[Dovecot] help with LMTP setup

Jeff Lacki jeep at rahul.net
Mon Apr 29 20:26:29 EEST 2013 

Im trying to convert my dovecot-lda setup to use LMTP for better
security.  My setup is postfix + dovecot + mysql with virtual users.
Im setting up dovecot 2.2.1 w/postfix 2.10.0

Im still learning dovecot so Im not totally sure where Im going wrong.
Can someone point out why Im getting permission problems?
Im also concerned with server security, so if you notice anything that should
be better, please point that out.  I am the only user on this Linux box.

Thank you!

ls -l /opt/imapdata/j/jeff/INBOX
total 8
drwxr-xr-x 2 vmail vmail 4096 Apr 27 14:21 ./
drwxr-xr-x 3 vmail vmail 4096 Apr 27 14:21 ../

Dovecot is running with the following users:
root     20847  0.0  0.0  15572  1108 ?        Ss   10:23   0:00 /opt/optdovecot/sbin/dovecot
dovenull 20848  0.0  0.0  46752  2724 ?        S    10:23   0:00 dovecot/imap-login
dovenull 20849  0.0  0.0  46752  2720 ?        S    10:23   0:00 dovecot/imap-login
vmail    20850  0.0  0.0  13408  1068 ?        S    10:23   0:00 dovecot/anvil
root     20851  0.0  0.0  13540  1192 ?        S    10:23   0:00 dovecot/log
root     20853  0.0  0.0  16504  2128 ?        S    10:23   0:00 dovecot/config
vmail    20854  0.0  0.0 136448  2972 ?        S    10:23   0:00 dovecot/auth

Im getting the following when an email comes in:

Apr 29 10:11:57 fed8 postfix/virtual[20666]: D88F3DF3BD: to=<jeff at mydomain.com>, relay=virtual, delay=370, delays=370/0.03/0/0.07, dsn=4.2.0, status=deferred (delivery failed to mailbox ///opt/imapdata/j/jeff/INBOX/inbox: unable to create lock file ///opt/imapdata/j/jeff/INBOX/inbox.lock: Permission denied)

my postfix/master.cf entry:

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient}


doveconf -n:

# 2.2.1: /opt/dovecot221/etc/dovecot/dovecot.conf
# OS: Linux 3.8.5-201.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
default_internal_user = vmail
first_valid_gid = 2000
first_valid_uid = 2000
listen = *
lock_method = flock
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = vmail
mail_privileged_group = vmail
mail_uid = vmail
mbox_lock_timeout = 1 mins
mbox_write_locks = fcntl
passdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
}
postmaster_address = jeff at otherdomain.com
protocols = imap lmtp
sendmail_path = /usr/lib/sendmail
service auth {
  inet_listener {
    port = 12345
  }
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0660
    user = vmail
  }
  user = $default_internal_user
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 2
  service_count = 1
  vsz_limit = 64 M
}
service lmtp {
  executable = lmtp -L
  inet_listener lmtp {
    address = 192.168.1.22 127.0.0.1
    port = 24
  }
  unix_listener lmtp {
    mode = 0666
  }
  user = vmail
}
ssl = required
ssl_cert = </opt/dovecot/etc/dovecot/conf.d/ssl/certs/dovecot.pem
ssl_cipher_list = ALL:!LOW:!MEDIUM:!SSLv1:!SSLv2:!MD5:!SSL1:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA:TLSv1
ssl_key = </opt/dovecot/etc/dovecot/conf.d/ssl/private/dovecot.pem
userdb {
  args = uid=vmail gid=vmail home=/opt/imapdata/%1n/%n
  driver = static
}
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
userdb {
  args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
  driver = sql
}
verbose_ssl = yes
protocol lmtp {
  info_log_path = /var/log/dovelmtp.log
  mail_plugins = " sieve"
}
protocol lda {
  info_log_path = /var/log/doveinfo.log
  log_path = /var/log/dovelda.log
}
protocol imap {
  imap_idle_notify_interval = 1 mins
  imap_max_line_length = 64 k
  mail_max_userip_connections = 5
}


/mf/home/jeep/shell/.signature

More information about the dovecot mailing list