[Dovecot] Virtual Users and permission denied on POP3 Authentication - cur directory

Iain M Conochie iain at shihad.org
Tue Jan 22 12:34:45 EET 2008


John Dubchak wrote:
> Hi,
>
> I've been working on configuring a new 
> Postfix+Dovecot+Cyrus-SASL+Postgres server to perform multi-domain 
> virtual hosting with non-unix accounts.  I believe I have everything 
> working correctly and have tested both the SASL portion and POP 
> authentication through telnet and all works as expected, with one 
> exception.
>
> When I authenticate using POP3:
>
> # telnet mail.host 110
> Trying 192.168.XXX.XXX...
> Connected to mail.host.
> Escape character is '^]'.
> +OK Dovecot ready.
> user user1 at domain1.com
> +OK
> pass secret
> +OK Logged in.
> -ERR No INBOX for user.
>
> And the maillog reports the following:
>
> Jan 21 13:42:32 mail.host dovecot: pop3-login: Login: user=<user1>, 
> method=PLAIN, rip=192.168.XXX.XXX, lip=192.168.XXX.XXX
> Jan 21 13:42:32 mail.host dovecot: POP3(user1): 
> mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: 
> Permission denied
> Jan 21 13:42:32 mail.host dovecot: POP3(user1): 
> mkdir(/var/spool/virtual_mailbox/domain1.com/user1/cur) failed: 
> Permission denied
> Jan 21 13:42:32 mail.host dovecot: POP3(user1): Couldn't open INBOX: 
> Internal error occurred. Refer to server log for more information. 
> [2008-01-21 13:42:32]
> Jan 21 13:42:32 mason dovecot: POP3(user1): No INBOX for user top=0/0, 
> retr=0/0, del=0/0, size=0
>
> The directory structures for the virtual mailboxes are:
>
> /var/spool/virtual_mailbox/domain1.com/user1
> /var/spool/virtual_mailbox/domain2.com/user1
>
> And the entire tree from virtual_mailbox down is owned by 
> vuser:vuser.  The directories have permissions 700.
>
> What I believe is happening is that Dovecot is trying to use the uid 
> and gid of user1, who doesn't have a system account, rather than 
> vuser's when writing to the virtual_mailbox folders.  I'm not sure how 
> I can configure Dovecot to use the vuser information.
if vuser has uid and gid of 5000

Have the userdb part of the dovecot config set to

userdb static {

    args = uid=5000 gid=5000 home=/var/spool/virtual_mailbox/%d/%n 
allow_all_users=yes

}

instead of using the

userdb sql {

}

That should see you right. However, beware there may be security issues 
allowing one user to write to all mailboxes.

regards

Iain

>
> Here is my dovecot.conf:
>
> -------------------------------------------------------------------------
> protocols = imap pop3
> listen = [*]
> disable_plaintext_auth = no
> syslog_facility = mail
>
> mail_location = maildir:/var/spool/virtual_mailbox/%h
>
> # Default umask to use for mail files and directories.
> #umask = 0077
>
> protocol imap {
> }
>
> protocol pop3 {
> }
>
> protocol lda {
>   postmaster_address = postmaster at example.com
> }
>
> auth_debug_passwords = yes
> auth_debug = yes
> auth_verbose = yes
> auth default {
>   # SQL database
>   passdb sql {
>     args = /etc/dovecot-sql.conf
>   }
>
>   userdb sql {
>     args = /etc/dovecot-sql.conf
>   }
>
>   user = root
> }
> -------------------------------------------------------------------------
>
> Any insight will be appreciated, I've been working on this non-stop 
> for several days now and can't seem to figure it out.
>
> Thanks,
> John
>
>



More information about the dovecot mailing list