[Dovecot] deliver net_connect auth-master failed: Permission denied

Bill Cole dovecot-20061108 at billmail.scconsult.com
Wed Sep 26 04:07:24 EEST 2007


At 7:19 PM -0500 9/25/07, Rich Winkel  imposed structure on a stream 
of electrons, yielding:
>Ok, I've ALMOST got this working ... I can run deliver as a user, but when
>I try using it as the default delivery agent from sendmail, I get
>deliver(userid): net_connect(/var/run/dovecot/auth-master) failed: 
>Permission denied
>
>Does deliver run as root, as the recipient's ID, sendmail's ID or
>sendmail's GID?  (I'm running freebsd)

Ideally, it should run SUID+SGID  to a user and group that exist to 
make mail delivery permissions work. See 
http://wiki.dovecot.org/LDA/Sendmail and http://wiki.dovecot.org/LDA

The key bit is on the main LDA page where it describes the master 
socket config and on the Sendmail page where it discusses 'non-root' 
sendmail setups, which is  really applicable to all common setups of 
modern Sendmail.


>Or am I totally clueless ??

Well, the Mizzou address argues one way, but I'll give you the 
benefit of the doubt and say maybe not...
:)

The bottom line: make up a user and group to own the master socket, 
structure your inbox permissions so that deliver can run that way and 
write to them, and make deliver SUID/SGID.

Structuring inbox permissions so that can work is a potentially 
complex problem.

>Here is dovecot -n:
>
># 1.0.3: /usr/local/etc/dovecot.conf
>base_dir: /var/run/dovecot/
>listen: localhost:996
>ssl_disable: yes
>login_dir: /var/run/dovecot/login
>login_executable: /usr/local/libexec/dovecot/imap-login
>login_greeting_capability: yes
>first_valid_uid: 100
>mail_extra_groups: mail
>mail_location: 
>mbox:~/mail:INBOX=/var/mail/%u:INDEX=/var/spool/dovecot_indexes/%u
>lock_method: flock
>mbox_read_locks: flock
>mbox_write_locks: flock
>auth default:
>   passdb:
>     driver: pam
>   userdb:
>     driver: passwd
>   socket:
>     type: listen
>     client:
>       path: /var/run/dovecot/auth-client
>       mode: 432
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 432
>
>Thanks!!!!!
>Rich

-- 
Bill Cole
bill at scconsult.com



More information about the dovecot mailing list