[Dovecot] auth-master: Permission denied [sigh]

James Butler jbutler at thebestdefense.com
Sun Apr 12 23:21:56 EEST 2009 

Thank you! Even setting the /var/run/dovecot tree to all chmod 777s
doesn't help. I'm probably mis-remembering the ownership of auth-master,
in my original note. I haven't seen it since I left my notes at work.

With regard to this maillog entry:

> postfix/pipe[29452]: 60990FA01BA: to=<recipient at example-receive.com>, \
>  relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \
>  status=deferred (temporary failure)

It IS a (temporary failure), because soon after I revert to the simple:
>>  mailbox_command = /usr/local/libexec/dovecot/deliver
the message arrives to the recipient user's mailbox.

It's the spamassassin => deliver handoff and user SWITCH that seems to be
problematic.

But then, my brain is all garbled, at this point, so I can't really trust
any of my logic. I'll check back in, tomorrow.

Thanks, again.

James

> Hi,
>
> I was having problems with permissions on auth-master too. I solve them
> creating manually the folder /var/run/dovecot with correct permissions but
> i
> see you already did that :\
>
> On Sun, Apr 12, 2009 at 5:27 PM, James Butler
> <jbutler at thebestdefense.com>wrote:
>
>> I've been messing with this for too long, now, and I'm blind to
>> whatever's
>> wrong. Or I'm simply being dense. Either way, I need help with a common
>> issue.
>>
>> I'm trying to get Postfix+Spamassassin+Dovecot going on Fedora 10. (I'll
>> get back to the global Sieve thingy soon, but I need to get this going,
>> first.)
>>
>> When using the simple:
>>  mailbox_command = /usr/local/libexec/dovecot/deliver
>> everything is cool, except there's no Spamassassin involvement,
>> obviously.
>>
>> The problem shows itself when the Spamassassin user hands off to the
>> recipient user and Deliver + the recipient user tries to access
>> /var/run/dovecot/auth-master.
>>
>> Thank you for any insight you can provide.
>>
>> /var/run/dovecot: 755 root:dovecot
>> /var/run/dovecot/login: 750 root:dovecot
>> /var/run/dovecot/auth-master: 750 root:dovecot
>> (I think. auth-master is a temporary file? Comes and goes.)
>>
>> >From /etc/postfix/main.cf
>>
>> mailbox_transport = spamassassin
>>
>> >From /etc/postfix/master.cf:
>>
>> spamassassin unix - n n - - pipe
>>  user=spam argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
>>  -f ${sender} -d ${user} -m ${extension}
>>
>> Here's my 'socket listen' section from /usr/local/etc/dovecot.conf:
>>
>> socket listen {
>>  master {
>>  path = /var/run/dovecot/auth-master
>>  mode = 0666
>>  #user =
>>  group = dovecot
>>  }
>>  client {
>>  path = /var/run/dovecot/auth-client
>>  mode = 0666
>>  #user =
>>  group = dovecot
>>  }
>> }
>>
>> >From /var/log/maillog:
>>
>> Postfix receives the message:
>>
>> postfix/smtpd[29447]: connect from \
>>  IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>> postfix/smtpd[29447]: 60990FA01BA: \
>>  client=IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>> postfix/cleanup[29451]: 60990FA01BA: \
>>  message-id=<49E20BF2.4090408 at example-send.com>
>> postfix/qmgr[29441]: 60990FA01BA: from=<sender at example-send.com>, \
>>  size=812, nrcpt=1 (queue active)
>> postfix/smtpd[29447]: disconnect from \
>>  IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>>
>> Spamassassin processes the message as user 'spam':
>>
>> spamd[4121]: spamd: processing message\
>>  <49E20BF2.4090408 at example-send.com> for spam:653
>> spamd[4121]: spamd: clean message (3.0/5.0) for spam:653 in 5.2
>> seconds,\
>>  793 bytes.
>> spamd[4121]: spamd: result: . 2 - RDNS_DYNAMIC,TVD_SPACE_RATIO \
>>  scantime=5.2,size=793,user=spam,uid=653,required_score=5.0, \
>>  rhost=localhost.localdomain,raddr=127.0.0.1,rport=42493, \
>>  mid=<49E20BF2.4090408 at example-send.com>,autolearn=no
>>
>> Spamassassin pipes result to Deliver which runs as recipient user.
>>
>> Deliver as recipient user doesn't have permission to auth:
>>
>> deliver(recipient): Can't connect to auth server at \
>>  /var/run/dovecot/auth-master: Permission denied
>> postfix/pipe[29452]: 60990FA01BA: to=<recipient at example-receive.com>, \
>>  relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \
>>  status=deferred (temporary failure)
>>
>> 1) I must use the 'user=' arg for spamc
>> 2) Can't use 'user=${user}' or $user:
>>   fatal: get_service_attr: unknown username: ${user}
>> 3) Must use '-d ${user}' Deliver arg, otherwise
>>   message gets delivered to user 'spam'
>>
>> AArrgh! TIA.
>>
>>
>
>
> --
> telemóvel: 963446125
> mail: rui.arc at gmail.com
> mail: ei04073 at fe.up.pt
> website: http://paginas.fe.up.pt/~ei04073
>

More information about the dovecot mailing list