[Dovecot] spamc can't seem to call /usr/lib/dovecot/deliver

Bill Shirley Bill at KnoxvilleChristian.org
Wed Oct 24 04:32:59 EEST 2012


On 10/23/2012 9:06 PM, Bill Shirley wrote:
>
> On 10/23/2012 4:52 PM, Troy Vitullo wrote:
>> Hi,
>>
>> My server uses a system comprised of postfix, dovecot and dspam to 
>> filter and deliver mail.
>>
>> Postfix used the following flags in calling spamc and dovecot:
>>
>> flags=DRhu user=dovecot:secmail argv=/usr/bin/spamc -u ${recipient} 
>> -e /usr/lib/dovecot/deliver -d ${recipient}
>>
>> after an upgrade from Debian lenny to squeeze we were able to get 
>> everything working except spam filtering. Spamassassin is able to 
>> judge whether the mail coming in is spam but everything stops there.
>>
>> In mail.err I see:
>>
>> pamc[3608]: exec failed: Permission denied
>>
>> spamc shows the same thing in syslog:
>>
>> exec failed: Permission denied
>>
>> postfix delays the email:
>>
>> postfix/pipe[3607]: 50DEFF180EE: to=<[mail]>, relay=dovecot, 
>> delay=1.7, delays=0.07/0.01/0/1.6, dsn=4.3.0, status=deferred (system 
>> resource problem)
>>
>> Here are the permissions for deliver:
>>
>> -rwsr-x--- 1 root dovecot 865084 May 25  2011 /usr/lib/dovecot/deliver
>>
>> Here are the relevant groups:
>>
>> s1:~# grep dovecot /etc/group
>> secmail:x:119:postfix,spamd,dovecot
>> dovecot:x:111:
>>
>> here's the dovecot user:
>> s1:~# grep dovecot /etc/passwd
>> dovecot:x:108:111:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
>>
>> here's dovecot -n:
>>
>> # 1.2.15: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.26-2-686 i686 Debian 6.0.6
>> base_dir: /var/run/dovecot/
>> protocols: imap imaps pop3s pop3
>> ssl_cert_file: /etc/ssl/certs/s1.troyvit.com.cert
>> ssl_key_file: /etc/ssl/private/s1.troyvit.com.key
>> ssl_cipher_list: ALL:!LOW
>> disable_plaintext_auth: no
>> verbose_ssl: yes
>> login_dir: /var/run/dovecot/login
>> login_executable(default): /usr/lib/dovecot/imap-login
>> login_executable(imap): /usr/lib/dovecot/imap-login
>> login_executable(pop3): /usr/lib/dovecot/pop3-login
>> mail_location: maildir:%h/Maildir/
>> mbox_write_locks: fcntl dotlock
>> mail_executable(default): /usr/lib/dovecot/imap
>> mail_executable(imap): /usr/lib/dovecot/imap
>> mail_executable(pop3): /usr/lib/dovecot/pop3
>> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
>> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
>> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
>> pop3_enable_last(default): no
>> pop3_enable_last(imap): no
>> pop3_enable_last(pop3): yes
>> pop3_client_workarounds(default):
>> pop3_client_workarounds(imap):
>> pop3_client_workarounds(pop3): outlook-no-nuls, oe-ns-eoh
>> pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
>> pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
>> pop3_logout_format(pop3): top=%t/%T, retr=%r/%R, del=%d/%m, size=%s
>> namespace:
>>    type: private
>>    separator: /
>>    inbox: yes
>>    list: yes
>>    subscriptions: yes
>> lda:
>>    postmaster_address: postmaster at sphere.local
>>    auth_socket_path: /var/run/dovecot/auth-master
>>    mail_plugin_dir: /usr/lib/dovecot/modules/lda/
>>    mail_plugins: sieve
>> auth default:
>>    mechanisms: plain login
>>    verbose: yes
>>    debug: yes
>>    debug_passwords: yes
>>    passdb:
>>      driver: pam
>>      args: dovecot
>>    passdb:
>>      driver: sql
>>      args: /etc/dovecot/dovecot-sql.conf
>>    userdb:
>>      driver: passwd
>>    userdb:
>>      driver: sql
>>      args: /etc/dovecot/dovecot-sql.conf
>>    socket:
>>      type: listen
>>      client:
>>        path: /var/spool/postfix/private/auth
>>        mode: 432
>>        user: postfix
>>        group: postfix
>>      master:
>>        path: /var/run/dovecot/auth-master
>>        mode: 438
>>        user: dovecot
>> plugin:
>>    sieve_global_path: /etc/dovecot/default.sieve
>>    sieve: /srv/%d/mail/%n/%n.sieve
>>
>> Many thanks in advance for any advice you can give.
>>
>> Troy
>
> What is your mailbox_command in main.cf?  I just use:
> mailbox_command = /usr/bin/spamc -u "$USER" -e 
> /usr/lib64/dovecot/deliver -a "$RECIPIENT" -f "$SENDER" -m "$EXTENSION"
>
> I don't need anything in master.cf.  But you should be using -u 
> ${user} for spamc.
>
> Bill
>
Forgot to ask, are you using Spamassassin's per-user configs?  If you're 
not, that probably is your problem.  It's probably trying to update 
bayes tokens and it doesn't have permission.

I use per-user configs which are nice.  One man's spam is another man's 
ham.  Plus each user can have his/her own whitelist.

I use these spamd args: -d -c -m10 --user-config
You usually can find the args in /etc/sysconfig.

Bill




More information about the dovecot mailing list