dovecot-lda can't create /var/mail dotlocks on debian

Larry Rosenman larryrtx at gmail.com
Tue Nov 3 20:44:06 UTC 2015 

Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective
uid=1003, gid=1003, home=/home/granitemon


Nov  3 12:23:05 desmond dovecot: lda(granitemon): Error:
setegid(privileged) failed: Operation not permitted


so it's running as the normal user, and NOT with the mail group.

I'm using exim with LMTP.  LMTP is NOT a bad thing, and might make your
life easier.  It does allow you to add sieve scripting if you want to via
pigeonhole.

Sorry, I'm at a loss, as I do NOT run postfix.  I'm not sure what it needs
to invoke dovecot-lda with gid mail in the group list.



On Tue, Nov 3, 2015 at 2:40 PM, John Clements <johnbclements at gmail.com>
wrote:

> Well, first, here are the logs I generated:
>
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective
> uid=1003, gid=1003, home=/home/granitemon
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: Namespace inbox:
> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=mbox:~/mail:INBOX=/var/mail/granitemon
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: fs:
> root=/home/granitemon/mail, index=, indexpvt=, control=,
> inbox=/var/mail/granitemon, alt=
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: userdb lookup
> skipped, username taken from USER environment
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: none: root=,
> index=, indexpvt=, control=, inbox=, alt=
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Debug: Destination
> address: granitemon at desmond.brinckerhoff.org (source: user at hostname)
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Error:
> setegid(privileged) failed: Operation not permitted
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): msgid=<
> 20151103202305.88BE05FF39 at desmond.brinckerhoff.org>: save failed to
> INBOX: BUG: Unknown internal error
> Nov  3 12:23:05 desmond dovecot: lda(granitemon): Error:
> setegid(privileged) failed: Operation not permitted
> Nov  3 12:23:05 desmond postfix/local[26490]: 88BE05FF39:
> to=<granitemon at localhost>, relay=local, delay=0.04,
> delays=0.01/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure)
>
> At this point... well, I don't understand why dovecot signals an "Unknown
> internal error," but I think I understand that even if I *do* get this
> working, I'm pretty much throwing in the towel, because since postfix
> invokes the lda as the user receiving the mail, then this only works if all
> users receiving mail are in the mail group, which means any of them can
> mess up any other's mbox.
>
> So, it looks like even if this bug is fixed, I'm left with two obvious
> choices:
> - make /var/mail writeable by all users that receive mail, or
> - use LMTP instead.
>
> Many thanks for your help,
>
> John Clements
>
>
> On Tue, Nov 3, 2015 at 12:13 PM, Larry Rosenman <larryrtx at gmail.com>
> wrote:
>
>> and, are you SURE that dovecot-lda has mail in it's group list when it is
>> executing?
>>
>> On Tue, Nov 3, 2015 at 2:12 PM, Larry Rosenman <larryrtx at gmail.com>
>> wrote:
>>
>>> Hrm.  if you turn up the debug on lda, do you get any more of a clue?
>>>
>>> Those permissions look fine to me.
>>>
>>>
>>> On Tue, Nov 3, 2015 at 2:10 PM, John Clements <johnbclements at gmail.com>
>>> wrote:
>>>
>>>> clements at desmond:/var/log$ ls -lda /var/mail
>>>> drwxrwsr-x 2 root mail 4096 Nov  2 22:07 /var/mail
>>>>
>>>>
>>>> Best,
>>>>
>>>> John Clements
>>>>
>>>> On Tue, Nov 3, 2015 at 11:52 AM, Larry Rosenman <larryrtx at gmail.com>
>>>> wrote:
>>>>
>>>>> what is the full permissions of /var/mail?
>>>>>
>>>>>
>>>>> ls -lda /var/mail
>>>>>
>>>>> On Tue, Nov 3, 2015 at 1:49 PM, John Clements <johnbclements at gmail.com
>>>>> > wrote:
>>>>>
>>>>>> I've been using dovecot+postfix happily for many years, and I'm now
>>>>>> configuring it for a new machine. However, I'm running into an old
>>>>>> problem
>>>>>> again, and thinking that there must be a better solution.
>>>>>>
>>>>>> The problem is that dovecot-lda is unable to create dotlock files in
>>>>>> the
>>>>>> /var/mail directory.
>>>>>>
>>>>>> Dovecot version: 1:2.2.13-12~deb8u1 (I'm guessing this is upstream
>>>>>> version
>>>>>> 2.2.13)
>>>>>> OS: Debian Jessie
>>>>>>
>>>>>> Currently, my mail directory has these permissions:
>>>>>>
>>>>>> clements at desmond:~$ ls -ld /var/mail
>>>>>> drwxrwsr-x 2 root mail 4096 Nov  2 22:07 /var/mail
>>>>>> clements at desmond:~$ ls -l /var/mail
>>>>>> total 8
>>>>>> -rw------- 1 clements   mail 1382 Nov  2 21:59 clements
>>>>>> -rw------- 1 granitemon mail  530 Nov  2 22:07 granitemon
>>>>>>
>>>>>> I've added
>>>>>> mail_privileged_group = mail
>>>>>> to allow creation of the dotlock files.
>>>>>>
>>>>>> When I configure postfix to deliver using dovecot-lda, I get logs
>>>>>> that look
>>>>>> like this:
>>>>>>
>>>>>> Nov  3 11:12:20 desmond dovecot: lda(granitemon): Error:
>>>>>> setegid(privileged) failed: Operation not permitted
>>>>>> Nov  3 11:12:20 desmond dovecot: lda(granitemon): msgid=<
>>>>>> 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to
>>>>>> INBOX:
>>>>>> BUG: Unknown internal error
>>>>>>
>>>>>> In order to isolate the error, I took postfix out of the equation, and
>>>>>> called dovecot-lda directly:
>>>>>>
>>>>>> clements at desmond:/tmp$ cat bogusmail
>>>>>> From: clements at XXXDOMAIN.org
>>>>>> To: granitemon at localhost
>>>>>> Date: November 3 2015
>>>>>> Subject: graaaah
>>>>>>
>>>>>> this is the body
>>>>>> clements at desmond:/tmp$ /usr/lib/dovecot/dovecot-lda -e -d clements <
>>>>>> bogusmail
>>>>>> BUG: Unknown internal error
>>>>>> clements at desmond:/tmp$
>>>>>>
>>>>>> In response to this, mail.log now contains this similar error:
>>>>>>
>>>>>> Nov  3 11:34:57 desmond dovecot: lda(clements): msgid=unspecified:
>>>>>> save
>>>>>> failed to INBOX: BUG: Unknown internal error
>>>>>> Nov  3 11:34:57 desmond dovecot: lda(clements): Error:
>>>>>> setegid(privileged)
>>>>>> failed: Operation not permitted
>>>>>>
>>>>>>
>>>>>> I've tried a number of "random internet search" solutions, including
>>>>>> - changing perms on mail files from 660 to 600
>>>>>> - enabling 'mail_access_groups=mail' in 10-mail.conf
>>>>>> - adding individual users to the mail group.
>>>>>>
>>>>>> I guess I'm pretty confident that if dovecot is writing "BUG: Unknown
>>>>>> internal error" in the logs, that this is is actually a bug in
>>>>>> dovecot.
>>>>>>
>>>>>> OBresearch: I read through the release notes of 2.2.14 -- 2.2.19 to
>>>>>> see if
>>>>>> a relevant-looking bug had been fixed, but nothing jumped out at me.
>>>>>> OBresearch: searching the dovecot mailing list, I found one
>>>>>> *extremely*
>>>>>> relevant thread called "Re: [Dovecot] started with dovecot sieve
>>>>>> <http://dovecot.markmail.org/message/kgd34wberxuvmrsa?q=setegid>",
>>>>>> but
>>>>>> there didn't seem to be a solution contained in the thread.
>>>>>>
>>>>>> Final note: this doesn't appear to be confined to debian jessie: I
>>>>>> took a
>>>>>> look at my existing installation, and I see that in fact I just went
>>>>>> ahead
>>>>>> and made /var/mail world-writeable, which seems... sub-optimal. I'm
>>>>>> sure I
>>>>>> could do that here, too, but I'd certainly rather not.
>>>>>>
>>>>>> Thanks in advance, and let me know if I've left out relevant crucial
>>>>>> information.
>>>>>>
>>>>>> Best,
>>>>>>
>>>>>> John Clements
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Larry Rosenman                     http://www.lerctr.org/~ler
>>>>> Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
>>>>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Larry Rosenman                     http://www.lerctr.org/~ler
>>> Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
>>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
>>>
>>
>>
>>
>> --
>> Larry Rosenman                     http://www.lerctr.org/~ler
>> Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
>>
>
>


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961

More information about the dovecot mailing list