First steps in Dovecot; IMAP not working

Joseph Tam jtam.home at gmail.com
Fri Oct 14 21:27:58 UTC 2016


(Sorry I read this list in digest form so frequently I'm half a step
behind.)

> For sake of ?security?, I chose to not allow plaintext communication
> (being new to this, I think being strict is a good choice).  I?ve tried
> with the openssl option and it successfully logged in.

Yes, you've included some more log entries, which makes the problem clearer,
as it usually does.

> Oct 13 05:56:28 imap(webuser): Error: open(/var/mail/webuser) failed:
> Permission denied (euid=1001(webuser) egid=1000(ftpusers) missing +w perm:
> /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> ...
> I checked, using ls -l /var, and I get this:
> drwxrwsr-x  2 root mail  4096 Apr 27 11:27 mail
> so the group looks to be correctly set to 'mail', despite what the log says,
> right?

No, it's quite explicit.  User "webuser" has uid/gid =
1001(webuser)/1000(ftpusers).  Your mail spool has permission  uid/gid
= root(0)/mail(8), neither of which allows webuser to write to this
mail spool to creates its own mail folder.

Aki Tuomi <aki.tuomi at dovecot.fi> replies with several solutions:

> In your configuration, dovecot uses whatever user/group returned by
> PAM.  Since the webuser has never logged in, it has no directory under
> /var/mail.  If you want, you can
>
> a) override mail_uid and mail_gid in userdb/passdb
> b) pre-create /var/mail/webuser and chown it to webuser:ftpusers
> c) you can let ftpusers write to /var/mail.

Or if you dynamically/frequently onboard mail accounts, and users cannot
arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and
let dovecot auto-create it (might also want to set "lda_mailbox_autocreate
= yes".

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list