mail_crypt module and error with tmp directory

Aki Tuomi aki.tuomi at open-xchange.com
Mon May 3 13:21:29 EEST 2021 

> On 03/05/2021 13:14 Fiorenza Meini <fmeini at esseweb.eu> wrote:
> 
>  
> Il 03/05/21 11:37, Aki Tuomi ha scritto:
> > 
> >> On 03/05/2021 11:53 Fiorenza Meini <fmeini at esseweb.eu> wrote:
> >>
> >>   
> >> Il 03/05/21 10:42, Aki Tuomi ha scritto:
> >>>
> >>>> On 03/05/2021 11:16 Fiorenza Meini <fmeini at esseweb.eu> wrote:
> >>>>
> >>>>    
> >>>> Il 03/05/21 09:47, Aki Tuomi ha scritto:
> >>>>>
> >>>>>> On 03/05/2021 10:42 Fiorenza Meini <fmeini at esseweb.eu> wrote:
> >>>>>>
> >>>>>>     
> >>>>>> Hi,
> >>>>>> I successfully enable mail_crypt module but I'm experiencing a strange
> >>>>>> behaviour with tmp directory while accessing with POP3 protocol:
> >>>>>>
> >>>>>> I see in log file:
> >>>>>> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.) failed:
> >>>>>> Permission denied
> >>>>>>
> >>>>>> I changed tmp directory configuration (mail_temp_dir variable) and
> >>>>>> setting it with 777 permission, but the error is the same.
> >>>>>>
> >>>>>> On client side it's working everything, but I'd like to understand the
> >>>>>> error and if I have to be worried about it.
> >>>>>>
> >>>>>> Thank you and regards
> >>>>>> Fiorenza
> >>>>>>
> >>>>>> -- 
> >>>>>> Fiorenza Meini/Spazio Web
> >>>>>>
> >>>>>
> >>>>> Are you by chance using selinux or apparmor there which could prevent this? Also Dovecot's stock systemd unit prevenst you from writing into random locations, /tmp should be fine though.
> >>>>>
> >>>>> Aki
> >>>>>
> >>>>
> >>>> Hi,
> >>>> I have apparmor installed on the machine, but even if stopped it the
> >>>> problem didn't solved.
> >>>>
> >>>> I think dovecot's systemd unit file configuration is this
> >>>> one:/usr/lib/tmpfiles.d/dovecot.conf
> >>>>
> >>>> It's content is this:
> >>>> # Type Path                    Mode UID  GID     Age Argument
> >>>> d      /var/run/dovecot/       0755 root root    -   -
> >>>> d      /var/run/dovecot/login/ 0750 root dovecot -   -
> >>>>
> >>>> Should I insert here a line for /tmp directory ?
> >>>>
> >>>> Thank you and regards
> >>>>
> >>>> Fiorenza
> >>>
> >>> I don't think you need to do that.
> >>>
> >>> Also note that since you're using systemd, dovecot has PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
> >>>
> >>> Aki
> >>>
> >>
> >> Hi,
> >> thank you.
> >> I can't see that directory under /tmp.... Is there a way to create it?
> >>
> >> Regards
> >> Fiorenza
> > 
> > Depends a lot on your setup. I see I got the mask wrong, it's really
> > 
> >   /tmp/*systemd*dovecot*/tmp
> > 
> > Aki
> > 
> 
> Hi, I tried to create manually /tmp/*systemd*dovecot*/tmp and I set 777 
> on these directory.  Restarted dovecot, nothing changed and the error is 
> the same.
> 
> Trying to understand which is exactly the tmp directory used by dovecot, 
> I configured the variable mail_temp_dir, and I saw that dovecot used the 
> directory configured, which was different from /tmp.
> 
> Under what conditions does dovecot use the temporary directory?
> 
> Thank you and regards
> 
> Fiorenza

You cannot create the directory by hand, it's managed by systemd. If you do not have that directory you are either not using systemd, or you have disabled PrivateTmp=yes.

Dovecot uses mail_temp_dir when it needs to "buffer" data to disk when reading/writing mails.

Aki

More information about the dovecot mailing list