dovecot-lda can't create /var/mail dotlocks on debian

John Clements johnbclements at gmail.com
Tue Nov 3 19:49:21 UTC 2015 

I've been using dovecot+postfix happily for many years, and I'm now
configuring it for a new machine. However, I'm running into an old problem
again, and thinking that there must be a better solution.

The problem is that dovecot-lda is unable to create dotlock files in the
/var/mail directory.

Dovecot version: 1:2.2.13-12~deb8u1 (I'm guessing this is upstream version
2.2.13)
OS: Debian Jessie

Currently, my mail directory has these permissions:

clements at desmond:~$ ls -ld /var/mail
drwxrwsr-x 2 root mail 4096 Nov  2 22:07 /var/mail
clements at desmond:~$ ls -l /var/mail
total 8
-rw------- 1 clements   mail 1382 Nov  2 21:59 clements
-rw------- 1 granitemon mail  530 Nov  2 22:07 granitemon

I've added
mail_privileged_group = mail
to allow creation of the dotlock files.

When I configure postfix to deliver using dovecot-lda, I get logs that look
like this:

Nov  3 11:12:20 desmond dovecot: lda(granitemon): Error:
setegid(privileged) failed: Operation not permitted
Nov  3 11:12:20 desmond dovecot: lda(granitemon): msgid=<
20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX:
BUG: Unknown internal error

In order to isolate the error, I took postfix out of the equation, and
called dovecot-lda directly:

clements at desmond:/tmp$ cat bogusmail
From: clements at XXXDOMAIN.org
To: granitemon at localhost
Date: November 3 2015
Subject: graaaah

this is the body
clements at desmond:/tmp$ /usr/lib/dovecot/dovecot-lda -e -d clements <
bogusmail
BUG: Unknown internal error
clements at desmond:/tmp$

In response to this, mail.log now contains this similar error:

Nov  3 11:34:57 desmond dovecot: lda(clements): msgid=unspecified: save
failed to INBOX: BUG: Unknown internal error
Nov  3 11:34:57 desmond dovecot: lda(clements): Error: setegid(privileged)
failed: Operation not permitted


I've tried a number of "random internet search" solutions, including
- changing perms on mail files from 660 to 600
- enabling 'mail_access_groups=mail' in 10-mail.conf
- adding individual users to the mail group.

I guess I'm pretty confident that if dovecot is writing "BUG: Unknown
internal error" in the logs, that this is is actually a bug in dovecot.

OBresearch: I read through the release notes of 2.2.14 -- 2.2.19 to see if
a relevant-looking bug had been fixed, but nothing jumped out at me.
OBresearch: searching the dovecot mailing list, I found one *extremely*
relevant thread called "Re: [Dovecot] started with dovecot sieve
<http://dovecot.markmail.org/message/kgd34wberxuvmrsa?q=setegid>", but
there didn't seem to be a solution contained in the thread.

Final note: this doesn't appear to be confined to debian jessie: I took a
look at my existing installation, and I see that in fact I just went ahead
and made /var/mail world-writeable, which seems... sub-optimal. I'm sure I
could do that here, too, but I'd certainly rather not.

Thanks in advance, and let me know if I've left out relevant crucial
information.

Best,

John Clements

More information about the dovecot mailing list