[Dovecot] deliver can't connect to auth server at */usr/local*/var/run/dovecot/auth-master

Jerry Yeager jerry at scene-naturally.dyndns.org
Tue Jan 15 04:56:28 EET 2008


>
> ------------------------------
>
> Message: 7
> Date: Tue, 15 Jan 2008 00:21:02 +0100
> From: Andreas Ntaflos <daff at pseudoterminal.org>
> Subject: [Dovecot] deliver can't connect to auth server at
> 	*/usr/local*/var/run/dovecot/auth-master
> To: dovecot at dovecot.org
> Message-ID: <200801150021.02689.daff at pseudoterminal.org>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello list,
>
> while fiddling around with the configuration so Dovecot's LDA  
> "deliver" can be
> used by multiple users by means of Getmail (you can read about that  
> in [1]) I
> always end up running into the error message posted in the subject  
> line:
>
> Jan 15 00:00:02 HOSTNAME deliver(USERID): Can't connect to auth server
> at /usr/local/var/run/dovecot/auth-master: Permission denied
>
> Notice how it says "/usr/local/var/run/dovecot"! How and why does  
> dovecot
>                    ^^^^^^^^^^
> think that anything of any importance can be found under /usr/local/ 
> var/... ?
> Please see dovecot -n at the end of this message, but as far as I  
> can tell I
>
>    master:
>      path: /var/run/dovecot/auth-master
>      mode: 432
>      user: root
>      group: dovecot
> -- 
> Andreas "daff" Ntaflos
> Vienna, Austria
>


For the quick answer to your immediate problem / question, try:

cd /path/to/dovecot's/deliver		(probably 	/usr/local/libexec/dovecot/  )

chmod u+s deliver

(enable the setuid bit for the deliver app). Your Getmail app may not  
be truly running as root and thus does not really have permission to  
do what you want.

you may need to do the same for the group as well


Unix permissions are weird sometimes, like a $100 television tube that  
protects a 50 cent fuse by blowing first.


It does look like (from your use of /usr/local/*****) you built  
dovecot to run out of /usr/local.


One last thing, as a security idea, try something like

      master {
        path = /usr/local/var/run/dovecot/auth-master
        mode = 0600
        user = dovecot_user
        group = dovecot_group
      }

and set your postfix line that calls deliver to match:

	dovecot unix - n n - - pipe flags=DRhu  
user=dovecot_user:dovecot_group argv=/usr/local/libexec/dovecot/ 
deliver -f ${sender} -d ${recipient}


(try to have dovecot run as an unprivileged user as much as you can)
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2447 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20080114/148a124f/attachment.bin 


More information about the dovecot mailing list