mail_crypt module and error with tmp directory
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Via Dante Alighieri, 10 - 13900 - BIELLA tel. +39 015 2431982-1 - fax 015 2522600 https://esseweb.eu
Questo messaggio e i suoi allegati ai sensi del Regolamento (UE) 2016/679 sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete pregati di darne immediata comunicazione al mittente e provvedere alla sua distruzione.
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Il 03/05/21 09:47, Aki Tuomi ha scritto:
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto:
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Il 03/05/21 10:42, Aki Tuomi ha scritto:
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto:
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Hi, thank you. I can't see that directory under /tmp.... Is there a way to create it?
Regards Fiorenza
On 03/05/2021 11:53 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 10:42, Aki Tuomi ha scritto:
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto:
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Hi, thank you. I can't see that directory under /tmp.... Is there a way to create it?
Regards Fiorenza
Depends a lot on your setup. I see I got the mask wrong, it's really
/tmp/*systemd*dovecot*/tmp
Aki
Il 03/05/21 11:37, Aki Tuomi ha scritto:
On 03/05/2021 11:53 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 10:42, Aki Tuomi ha scritto:
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto:
On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Hi, I successfully enable mail_crypt module but I'm experiencing a strange behaviour with tmp directory while accessing with POP3 protocol:
I see in log file: Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: Permission denied
I changed tmp directory configuration (mail_temp_dir variable) and setting it with 777 permission, but the error is the same.
On client side it's working everything, but I'd like to understand the error and if I have to be worried about it.
Thank you and regards Fiorenza
-- Fiorenza Meini/Spazio Web
Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Hi, thank you. I can't see that directory under /tmp.... Is there a way to create it?
Regards Fiorenza
Depends a lot on your setup. I see I got the mask wrong, it's really
/tmp/*systemd*dovecot*/tmp
Aki
Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 on these directory. Restarted dovecot, nothing changed and the error is the same.
Trying to understand which is exactly the tmp directory used by dovecot, I configured the variable mail_temp_dir, and I saw that dovecot used the directory configured, which was different from /tmp.
Under what conditions does dovecot use the temporary directory?
Thank you and regards
Fiorenza
On 03/05/2021 13:14 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 11:37, Aki Tuomi ha scritto:
On 03/05/2021 11:53 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 10:42, Aki Tuomi ha scritto:
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto:
> On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote: > >
> Hi, > I successfully enable mail_crypt module but I'm experiencing a strange > behaviour with tmp directory while accessing with POP3 protocol: > > I see in log file: > Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: > Permission denied > > I changed tmp directory configuration (mail_temp_dir variable) and > setting it with 777 permission, but the error is the same. > > On client side it's working everything, but I'd like to understand the > error and if I have to be worried about it. > > Thank you and regards > Fiorenza > > -- > Fiorenza Meini/Spazio Web >Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
Aki
Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Hi, thank you. I can't see that directory under /tmp.... Is there a way to create it?
Regards Fiorenza
Depends a lot on your setup. I see I got the mask wrong, it's really
/tmp/*systemd*dovecot*/tmp
Aki
Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 on these directory. Restarted dovecot, nothing changed and the error is the same.
Trying to understand which is exactly the tmp directory used by dovecot, I configured the variable mail_temp_dir, and I saw that dovecot used the directory configured, which was different from /tmp.
Under what conditions does dovecot use the temporary directory?
Thank you and regards
Fiorenza
You cannot create the directory by hand, it's managed by systemd. If you do not have that directory you are either not using systemd, or you have disabled PrivateTmp=yes.
Dovecot uses mail_temp_dir when it needs to "buffer" data to disk when reading/writing mails.
Aki
Il 03/05/21 12:21, Aki Tuomi ha scritto:
On 03/05/2021 13:14 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 11:37, Aki Tuomi ha scritto:
On 03/05/2021 11:53 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 10:42, Aki Tuomi ha scritto:
On 03/05/2021 11:16 Fiorenza Meini <fmeini@esseweb.eu> wrote:
Il 03/05/21 09:47, Aki Tuomi ha scritto: > >> On 03/05/2021 10:42 Fiorenza Meini <fmeini@esseweb.eu> wrote: >> >>
>> Hi, >> I successfully enable mail_crypt module but I'm experiencing a strange >> behaviour with tmp directory while accessing with POP3 protocol: >> >> I see in log file: >> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed: >> Permission denied >> >> I changed tmp directory configuration (mail_temp_dir variable) and >> setting it with 777 permission, but the error is the same. >> >> On client side it's working everything, but I'd like to understand the >> error and if I have to be worried about it. >> >> Thank you and regards >> Fiorenza >> >> -- >> Fiorenza Meini/Spazio Web >> > > Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though. > > Aki >Hi, I have apparmor installed on the machine, but even if stopped it the problem didn't solved.
I think dovecot's systemd unit file configuration is this one:/usr/lib/tmpfiles.d/dovecot.conf
It's content is this: # Type Path Mode UID GID Age Argument d /var/run/dovecot/ 0755 root root - - d /var/run/dovecot/login/ 0750 root dovecot - -
Should I insert here a line for /tmp directory ?
Thank you and regards
Fiorenza
I don't think you need to do that.
Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
Aki
Hi, thank you. I can't see that directory under /tmp.... Is there a way to create it?
Regards Fiorenza
Depends a lot on your setup. I see I got the mask wrong, it's really
/tmp/*systemd*dovecot*/tmp
Aki
Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 on these directory. Restarted dovecot, nothing changed and the error is the same.
Trying to understand which is exactly the tmp directory used by dovecot, I configured the variable mail_temp_dir, and I saw that dovecot used the directory configured, which was different from /tmp.
Under what conditions does dovecot use the temporary directory?
Thank you and regards
Fiorenza
You cannot create the directory by hand, it's managed by systemd. If you do not have that directory you are either not using systemd, or you have disabled PrivateTmp=yes.
Dovecot uses mail_temp_dir when it needs to "buffer" data to disk when reading/writing mails.
Aki
Hi, thank you for your response. The problem was with apparmor which was enabled for Dovecot but probably for POP3 protocol wasn't configured correctly. I disabled apparmor and it seems that problem is disappeared.... Crossing my fingers..... :) :)
Regards
Fiorenza
participants (2)
-
Aki Tuomi
-
Fiorenza Meini