[Dovecot] system account delivery userdb authentication

Yann Shukor yann.shukor at azurtem.net
Tue May 28 23:10:27 EEST 2013 

Hi

I have a remaining issue with a mail server setup.

Composed of Postfix and Dovecot it is is a 'local' mail server
At first I relied upon Mysql to store the various parameters, and then 
switched to a flat file approach

I also initially set the server up to handle virtual users, but then I 
realized that it was destined to manage local system accounts only. So I 
reconfigured it accordingly

Relying on system accounts for authentication means that the domain name 
component is absent from the username (as opposed to virtual user 
identifiers)

This caused me some difficulty at first with roundcube, but I was able 
to get around it through a manual adjustment in Mysql

The remaining aspect that isn't working is the delivery of emails.

The entry in master.cf for dovecot looks looks this:

dovecot   unix  -       n       n       -       -       pipe
     flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deli
ver -d ${recipient}

The problem is that the recipient equates to the users email address, 
which can't in fact be used for authentication purposes with system 
accounts.

I then tried replacing recipient with user:

dovecot   unix  -       n       n       -       -       pipe
     flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d ${user}

There seems to be a rights issue because I get the following error:

dovecot Fatal: setgid(100(users)) failed with euid=8(mail), gid=8(mail), 
egid=8(mail): Operation not permitted

Any ideas ?

thanks

yann

# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686 i686 Debian 6.0.7 ext4
log_timestamp: %d-%m-%Y %H:%M:%S
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/certs/postfix.pem
ssl_key_file: /etc/ssl/private/postfix.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_privileged_group: mail
mail_location: maildir:/var/mail/%u
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
lda:
   auth_socket_path: /var/run/dovecot/auth-master
   postmaster_address: postmaster at holinice.com
   mail_plugins: sieve
   log_path:
   syslog_facility: mail
auth default:
   mechanisms: plain login
   verbose: yes
   passdb:
     driver: pam
   userdb:
     driver: passwd
   socket:
     type: listen
     client:
       path: /var/spool/postfix/private/auth
       mode: 432
       user: postfix
       group: postfix
     master:
       path: /var/run/dovecot/auth-master
       mode: 432
       user: mail
       group: mail

More information about the dovecot mailing list