Fatal: setgid, imap connections dropped.
J. de Meijer
dovecot at filter.demeijer.com
Fri Sep 28 15:45:31 EEST 2018
Hi,
I'm getting errors with my IMAP setup.
Basically, everything seems to work.
Mail is delivered nicely from Postfix to Dovecot via LMTP. Dovecot does
the authentication to LDAP (also for Postfix). Users are able to send mail
via authenticated submission (Postfix) and login into IMAP and POP.
However, IMAP connections are dropped frequently with an "ERROR:
Connection dropped by IMAP server.". After pressing reload on the webmail,
or refreshing in the client might help for a short period. So it fails
intermittently.
The errors in the maillog are below. It seems to be mixing up users kind
of randomly. I think when multiple connections are made at the same time.
Did a lot of searching, put couldn't find an answer to this problem. All I
can find is related to LDA, which I'm not using.
Any help would be appreciated.
Errors from the log:
Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009><recJguF2NMpUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:03:26 mailserver dovecot: imap(userD)<12807><8T0iguF2NspUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:06:59 mailserver dovecot: imap(userD)<15661><UcfOjuF2OcpUUoaT>:
Fatal: setgid(1012(userD) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1012(userD) instead of 1011(userA))
Sep 28 00:07:54 mailserver dovecot: imap(userA)<45614><NVkakuF2xO5UUoaT>:
Fatal: setgid(1011(userA) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1011(userA) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<45055><AWjtkuF2J/ptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<46412><87ntkuF2JvptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))
Sep 28 00:08:08 mailserver dovecot: imap(userF)<44858><0nXzkuF2KfptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1012(userD), gid=1012(userD), egid=1012(userD): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1012(userD))
Sep 28 00:08:14 mailserver dovecot: imap(userF)<36517><v/NHk+F2K/ptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1017(userC), gid=1017(userC), egid=1017(userC): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1017(userC))
Sep 28 00:08:36 mailserver dovecot: imap(userF)<10531><wpKdlOF2MfptSCYM>:
Fatal: setgid(1033(userF) from userdb lookup) failed with
euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not
permitted (This binary should probably be called with process group set to
1033(userF) instead of 1011(userA))
# dovecot --version
2.3.2.1 (0719df592)
# 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: FreeBSD 11.2-RELEASE amd64
# Hostname: callisto
auth_cache_size = 10 M
auth_debug = yes
imap_idle_notify_interval = 29 mins
mail_debug = yes
mail_fsync = never
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_solr"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://127.0.0.1:8983/solr/dovecot/
recipient_delimiter = +
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_after = /usr/local/etc/dovecot/sieve-after.d
sieve_before = /usr/local/etc/dovecot/sieve-before.d
sieve_quota_max_storage = 50M
}
protocols = imap pop3 lmtp sieve
service auth {
client_limit = 1600
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
address = 127.0.0.1, ::1
}
process_min_avail = 3
service_count = 1
}
service imap {
process_min_avail = 3
service_count = 256
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
address = 127.0.0.1, ::1
}
service_count = 1
}
ssl = required
ssl_cert = </usr/local/etc/ssl/mail.demeijer.com.dovecot.crt
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
args = /usr/local/etc/dovecot/dovecot-ldap-user.conf.ext
driver = ldap
}
protocol lda {
mail_fsync = optimized
mail_plugins = " fts fts_solr sieve"
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = " fts fts_solr imap_sieve"
}
protocol lmtp {
lmtp_save_to_detail_mailbox = yes
mail_fsync = optimized
mail_plugins = " fts fts_solr quota sieve"
postmaster_address = webmaster at example.com
}
In /usr/local/etc/dovecot/dovecot-ldap.conf.ext:
hosts = localhost
dn = cn=reader,ou=Roles,dc=example,dc=com
dnpass = secretpassword
auth_bind = yes
base = ou=People,dc=example,dc=com
deref = never
scope = subtree
user_attrs = uid=uid,homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%n))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = SSHA
dovecot-ldap-user.conf.ext is the same as dovecot-ldap.conf.ext
# freebsd-version
11.2-RELEASE-p3
Everything is installed from ports.
More information about the dovecot
mailing list