[Dovecot] auth-master: Permission denied [sigh]
James Butler
jbutler at thebestdefense.com
Tue Apr 14 01:48:48 EEST 2009
My latest test:
spam:dovecot => user: spam
user1:dovecot => user: user1
root:dovecot => binary: /usr/local/libexec/deliver
root:dovecot 777 => dir: /var/run/dovecot/
Still getting:
deliver(user1): Can't connect to auth server at \
/var/run/dovecot/auth-master: Permission denied
What's the key to this problem?
If I set spam, user1, deliver and /var/run/dovecot/ to the same group, and
give read/write permission in that directory to that group, why can't they
all use auth-master?
1) User 'spam:dovecot' runs Smapassassin
2) Hands off to deliver (root:dovecot)
3) Deliver assumes 'user1:dovecot' identity
4) Can't access auth-master in 'root:dovecot' directory (777)
So it's 'auth-master' that is (a) not available to 'user1' AND (b) not
available to group 'dovecot'. Huh? Why not?
I'm obviously missing info about the temporary 'auth-master'.
Can anyone please give me a hand? I'd really appreciate it.
Thank you.
James
> Thank you! Even setting the /var/run/dovecot tree to all chmod 777s
> doesn't help. I'm probably mis-remembering the ownership of auth-master,
> in my original note. I haven't seen it since I left my notes at work.
>
> With regard to this maillog entry:
>
>> postfix/pipe[29452]: 60990FA01BA: to=<recipient at example-receive.com>, \
>> relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \
>> status=deferred (temporary failure)
>
> It IS a (temporary failure), because soon after I revert to the simple:
>>> mailbox_command = /usr/local/libexec/dovecot/deliver
> the message arrives to the recipient user's mailbox.
>
> It's the spamassassin => deliver handoff and user SWITCH that seems to be
> problematic.
>
> But then, my brain is all garbled, at this point, so I can't really trust
> any of my logic. I'll check back in, tomorrow.
>
> Thanks, again.
>
> James
>
>> Hi,
>>
>> I was having problems with permissions on auth-master too. I solve them
>> creating manually the folder /var/run/dovecot with correct permissions
>> but
>> i
>> see you already did that :\
>>
>> On Sun, Apr 12, 2009 at 5:27 PM, James Butler
>> <jbutler at thebestdefense.com>wrote:
>>
>>> I've been messing with this for too long, now, and I'm blind to
>>> whatever's
>>> wrong. Or I'm simply being dense. Either way, I need help with a common
>>> issue.
>>>
>>> I'm trying to get Postfix+Spamassassin+Dovecot going on Fedora 10.
>>> (I'll
>>> get back to the global Sieve thingy soon, but I need to get this going,
>>> first.)
>>>
>>> When using the simple:
>>> mailbox_command = /usr/local/libexec/dovecot/deliver
>>> everything is cool, except there's no Spamassassin involvement,
>>> obviously.
>>>
>>> The problem shows itself when the Spamassassin user hands off to the
>>> recipient user and Deliver + the recipient user tries to access
>>> /var/run/dovecot/auth-master.
>>>
>>> Thank you for any insight you can provide.
>>>
>>> /var/run/dovecot: 755 root:dovecot
>>> /var/run/dovecot/login: 750 root:dovecot
>>> /var/run/dovecot/auth-master: 750 root:dovecot
>>> (I think. auth-master is a temporary file? Comes and goes.)
>>>
>>> >From /etc/postfix/main.cf
>>>
>>> mailbox_transport = spamassassin
>>>
>>> >From /etc/postfix/master.cf:
>>>
>>> spamassassin unix - n n - - pipe
>>> user=spam argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver
>>> -f ${sender} -d ${user} -m ${extension}
>>>
>>> Here's my 'socket listen' section from /usr/local/etc/dovecot.conf:
>>>
>>> socket listen {
>>> master {
>>> path = /var/run/dovecot/auth-master
>>> mode = 0666
>>> #user =
>>> group = dovecot
>>> }
>>> client {
>>> path = /var/run/dovecot/auth-client
>>> mode = 0666
>>> #user =
>>> group = dovecot
>>> }
>>> }
>>>
>>> >From /var/log/maillog:
>>>
>>> Postfix receives the message:
>>>
>>> postfix/smtpd[29447]: connect from \
>>> IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>>> postfix/smtpd[29447]: 60990FA01BA: \
>>> client=IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>>> postfix/cleanup[29451]: 60990FA01BA: \
>>> message-id=<49E20BF2.4090408 at example-send.com>
>>> postfix/qmgr[29441]: 60990FA01BA: from=<sender at example-send.com>, \
>>> size=812, nrcpt=1 (queue active)
>>> postfix/smtpd[29447]: disconnect from \
>>> IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS]
>>>
>>> Spamassassin processes the message as user 'spam':
>>>
>>> spamd[4121]: spamd: processing message\
>>> <49E20BF2.4090408 at example-send.com> for spam:653
>>> spamd[4121]: spamd: clean message (3.0/5.0) for spam:653 in 5.2
>>> seconds,\
>>> 793 bytes.
>>> spamd[4121]: spamd: result: . 2 - RDNS_DYNAMIC,TVD_SPACE_RATIO \
>>> scantime=5.2,size=793,user=spam,uid=653,required_score=5.0, \
>>> rhost=localhost.localdomain,raddr=127.0.0.1,rport=42493, \
>>> mid=<49E20BF2.4090408 at example-send.com>,autolearn=no
>>>
>>> Spamassassin pipes result to Deliver which runs as recipient user.
>>>
>>> Deliver as recipient user doesn't have permission to auth:
>>>
>>> deliver(recipient): Can't connect to auth server at \
>>> /var/run/dovecot/auth-master: Permission denied
>>> postfix/pipe[29452]: 60990FA01BA: to=<recipient at example-receive.com>, \
>>> relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \
>>> status=deferred (temporary failure)
>>>
>>> 1) I must use the 'user=' arg for spamc
>>> 2) Can't use 'user=${user}' or $user:
>>> fatal: get_service_attr: unknown username: ${user}
>>> 3) Must use '-d ${user}' Deliver arg, otherwise
>>> message gets delivered to user 'spam'
>>>
>>> AArrgh! TIA.
>>>
>>>
>>
>>
>> --
>> telemóvel: 963446125
>> mail: rui.arc at gmail.com
>> mail: ei04073 at fe.up.pt
>> website: http://paginas.fe.up.pt/~ei04073
>>
>
>
More information about the dovecot
mailing list