On Mon, Sep 13, 2010 at 4:24 AM, Timo Sirainen <tss@iki.fi> wrote:

On Sat, 2010-09-11 at 11:33 -0600, Cassidy Larson wrote:

...

managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=144(<unknown>) egid=144(<unknown>) missing +x perm: /, euid is not dir owner)

managesieve-login is chrooted to base_dir/login/ directory and it can't connect to login socket. Your setup is somehow strange here.. Why is there no name for uid and gid 144? Is that even correct? Do you mean IMAP/POP3 proxying works and only Managesieve proxying is broken? I can't even guess what could be wrong here, maybe full doveconf -n output and "ls -la /var/run/dovecot/login/" would help.

Correct. IMAP/POP3 proxying works as expected. Managesieve proxy is broken. There is a name for uid/gid for 144, 'dovenull'. Here is the config and ls -la output as requested (I am using the custom dovecot config, which you recently patched managesieve to recognize):

# dovecot -c /usr/local/etc/dovecot/dovecot_infowest.conf -n # 2.0.2: /usr/local/etc/dovecot/dovecot_infowest.conf # OS: FreeBSD 8.1-RELEASE amd64 auth_master_user_separator = * auth_mechanisms = plain login cram-md5 digest-md5 ntlm rpa auth_username_format = %Lu auth_verbose = yes auth_worker_max_count = 400 base_dir = /var/run/dovecot_infowest/ disable_plaintext_auth = no first_valid_gid = 0 listen = 209.33.202.40 login_greeting = InfoWest Mail Proxy Server. mail_location = mbox:~/mail/:INBOX=/var/mail/%u mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /usr/local/etc/dovecot/dovecot_port-sql.conf driver = sql } passdb { args = /usr/local/etc/dovecot/dovecot-authchecker.conf driver = sql } protocols = imap pop3 sieve service auth { user = root } service imap-login { inet_listener imap { address = a.b.c.d port = 143 } inet_listener imaps { address = a.b.c.d port = 993 } process_limit = 512 process_min_avail = 3 service_count = 1 user = dovecot } service managesieve-login { inet_listener sieve { address = a.b.c.d port = 4190 } inet_listener sieve_deprecated { address = a.b.c.d port = 2000 } } service pop3-login { inet_listener pop3 { address = a.b.c.d port = 110 } inet_listener pop3s { address = a.b.c.d port = 995 } process_limit = 512 process_min_avail = 3 service_count = 1 user = dovecot } shutdown_clients = no ssl_cert = </etc/ssl/certs/infowest.com.crt ssl_cipher_list = ALL:!LOW:!SSLv2 ssl_key = </etc/ssl/private/infowest.com.key syslog_facility = local7 userdb { args = /usr/local/etc/dovecot/dovecot-authchecker.conf driver = sql } verbose_proctitle = yes protocol imap { mail_plugins = $mail_plugins quota imap_quota } protocol pop3 { mail_plugins = $mail_plugins quota } protocol sieve { mail_debug = no managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_line_length = 65536 }

####

# ls -la /var/run/dovecot_infowest/login total 8 drwxr-x--- 2 root dovecot 512 Sep 8 11:53 . drwxr-xr-x 4 root wheel 512 Sep 8 11:53 .. srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 dns-client srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 imap srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 login srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 pop3 srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 sieve srw-rw-rw- 1 root dovecot 0 Sep 8 11:53 ssl-params

But you haven't done that to managesieve-login. If you already have dovenull user, you should be using it in those (just remove the user= lines). Hmm. Maybe your v1.x config used an explicit "login_user=dovecot" and that got converted automatically?..

yes. that was it. I removed the user = dovecot from those sections and now managesieve responds with capabilities as expected.

Thank you!