Fatal: setgid from userdb lookup fails with wrong gid

Julien Beauviala julien+list at aaton.net
Tue Oct 13 21:23:29 EEST 2020 

Hello all,

I'm quite new as well to Dovecot, just installed it on a FreeBSD system 
with Postfix and Rspamd as side apps. Things are running semi-smoothly 
for all users but I do have quite a few errors in the logs :

Oct 13 19:43:56 apollo dovecot[24478]: 
imap(user1)<34412><zIeI9ZCxXDmsFhZG>: Fatal: setgid(1030(user1) from 
userdb lookup) failed with euid=1022(user4), gid=1022(user4), 
egid=1022(user4): Operation not permitted (This binary should probably 
be called with process group set to 1030(user1) instead of 1022(user4))
Oct 13 19:43:59 apollo dovecot[24478]: 
imap(user1)<37376><pPS79ZCx+kasFhZG>: Fatal: setgid(1030(user1) from 
userdb lookup) failed with euid=1124(user3), gid=1124(user3), 
egid=1124(user3): Operation not permitted (This binary should probably 
be called with process group set to 1030(user1) instead of 1124(user3))
Oct 13 19:46:45 apollo dovecot[24478]: 
imap(user2)<38858><3hOk/5CxVO1dBDTq>: Fatal: setgid(1136(user2) from 
userdb lookup) failed with euid=1038(user5), gid=1038(user5), 
egid=1038(user5): Operation not permitted (This binary should probably 
be called with process group set to 1136(user2) instead of 1038(user5))
Oct 13 19:48:55 apollo dovecot[24478]: 
imap(user3)<40607><jQtWB5GxHuwKAkQ2>: Fatal: setgid(1124(user3) from 
userdb lookup) failed with euid=1022(user4), gid=1022(user4), 
egid=1022(user4): Operation not permitted (This binary should probably 
be called with process group set to 1124(user3) instead of 1022(user4))

There seems to be confusion. The logs are trying to be helpful but I 
can't quite process it. Could someone point me in the right direction ?

system is used by about 60 users.

Thanks,

j.

--

doveconf -n
# 2.3.11.3 (502c39af9): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.11 (d71e0372)
# OS: FreeBSD 12.1-RELEASE-p10 amd64
# Hostname: apollo.domain1.tld
auth_mechanisms = plain login cram-md5
auth_username_format = %Ln
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   type = private
}
passdb {
   args = scheme=cram-md5 /usr/local/etc/dovecot/cram-md5.pwd
   driver = passwd-file
}
plugin {
   imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
   imapsieve_mailbox1_causes = COPY
   imapsieve_mailbox1_name = Spam
   imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
   imapsieve_mailbox2_causes = COPY
   imapsieve_mailbox2_from = Spam
   imapsieve_mailbox2_name = *
   quota = maildir:User quota
   quota_exceeded_message = Benutzer %u hat das Speichervolumen 
überschritten. / User %u has exhausted allowed storage space.
   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_before = /var/vmail/sieve/global/spam-global.sieve
   sieve_global_extensions = +vnd.dovecot.pipe
   sieve_pipe_bin_dir = /usr/local/bin
   sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmaster at apollo.domain1.tld
protocols = imap lmtp sieve
service auth {
   client_limit = 3000
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0666
     user = postfix
   }
}
service imap-login {
   service_count = 0
}
service imap {
   process_min_avail = 4
   service_count = 512
   vsz_limit = 1 G
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
   vsz_limit = 1 G
}
ssl_cert = </usr/local/etc/letsencrypt/live/apollo.domain1.tld/fullchain.pem
ssl_cipher_list = 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
syslog_facility = local5
userdb {
   driver = passwd
}
protocol lda {
   mail_plugins = sieve
}
protocol lmtp {
   mail_plugins = quota sieve
   postmaster_address = postmaster at domain1.tld
}
protocol imap {
   mail_max_userip_connections = 100
   mail_plugins = " quota imap_quota imap_sieve"
}
local_name imap.domain2.tld {
   ssl_cert = 
</usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem
   ssl_key = # hidden, use -P to show it
}
local_name mail.domain2.tld {
   ssl_cert = 
</usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem
   ssl_key = # hidden, use -P to show it
}

More information about the dovecot mailing list