Using dovecot-lda with sendmail
Chris Szilagyi
chris at apex-internet.com
Sat Nov 15 15:17:02 UTC 2014
>
>>
>> It seems that sendamil is running the lda, but the lda has problems
>> that are reported by by exiting with tempfail. You should check the
>> logging that is emitted by dovecot-lda to find what the problem is.
>>
>> Ownership of the binary should not be one of them, I think, but show
>> us logging from dovecot-lda and we can tell you more. 'dovecot -n'
>> output would also help a lot.
>>
>> Regards,
>> Tom
>
> I've enabled dovecot-lda logging with:
>
> protocol lda {
> log_path =
> info_log_path =
> syslog_facility = mail
> }
>
> However it's not producing any entries in the mail syslog. I'm wondering if
> it's not even executing dovecot-lda then. As a test I tried running
> "/usr/libexec/dovecot/dovecot-lda -d username" directly as root to see what
> happens, and I got a blank email delivered to "username" OK. So based on
> this I think lda is OK? I am not seeing any errors logged when sendmail
> tries to use dovecot-lda though.
>
> Here's what "dovecot -n" shows:
>
> # 2.2.10: /etc/dovecot/dovecot.conf
> # OS: Linux 3.10.0-123.9.2.el7.x86_64 x86_64 CentOS Linux release 7.0.1406
> (Core) ext4
> mail_location = mbox:/mail/home/%u/mail:INBOX=/mail/spool/%u
> mail_plugins = " quota"
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> mbox_write_locks = fcntl
> namespace inbox {
> inbox = yes
> location =
> prefix =
> }
> passdb {
> driver = pam
> }
> plugin {
> quota = fs:User quota:user
> quota_rule = *:storage=1G
> quota_rule2 = Trash:storage=+100M
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> }
> postmaster_address = postmaster at localhost
> protocols = imap pop3 sieve
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> }
> ssl_cert = </etc/pki/tls/certs/mailcert.crt
> ssl_key = </etc/pki/tls/private/mailcert.key
> userdb {
> driver = passwd
> }
> protocol lda {
> info_log_path =
> log_path =
> syslog_facility = mail
> }
> protocol imap {
> mail_plugins = " quota imap_quota"
> }
>
>
> Thank you very much for any further thoughts on this.
> --
> Chris
>
These errors just started showing up in the mail syslog, FINALLY. Not sure
why it took this long.
dovecot: lda(username): Fatal:
setresgid(1000(username),1000(username),12(mail)) failed with euid=0(root):
Operation not permitted
After turning off SELinux, mail was finally being delivered! So, I adjusted
SELinux to allow a few denied errors for dovecot-lda (including filesystem
quotas):
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotlda.te
Then, verified the contents of "dovecotlda.te":
module local 1.0;
require {
type fs_t;
type mqueue_spool_t;
type dovecot_deliver_t;
class capability { setuid setgid };
class file write;
class filesystem quotaget;
}
#============= dovecot_deliver_t ==============
allow dovecot_deliver_t fs_t:filesystem quotaget;
allow dovecot_deliver_t mqueue_spool_t:file write;
allow dovecot_deliver_t self:capability { setuid setgid };
Then create the policy file and activate it:
checkmodule -M -m -o dovecotlda.mod dovecotlda.te
semodule_package -o dovecotlda.pp -m dovecotlda.mod
semodule -i dovecotlda.pp
Now with SELinux enforcing, I'm getting mail delivered OK.
Also just to confirm, this is the line I'm using in /etc/mail/sendmail.mc:
FEATURE(`local_procmail',
`/usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d
$u')dnl
Thanks again for the help, hopefully this helps others in the future with
sendmail.
--
Chris
More information about the dovecot
mailing list