Dovecot LMTP mixing up users on multi-recipient mail

Timo Sirainen timo at
Wed Jul 3 12:14:30 EEST 2019

On 27 Jun 2019, at 14.21, Bernhard Schmidt via dovecot <dovecot at> wrote:
> Hi,
> I've upgraded a mailstore from Debian Jessie (aka oldstable) with
> Dovecot 2.2.13 to Debian Buster (next stable) with Dovecot
> today. It worked pretty well, except that we're seeing error messages
> very similar to this old thread
> It appears to be happening when a mail with multiple recipients on this
> message store is getting delivered through lmtp.
> Jun 27 11:47:36 lxmhs74 dovecot: lmtp(user1)<47683><sGwaD7eQFF1DugAAgkzuhA:18>: Error: open(/var/cache/dovecot/index/n/user2n/.INBOX/dovecot.index.cache) failed: Permission denied (euid=3814520(<unknown>) egid=12(man) missing +x perm: /var/cache/dovecot/index/n/user2, dir owned by 3391995:12 mode=0700)
> user1 uid is 3814520, user2n uid is 3391995. Dovecot appears to be trying
> to deliver the message to user1 while using the index directory of user2n.

When delivering multiple mails with LMTP it first writes the mail to the first recipient. It then leaves this mail open and uses it to copy the mail to the next recipient. This allows the possibility of e.g. using hard links if the filesystem permissions are the same with both recipients, although that won't happen in your case. Anyway, apparently this copying attempts to update the first recipient's dovecot.index.cache for some reason. I'm not sure why exactly this is different in v2.2 and v2.3.

I wasn't able to reproduce this easily though, except with some special plugin it happened. This change helped with it:

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index e43f156d3..93848ef27 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -669,6 +669,9 @@ lmtp_local_deliver_to_rcpts(struct lmtp_local *local,
                           will be unreferenced later on */
                        local->rcpt_user = NULL;
                        src_mail = local->first_saved_mail;
+                       struct mail_private *pmail =
+                               (struct mail_private *)src_mail;
+                       pmail->v.set_uid_cache_updates(src_mail, TRUE);
                        first_uid = geteuid();
                        i_assert(first_uid != 0);

More information about the dovecot mailing list