LDA ignores virtual mailbox settings

Tamsy dovecot-list at mohtex.net
Mon Dec 28 04:52:17 EET 2020 

------------------------------------------------------------------------
*From:* Toni Mueller [mailto:support at oeko.net]
*Sent:* Monday, December 28, 2020, 3:18 AM
*To:* Aki Tuomi
*Cc:* dovecot at dovecot.org
*Subject:* LDA ignores virtual mailbox settings

> Hi Aki,
>
> thanks for your quick response!
>
> On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote:
>>> On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote:
>>>>> 16:04:16 dovecot: auth: Debug: master in:USER#0111#011user at example.com#011service=lda
>>>>> 16:04:16 dovecot: auth: Debug: prefetch(user at example.com): passdb didn't return userdb entries, trying the next userdb
>>>>> 16:04:16 dovecot: auth: Debug: sql(user at example.com): SELECT '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as quota_rule FROM virtual_users WHERE email = 'user at example.com' AND status = 'A'
>>>>> 16:04:16 dovecot: auth: Debug: userdb out:USER#0111#011user at example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0
>>>>>
>>>>> ^^^^^^^^^^^^^^^^^^^^^^
>>>>>
>>>>> This shows that the database lookup works. The intended effect should be
>>>>> that the message is delivered to
>>>>>
>>>>> /path-to-mailboxen/example.com/user/Maidir/new
>>>>>
>>>>> 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: setegid(privileged) failed: Operation not permitted
>>>>> 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
>>>>>
>>>>> ^^^^^^^^^^^^^^^^^^^^^^
>>>>>
>>>>> And this shows that dovecot-lda just ignores the result.
>>>>>
>>>>>
>>>>> 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
>>>>> 16:04:16 dovecot: lda(user at example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: msgid=<20201226224933.014608 at laptop.example.com>: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/user at example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
>>>>> 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=<user at example.com>, orig_to=<userA at example2.com>, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
>>>>>
>>>>>
>>>>> In /etc/postfix/master.cf, I have this to call it:
>>>>>
>>>>> dovecot   unix  -       n       n       -       -       pipe
>>>>>    flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient}
>>>>>
>>>> Try adding
>>>>
>>>> mail_privileged_group = mail
>>> I am not sure why you recommend this. I never ever want to deliver to
>>> /var/mail, and my mailbox directory has group 'mailbox' - hence I have
>>>
>>> mail_privileged_group = mailbox
>>>
>>> in my configuration.
>>>
>>> My question is why this thing wants to deliver to /var/mail, despite
>>> having a different location from the userdb, and how I can force it to
>>> use the location from the userdb.
>>>
>>>
>>> Thanks,
>>> Toni
>> Sorry, I misread your problem..
>>
>> can you try checking output of
>>
>> `doveadm user <username>`
> # doveadm useruser at example.com
> field	value
> uid	12345
> gid	12345
> home	/path-to-mailboxen/example.com/user
> mail	maildir:~/Maildir:INBOX=~/Maildir
> quota_rule	*:storage=0
>
>> and
>>
>> `doveadm auth lookup <username>`
> # doveadm -v auth lookupuser at example.com
> passdb:user at example.com
>    user      :user at example.com
>
>> Also, including `doveconf -n` would be useful.
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7
> # Hostname: testvm.example.com
> auth_debug = yes
> auth_debug_passwords = yes
> auth_failure_delay = 0
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time} %{storage_id} %{secured}
> disable_plaintext_auth = no
> login_access_sockets = tcpwrap
> mail_debug = yes
> mail_location = maildir:~/Maildir:INBOX=~/Maildir
> mail_privileged_group = mailbox
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
> namespace inbox {
>    inbox = yes
>    location = maildir:~/Maildir:INBOX=~/Maildir
>    mailbox Drafts {
>      special_use = \Drafts
>    }
>    mailbox Junk {
>      special_use = \Junk
>    }
>    mailbox Sent {
>      special_use = \Sent
>    }
>    mailbox "Sent Messages" {
>      special_use = \Sent
>    }
>    mailbox Trash {
>      special_use = \Trash
>    }
>    prefix =
> }
> passdb {
>    args = /etc/dovecot/dovecot-sql.conf.ext
>    driver = sql
> }
> plugin {
>    expire = Trash 30 Spam 30
>    quota = maildir
>    quota_rule = *:storage=50000
>    quota_rule2 = Trash:ignore
>    sieve =file:~/sieve;active=~/.dovecot.sieve
>    sieve_dir = ~/sieve
>    trash = /etc/dovecot/dovecot-trash.conf
> }
> protocols = pop3 imap
> service auth {
>    unix_listener /var/spool/postfix/private/auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service imap-login {
>    inet_listener imap {
>      port = 0
>    }
> }
> service tcpwrap {
>    unix_listener login/tcpwrap {
>      group = $default_login_user
>      mode = 0600
>      user = $default_login_user
>    }
> }
> ssl = no
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
>    driver = prefetch
> }
> userdb {
>    args = /etc/dovecot/dovecot-sql.conf.ext
>    driver = sql
> }
> protocol lda {
>    mail_plugins = autocreate quota mail_log trash virtual notify
> }
> protocol imap {
>    mail_max_userip_connections = 10
>    mail_plugins = autocreate quota imap_quota mail_log trash virtual notify
> }
>
>
>
> Thank you!
>
> -Toni


> Hi Toni,
>
> Try this:
>
>    mail_home = /path-to-mailboxen/%d/%n
>    mail_location = maildir:~/Maildir:LAYOUT=fs
>
> and
>
> namespace inbox {
>    separator                 = /
>    prefix                    =
>    inbox                     = yes
>    subscriptions             = yes
>    list                      = yes
>    type                 	    = private
>    hidden                    = no
> }


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201228/31e0ecbc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xDD9B7A9E789E5A4F.asc
Type: application/pgp-keys
Size: 647 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201228/31e0ecbc/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201228/31e0ecbc/attachment-0001.sig>

More information about the dovecot mailing list