 18:50 dovecot-quota -rw------- 1 vmail mail 3110 Jun 2 20:06 dovecot-uidlist -rw------- 1 vmail mail 8 Okt 18 2022 dovecot-uidvalidity -r-------- 1 vmail mail 0 Mär 16 2022 dovecot-uidvalidity.62313183 drwx------ 5 vmail mail 4096 Sep 28 18:37 .Gesendet drwx------ 5 vmail mail 4096 Sep 28 16:10 Maildir drwx------ 2 vmail mail 4096 Jun 2 20:06 new drwx------ 5 vmail mail 4096 Okt 18 2022 .Sent -rw------- 1 vmail mail 25 Okt 18 2022 subscriptions drwx------ 2 vmail mail 4096 Sep 23 11:17 tmp drwx------ 5 vmail mail 4096 Okt 18 2022 .Trash
Variable "home" is correctly set over DB query.
I have, without success, tried following:
- chmod go+r supertest
- experimenting with acl
- adding namespace / inbox
Any "fresh" ideas for me? Oldguy
Dear all,
I got it fixed on my own - thanks for your support ;)
From the config I removed the lines:
- mail_path = ~/Maildir
- mail_driver = maildir
then I added this to the userdb {} section userdb sql { query = <something> fields { mail_driver = maildir mail_path = ~/. } }
In my case the 'mail_path' was equal 'home'. The version 2.3 used it like that, because postfixadmin did not need any home directory for non-existing Linux users.
The error message with /proc/self/io was also displayed with a local vbox and passdb file. It has no impact.
Bye Oldguy
On 01/10/2025 02:59 EEST Old Guy via dovecot <dovecot@dovecot.org> wrote:
Dear all,
I got it fixed on my own - thanks for your support ;)
From the config I removed the lines:
- mail_path = ~/Maildir
- mail_driver = maildir
then I added this to the userdb {} section userdb sql { query = <something> fields { mail_driver = maildir mail_path = ~/. } }
In my case the 'mail_path' was equal 'home'. The version 2.3 used it like that, because postfixadmin did not need any home directory for non-existing Linux users.
The error message with /proc/self/io was also displayed with a local vbox and passdb file. It has no impact.
Bye Oldguy
Luckily debug messages are not errors. The /proc/self/io thing is for debug purposes only, not a real error. Also you could've just changed mail_path = ~/. on your global config, no need to put them in userdb.
Aki
participants (4)
-
Aki Tuomi
-
Don Bowman
-
Old Guy
-
ps2kle32@arcor.de