[Dovecot] Pigeonhole proxy errors
I'm trying to upgrade my proxy front-ends to 2.0.2. I have the latest Pigeonhole release installed, and whenever I connect to the sieve port this gets logged in the syslog:
managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=144(<unknown>) egid=144(<unknown>) missing +x perm: /, euid is not dir owner)
I dont get any capabilities displayed on the client side.
I'm not sure why it's referring to the '/' directory. On 1.2.x, I authenticate the user and proxy to the sieve process on appropriate users back-end storage node.
Here is the sieve config in my dovecot config file:
service managesieve-login { inet_listener sieve { address = a.b.c.d port = 4190 }
inet_listener sieve_deprecated { address = a.b.c.d port = 2000 } } protocol sieve { managesieve_max_line_length = 65536 managesieve_logout_format = bytes=%i/%o managesieve_implementation_string = Dovecot Pigeonhole mail_debug=no }
Any help would be great.
thanks!
On Sat, 2010-09-11 at 11:33 -0600, Cassidy Larson wrote:
managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=144(<unknown>) egid=144(<unknown>) missing +x perm: /, euid is not dir owner)
managesieve-login is chrooted to base_dir/login/ directory and it can't connect to login socket. Your setup is somehow strange here.. Why is there no name for uid and gid 144? Is that even correct? Do you mean IMAP/POP3 proxying works and only Managesieve proxying is broken? I can't even guess what could be wrong here, maybe full doveconf -n output and "ls -la /var/run/dovecot/login/" would help.
On Mon, Sep 13, 2010 at 4:24 AM, Timo Sirainen tss@iki.fi wrote:
On Sat, 2010-09-11 at 11:33 -0600, Cassidy Larson wrote:
managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=144(<unknown>) egid=144(<unknown>) missing +x perm: /, euid is not dir owner)
managesieve-login is chrooted to base_dir/login/ directory and it can't connect to login socket. Your setup is somehow strange here.. Why is there no name for uid and gid 144? Is that even correct? Do you mean IMAP/POP3 proxying works and only Managesieve proxying is broken? I can't even guess what could be wrong here, maybe full doveconf -n output and "ls -la /var/run/dovecot/login/" would help.
Correct. IMAP/POP3 proxying works as expected. Managesieve proxy is broken. There is a name for uid/gid for 144, 'dovenull'. Here is the config and ls -la output as requested (I am using the custom dovecot config, which you recently patched managesieve to recognize):
# dovecot -c /usr/local/etc/dovecot/dovecot_infowest.conf -n # 2.0.2: /usr/local/etc/dovecot/dovecot_infowest.conf # OS: FreeBSD 8.1-RELEASE amd64 auth_master_user_separator = * auth_mechanisms = plain login cram-md5 digest-md5 ntlm rpa auth_username_format = %Lu auth_verbose = yes auth_worker_max_count = 400 base_dir = /var/run/dovecot_infowest/ disable_plaintext_auth = no first_valid_gid = 0 listen = 209.33.202.40 login_greeting = InfoWest Mail Proxy Server. mail_location = mbox:~/mail/:INBOX=/var/mail/%u mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /usr/local/etc/dovecot/dovecot_port-sql.conf driver = sql } passdb { args = /usr/local/etc/dovecot/dovecot-authchecker.conf driver = sql } protocols = imap pop3 sieve service auth { user = root } service imap-login { inet_listener imap { address = a.b.c.d port = 143 } inet_listener imaps { address = a.b.c.d port = 993 } process_limit = 512 process_min_avail = 3 service_count = 1 user = dovecot } service managesieve-login { inet_listener sieve { address = a.b.c.d port = 4190 } inet_listener sieve_deprecated { address = a.b.c.d port = 2000 } } service pop3-login { inet_listener pop3 { address = a.b.c.d port = 110 } inet_listener pop3s { address = a.b.c.d port = 995 } process_limit = 512 process_min_avail = 3 service_count = 1 user = dovecot } shutdown_clients = no ssl_cert =
####
# ls -la /var/run/dovecot_infowest/login total 8 drwxr-x--- 2 root dovecot 512 Sep 8 11:53 . drwxr-xr-x 4 root wheel 512 Sep 8 11:53 .. srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 dns-client srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 imap srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 login srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 pop3 srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 sieve srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 ssl-params
On Mon, 2010-09-13 at 10:56 -0600, Cassidy Larson wrote:
service imap-login { user = dovecot } service pop3-login { user = dovecot }
You've changed imap-login and pop3-login to use user "dovecot" (not the default dovenull).
service managesieve-login { inet_listener sieve { address = a.b.c.d port = 4190 } inet_listener sieve_deprecated { address = a.b.c.d port = 2000 } }
But you haven't done that to managesieve-login. If you already have dovenull user, you should be using it in those (just remove the user= lines). Hmm. Maybe your v1.x config used an explicit "login_user=dovecot" and that got converted automatically?..
But you haven't done that to managesieve-login. If you already have dovenull user, you should be using it in those (just remove the user= lines). Hmm. Maybe your v1.x config used an explicit "login_user=dovecot" and that got converted automatically?..
yes. that was it. I removed the user = dovecot from those sections and now managesieve responds with capabilities as expected.
Thank you!
participants (2)
-
Cassidy Larson
-
Timo Sirainen