<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Mike, I’m having the exact same issue on macOS X 10.13.6 (High Sierra). I’ve installed Dovecot using Homebrew.<div class=""><br class=""></div><div class="">The number after ‘Setgroups’ is the Group ID of the user you’ve specified. </div><div class=""><br class=""></div><div class="">Log entry for me:</div><div class=""><br class=""></div><div class=""><div class="">Aug 28 11:57:21 imap-login: Info: Login: user=<<a href="mailto:user1@bordo.com.au" class="">user1@bordo.com.au</a>>, method=PLAIN, rip=::1, lip=::1, mpid=57665, secured, session=<V7GIJ3V0//MAAAAAAAAAAAAAAAAAAAAB></div><div class="">Aug 28 11:57:21 imap(user1)<57665><V7GIJ3V0//MAAAAAAAAAAAAAAAAAAAAB>: Fatal: setgroups(mail,6) failed: Too many extra groups</div><div class="">Aug 28 12:00:45 master: Warning: Killed with signal 15 (by pid=71449 uid=0 code=unknown 0)</div></div><div class=""><br class=""></div><div class="">I managed to get it to work my changing default_login_user and default_internal_user to me my username.</div><div class=""><br class=""></div><div class="">Obviously not ideal!</div><div class=""><br class=""></div><div class="">However it was the only way I could get it not to give the setgroups error.</div><div class=""><br class=""></div><div class="">I spent ages trying with _dovecot and _dovenull to no avail.</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">id _dovecot</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><font face="Menlo" class=""><span style="font-size: 11px;" class="">uid=214(_dovecot) gid=6(mail) groups=6(mail), </span></font>… and a few more</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">id _dovenull</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">uid=227(_dovenull) gid=227(_dovenull) groups=227(_dovenull),12(everyone),61(localaccounts),703(com.apple.sharepoint.group.3),702(com.apple.sharepoint.group.2),701(com.apple.sharepoint.group.1),100(_lpoperator)</span></div></span></div><div><br class=""></div><div>Dovecot 2.3.2.1.</div><div><br class=""></div><div>Thanks,</div><div><br class=""></div><div>James.</div><div><br class=""><blockquote type="cite" class=""><div class="">On 11 Aug 2018, at 5:08 am, Mike Makuch <<a href="mailto:1mikemakuch@gmail.com" class="">1mikemakuch@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class="">I found and tried this work around on the man page:
<a class="moz-txt-link-freetext" href="https://www.unix.com/man-page/all/5/ngroups_max/">https://www.unix.com/man-page/all/5/ngroups_max/</a> but I still get
the same "Too many extra groups" error even when I start dovecot
with the above program to limit the # of groups. I suspect that
dovecot is adding a number of groups when it starts up.</p><p class="">I've hacked a work around to get it working for me on my laptop:</p><p class=""><font size="-1" class="">diff --git a/src/lib/restrict-access.c
b/src/lib/restrict-access.c<br class="">
<br class="">
@@ -224,7 +224,12 @@ static void fix_groups_list(const struct
restrict_access_settings *set,<br class="">
<br class="">
- if (setgroups(gid_count, gid_list) < 0) {<br class="">
<br class="">
+ if (setgroups(gid_count > NGROUPS_MAX ? 16 : gid_count,
gid_list) < 0) {<br class="">
if (errno == EINVAL) {<br class="">
i_fatal("setgroups(%s) failed: Too many extra
groups",<br class="">
set->extra_groups == NULL ? "" :<br class="">
</font><br class="">
</p><p class="">and this works.<br class="">
</p><p class="">I'm not sure what the right solution is for a PR. Any
suggestions?</p><p class="">Thanks</p><p class="">Mike</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 8/10/18 11:04, Aki Tuomi wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:20180810160429.3CF2122177E@talvi.dovecot.org" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class="">Is the user member of mail group?</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div id="composer_signature" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
---
<div class="">Aki Tuomi</div>
<div class="">Dovecot oy</div>
</div>
<div class=""><br class="">
</div>
<div style="font-size: 100%;" class=""><!-- originalMessage -->
<div class="">-------- Original message --------</div>
<div class="">From: Mike Makuch <a class="moz-txt-link-rfc2396E" href="mailto:1mikemakuch@gmail.com"><1mikemakuch@gmail.com></a> </div>
<div class="">Date: 10/08/2018 19:02 (GMT+02:00) </div>
<div class="">To: Aki Tuomi <a class="moz-txt-link-rfc2396E" href="mailto:aki.tuomi@dovecot.fi"><aki.tuomi@dovecot.fi></a> </div>
<div class="">Cc: <a class="moz-txt-link-abbreviated" href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> </div>
<div class="">Subject: Re: dying on osx </div>
<div class=""><br class="">
</div>
</div><p class="">Maybe an old problem that has resurfaced???</p><p class=""><a class="moz-txt-link-freetext" href="https://bugzilla.samba.org/show_bug.cgi?id=8773" moz-do-not-send="true">https://bugzilla.samba.org/show_bug.cgi?id=8773</a></p><p class="">Mike</p><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 8/10/18 10:54, Aki Tuomi wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:5b6db561.1c69fb81.9e0fe.0ca6SMTPIN_ADDED_MISSING@mx.google.com" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
<div class="">I have to see if this is reproducible outside mac. </div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div id="composer_signature" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
---
<div class="">Aki Tuomi</div>
<div class="">Dovecot oy</div>
</div>
<div class=""><br class="">
</div>
<div style="font-size: 100%;" class=""><!-- originalMessage -->
<div class="">-------- Original message --------</div>
<div class="">From: Mike Makuch <a class="moz-txt-link-rfc2396E" href="mailto:1mikemakuch@gmail.com" moz-do-not-send="true"><1mikemakuch@gmail.com></a>
</div>
<div class="">Date: 10/08/2018 18:46 (GMT+02:00) </div>
<div class="">To: Aki Tuomi <a class="moz-txt-link-rfc2396E" href="mailto:aki.tuomi@dovecot.fi" moz-do-not-send="true"><aki.tuomi@dovecot.fi></a>
</div>
<div class="">Subject: Re: dying on osx </div>
<div class=""><br class="">
</div>
</div>
I did find that page and tried a few things there. My config has
all of <br class="">
the settings there except 3:<br class="">
<br class="">
mail_access_groups = mail<br class="">
mbox_read_locks = fcntl<br class="">
mbox_write_locks = fcntl<br class="">
<br class="">
I add them to my config, restart and get the same abort<br class="">
<br class="">
20180810-103849 imap(mkm)<79213><MkA5ihZzmdh/AAAB>:
Fatal: <br class="">
setgroups(mail,505) failed: Too many extra groups<br class="">
<br class="">
I've tried numerous other settings as well.<br class="">
<br class="">
Thanks for any further advice<br class="">
<br class="">
Mike<br class="">
<br class="">
<br class="">
On 8/10/18 08:45, Aki Tuomi wrote:<br class="">
> Can you try this config and report back?<br class="">
><br class="">
>
<a class="moz-txt-link-freetext" href="https://superuser.com/questions/957272/dotlock-permissions-problems-with-dovecot-and-os-x-10-10-3" moz-do-not-send="true">https://superuser.com/questions/957272/dotlock-permissions-problems-with-dovecot-and-os-x-10-10-3</a><br class="">
><br class="">
> Aki<br class="">
><br class="">
>> On 10 August 2018 at 16:39 Mike Makuch <a class="moz-txt-link-rfc2396E" href="mailto:1mikemakuch@gmail.com" moz-do-not-send="true"><1mikemakuch@gmail.com></a>
wrote:<br class="">
>><br class="">
>><br class="">
>> OSX 10.13.6 High Sierra, dovecot 2.3.2.1<br class="">
>><br class="">
>> dovecot starts up and runs but dies as soon as my mail
client makes a<br class="">
>> request with log and config below.<br class="">
>><br class="">
>> And advice appreciated.<br class="">
>><br class="">
>> Thanks<br class="">
>><br class="">
>> Mike<br class="">
>><br class="">
>><br class="">
>><br class="">
>> 20180810-083730 auth: Debug: auth client connected
(pid=77432)<br class="">
>><br class="">
>> 20180810-083730 auth: Debug: client in: AUTH 1
PLAIN<br class="">
>> service=imap secured session=xo1p2BRzZNd/AAAB
lip=127.0.0.1<br class="">
>> rip=127.0.0.1 lport=143 rport=55140<br class="">
>> 20180810-083730 auth: Debug: client passdb out: CONT
1<br class="">
>> 20180810-083730 auth: Debug: client in: CONT 1
AG1rbQBta20xMjM=<br class="">
>> (previous base64 data may contain sensitive data)<br class="">
>> 20180810-083730 auth: Debug:
static(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>):<br class="">
>> lookup<br class="">
>> 20180810-083730 auth: Debug: client passdb out: OK 1
user=mkm<br class="">
>> host=localhost nopasswd=y<br class="">
>> 20180810-083730 auth: Debug: master in: REQUEST
4201906177 77432<br class="">
>> 1 b8126b4b71be2959fc7716888eccc566 session_pid=77433<br class="">
>> request_auth_token<br class="">
>> 20180810-083730 auth-worker(77426): Debug:<br class="">
>> passwd(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>): lookup<br class="">
>> 20180810-083730 auth: Debug: master userdb out: USER
4201906177<br class="">
>> mkm system_groups_user=mkm uid=503 gid=20
home=/Users/mkm<br class="">
>> auth_token=4d2bb44168df3d63e4e1bb352e59de632bc7da49<br class="">
>> 20180810-083730 imap-login: Info: Login:
user=<mkm>, method=PLAIN,<br class="">
>> rip=127.0.0.1, lip=127.0.0.1, mpid=77433, secured,<br class="">
>> session=<xo1p2BRzZNd/AAAB><br class="">
>> 20180810-083730
imap(mkm)<77433><xo1p2BRzZNd/AAAB>: Fatal:<br class="">
>> setgroups(505) failed: Too many extra groups<br class="">
>><br class="">
>> # doveconf -n<br class="">
>> # 2.3.2.1 (0719df592):
/usr/local/etc/dovecot/dovecot.conf<br class="">
>> # OS: Darwin 17.7.0 x86_64<br class="">
>> # Hostname: pine<br class="">
>> auth_debug = yes<br class="">
>> auth_debug_passwords = yes<br class="">
>> default_internal_user = _dovecot<br class="">
>> default_login_user = _dovenull<br class="">
>> disable_plaintext_auth = no<br class="">
>> listen = 127.0.0.1<br class="">
>> log_path = /var/log/dovecot<br class="">
>> log_timestamp = "%Y%m%d-%H%M%S "<br class="">
>> mail_debug = yes<br class="">
>> mail_gid = staff<br class="">
>> mail_location = mbox:~/Mail:INBOX=/var/mail/%u<br class="">
>> mail_privileged_group = mail<br class="">
>> mail_uid = _dovecot<br class="">
>> passdb {<br class="">
>> args = password=*** host=localhost nopasswd=y<br class="">
>> driver = static<br class="">
>> }<br class="">
>> passdb {<br class="">
>> args = login<br class="">
>> driver = pam<br class="">
>> }<br class="">
>> protocols = imap<br class="">
>> service auth {<br class="">
>> user = root<br class="">
>> }<br class="">
>> service imap-login {<br class="">
>> inet_listener imap {<br class="">
>> address = *<br class="">
>> port = 143<br class="">
>> }<br class="">
>> }<br class="">
>> ssl = no<br class="">
>> userdb {<br class="">
>> driver = passwd<br class="">
>> }<br class="">
>><br class="">
>><br class="">
<br class="">
</blockquote>
<br class="">
</blockquote>
<br class="">
</div>
</div></blockquote></div><br class=""></div></body></html>