Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions

Martin Kuchta martinkuchta at roughgrain.com
Sat Jul 23 07:54:18 UTC 2022 

Hello, 

Please accept my apologies for not giving all the details in the
original bug report. After further testing, I need to add that it is not
the permissions of .mailder that cause doveadm to fail. It fails because
the .maildir is a FUSE mount with access to all other users, including
potentially untrusted root, restricted. This configuration worked fine
until 2.3.18-r1. Has the context under which doveadm runs changed? Is
there a way to make it run as the user? 

---
roughgrain.com - Mastering Mentoring
+447780565902 

On 17/07/2022 11:20, Martin Kuchta wrote:

> Hello,
> 
> Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes. 
> 
> # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.19 (4eae2f79)
> # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 
> # Hostname: www.example.com
> auth_mechanisms = plain login
> auth_username_format = %Ln
> doveadm_password = # hidden, use -P to show it
> hostname = www.example.xom
> listen = *
> login_greeting = Dovecot ready.
> mail_location = maildir:~/.maildir
> mail_plugins = notify replication
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe
> namespace inbox {
> inbox = yes
> location = 
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = 
> }
> passdb {
> args = *
> driver = pam
> }
> plugin {
> mail_replica = tcps:www.example.com:8000
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_extensions = +notify +imapflags +vnd.dovecot.pipe
> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
> sieve_plugins = sieve_extprograms
> }
> postmaster_address = postmaster at example.com
> protocols = imap lmtp sieve
> service aggregator {
> fifo_listener replication-notify-fifo {
> mode = 0666
> }
> unix_listener replication-notify {
> mode = 0666
> }
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> }
> service doveadm {
> inet_listener {
> port = 8000
> ssl = yes
> }
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service replicator {
> process_min_avail = 1
> unix_listener replicator-doveadm {
> mode = 0600
> }
> }
> ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
> ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> protocol lmtp {
> mail_plugins = notify replication sieve
> postmaster_address = postmaster at example.com
> }
> protocol lda {
> mail_plugins = notify replication sieve
> }
> local_name mail.example.com {
> ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
> ssl_key = # hidden, use -P to show it
> }
> local_name example.com {
> ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
> ssl_key = # hidden, use -P to show it
> }
> 
> -- 
> roughgrain.com - Mastering Mentoring
> +447780565902
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220723/2c6d52a3/attachment.htm>

More information about the dovecot mailing list