permission denied errors with INDEX=MEMORY and trees plugin
John McKay
john at octet.space
Sun Feb 24 20:25:36 EET 2019
I am using the trees[1] plugin to encrypt the mail on my disk. Because I
don't want it to store any metadata in plaintext, I've also set
INDEX=MEMORY in my mail_location configuration.
However, whenever I get new mail I get errors like the following showing up in the journal:
lmtp(john at octet.space)<21780><QDkrBqTXclwUVQAAQHGRUQ>: Error: Mailbox INBOX: Saving mail: read(/var/vmail/octet.space/john/Maildir/tmp/1551030180.M508113P21780.toaster.octet.space) failed: Permission denied (read reason=header Subject (Cache file is unusable))
It's like it's trying to read the message after it's been delivered, but
is not able to because it's been encrypted. I seem to be able to get
email just fine despite the error message. This happens both if I
deliver mail using dovecot-lda or lmtp.
Is there any way to fix this or at the very least suppress the error
message? I have included my dovecot configuration below.
[1] https://0xacab.org/riseuplabs/trees
[root at toaster ~]# dovecot --version
2.3.4.1 (f79e8e7e4)
[root at toaster ~]# dovecot -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 (60b0f48d)
# OS: Linux 4.20.8-arch1-1-ARCH x86_64 ext4
# Hostname: toaster.octet.space
base_dir = /run/dovecot/
hostname = toaster.octet.space
mail_gid = vmail
mail_home = /var/vmail/%d/%n
mail_location = maildir:/var/vmail/%d/%n/Maildir:UTF-8:INDEX=MEMORY
mail_plugins = " quota trash zlib trees notify replication"
mail_privileged_group = vmail
mail_uid = vmail
mailbox_list_index_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext spamtest spamtestplus imapflags notify imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location = maildir:/var/vmail/%d/%n/Maildir:UTF-8:INDEX=MEMORY
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = create
autoexpunge = 30 days
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/var/lib/dovecot/imapsieve/before/report-spam.sieve
imapsieve_mailbox1_causes = COPY FLAG
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/lib/dovecot/imapsieve/before/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
quota = maildir:User quota
quota_max_mail_size = 100M
quota_rule = *:storage=15G
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=100%% quota-warning below %u
recipient_delimiter = +
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/before/
sieve_extensions = +spamtest +spamtestplus +notify +imapflags
sieve_filter_socket_dir = sieve-pipe
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.filter
sieve_pipe_socket_dir = sieve-pipe
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_quota_max_storage = 4M
sieve_spamtest_max_header = X-Spam-Score: -?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]])
sieve_spamtest_status_header = X-Spam-Score: (-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]
sieve_spamtest_status_type = score
trash = /etc/dovecot/dovecot-trash.conf.ext
zlib_save = xz
zlib_save_level = 6
}
protocols = imap lmtp
service auth-worker {
group = smtpd
user = $default_internal_user
}
service auth {
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service dovecot-lda {
executable = script /usr/lib/dovecot/dovecot-lda.sh
unix_listener sieve-pipe/dovecot-lda {
mode = 0600
user = vmail
}
user = vmail
}
service filter_rspamc {
executable = script /usr/lib/dovecot/filter_rspamc.sh
group = vmail
unix_listener sieve-pipe/filter_rspamc {
mode = 0600
user = vmail
}
user = vmail
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service learn_ham {
executable = script /usr/lib/dovecot/learn_ham.sh
group = vmail
unix_listener sieve-pipe/learn_ham {
mode = 0600
user = vmail
}
user = vmail
}
service learn_spam {
executable = script /usr/lib/dovecot/learn_spam.sh
group = vmail
unix_listener sieve-pipe/learn_spam {
mode = 0600
user = vmail
}
user = vmail
}
service lmtp {
unix_listener lmtp {
group = vmail
mode = 0660
user = vmail
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service quota-warning {
executable = script /usr/lib/dovecot/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
ssl = required
ssl_cert = </etc/acme/fullchain.cer
ssl_cipher_list = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
mail_plugins = " quota trash zlib trees notify replication sieve zlib"
}
protocol imap {
mail_plugins = " quota trash zlib trees notify replication imap_quota imap_sieve imap_zlib zlib"
}
protocol lmtp {
mail_plugins = " quota trash zlib trees notify replication sieve zlib"
}
More information about the dovecot
mailing list