Fatal: setgid, imap connections dropped.

J. de Meijer dovecot at filter.demeijer.com
Fri Sep 28 15:45:31 EEST 2018 

Hi,

I'm getting errors with my IMAP setup.
Basically, everything seems to work.
Mail is delivered nicely from Postfix to Dovecot via LMTP. Dovecot does
the authentication to LDAP (also for Postfix). Users are able to send mail
via authenticated submission (Postfix) and login into IMAP and POP.

However, IMAP connections are dropped frequently with an "ERROR:
Connection dropped by IMAP server.". After pressing reload on the webmail,
or refreshing in the client might help for a short period. So it fails
intermittently.

The errors in the maillog are below. It seems to be mixing up users kind
of randomly. I think when multiple connections are made at the same time.
Did a lot of searching, put couldn't find an answer to this problem. All I
can find is related to LDA, which I'm not using.

Any help would be appreciated.

Errors from the log:
Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009><recJguF2NMpUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:26 mailserver dovecot: imap(userD)<12807><8T0iguF2NspUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:06:59 mailserver dovecot: imap(userD)<15661><UcfOjuF2OcpUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:07:54 mailserver dovecot: imap(userA)<45614><NVkakuF2xO5UUoaT>:
Fatal: setgid(1011(userA) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1011(userA) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<45055><AWjtkuF2J/ptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<46412><87ntkuF2JvptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<44858><0nXzkuF2KfptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:14 mailserver dovecot: imap(userF)<36517><v/NHk+F2K/ptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1017(userC), gid=1017(userC), egid=1017(userC): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1017(userC))
Sep 28 00:08:36 mailserver dovecot: imap(userF)<10531><wpKdlOF2MfptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))

# dovecot --version
2.3.2.1 (0719df592)

# 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: FreeBSD 11.2-RELEASE amd64
# Hostname: callisto
auth_cache_size = 10 M
auth_debug = yes
imap_idle_notify_interval = 29 mins
mail_debug = yes
mail_fsync = never
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_solr"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
    auto = subscribe
    special_use = \Archive
  }
  mailbox Drafts {
    auto = create
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
  recipient_delimiter = +
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /usr/local/etc/dovecot/sieve-after.d
  sieve_before = /usr/local/etc/dovecot/sieve-before.d
  sieve_quota_max_storage = 50M
}
protocols = imap pop3 lmtp sieve
service auth {
  client_limit = 1600
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1, ::1
  }
  process_min_avail = 3
  service_count = 1
}
service imap {
  process_min_avail = 3
  service_count = 256
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    address = 127.0.0.1, ::1
  }
  service_count = 1
}
ssl = required
ssl_cert = </usr/local/etc/ssl/mail.demeijer.com.dovecot.crt
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
  args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
  driver = ldap
}
protocol lda {
  mail_fsync = optimized
  mail_plugins = " fts fts_solr sieve"
}
protocol imap {
  mail_max_userip_connections = 50
  mail_plugins = " fts fts_solr imap_sieve"
}
protocol lmtp {
  lmtp_save_to_detail_mailbox = yes
  mail_fsync = optimized
  mail_plugins = " fts fts_solr quota sieve"
  postmaster_address = webmaster at example.com
}

In /usr/local/etc/dovecot/dovecot-ldap.conf.ext:
hosts = localhost
dn = cn=reader,ou=Roles,dc=example,dc=com
dnpass = secretpassword
auth_bind = yes
base = ou=People,dc=example,dc=com
deref = never
scope = subtree
user_attrs = uid=uid,homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%n))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = SSHA

dovecot-ldap-user.conf.ext is the same as dovecot-ldap.conf.ext

# freebsd-version
11.2-RELEASE-p3

Everything is installed from ports.

More information about the dovecot mailing list