<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hello,</p>
<p><br /></p>
<p>Please accept my apologies for not giving all the details in the original bug report. After further testing, I need to add that it is not the permissions of .mailder that cause doveadm to fail. It fails because the .maildir is a FUSE mount with access to all other users, including potentially untrusted root, restricted. This configuration worked fine until 2.3.18-r1. Has the context under which doveadm runs changed? Is there a way to make it run as the user?</p>
<p><br /></p>
<div id="signature">---<br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">roughgrain.com - Mastering Mentoring<br />+447780565902</div>
</div>
<p><br /></p>
<p id="reply-intro">On 17/07/2022 11:20, Martin Kuchta wrote:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<div id="replybody1">
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<div class="v1pre" style="margin: 0; padding: 0; font-family: monospace;">Hello,<br /><br />Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes.</div>
<div class="v1pre" style="margin: 0; padding: 0; font-family: monospace;"> </div>
<div class="v1pre" style="margin: 0; padding: 0; font-family: monospace;"># 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf<br /># Pigeonhole version 0.5.19 (4eae2f79)<br /># OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 <br /># Hostname: www.example.com<br />auth_mechanisms = plain login<br />auth_username_format = %Ln<br />doveadm_password = # hidden, use -P to show it<br />hostname = www.example.xom<br />listen = *<br />login_greeting = Dovecot ready.<br />mail_location = maildir:~/.maildir<br />mail_plugins = notify replication<br />managesieve_notify_capability = mailto<br />managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe<br />namespace inbox {<br />inbox = yes<br />location = <br />mailbox Drafts {<br />special_use = \Drafts<br />}<br />mailbox Junk {<br />special_use = \Junk<br />}<br />mailbox Sent {<br />special_use = \Sent<br />}<br />mailbox "Sent Messages" {<br />special_use = \Sent<br />}<br />mailbox Trash {<br />special_use = \Trash<br />}<br />prefix = <br />}<br />passdb {<br />args = *<br />driver = pam<br />}<br />plugin {<br />mail_replica = tcps:www.example.com:8000<br />sieve = file:~/sieve;active=~/.dovecot.sieve<br />sieve_extensions = +notify +imapflags +vnd.dovecot.pipe<br />sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe<br />sieve_plugins = sieve_extprograms<br />}<br />postmaster_address = postmaster@example.com<br />protocols = imap lmtp sieve<br />service aggregator {<br />fifo_listener replication-notify-fifo {<br />mode = 0666<br />}<br />unix_listener replication-notify {<br />mode = 0666<br />}<br />}<br />service auth {<br />unix_listener /var/spool/postfix/private/auth {<br />group = postfix<br />mode = 0666<br />user = postfix<br />}<br />}<br />service doveadm {<br />inet_listener {<br />port = 8000<br />ssl = yes<br />}<br />}<br />service lmtp {<br />unix_listener /var/spool/postfix/private/dovecot-lmtp {<br />group = postfix<br />mode = 0600<br />user = postfix<br />}<br />}<br />service replicator {<br />process_min_avail = 1<br />unix_listener replicator-doveadm {<br />mode = 0600<br />}<br />}<br />ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem<br />ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA<br />ssl_client_ca_dir = /etc/ssl/certs<br />ssl_dh = # hidden, use -P to show it<br />ssl_key = # hidden, use -P to show it<br />userdb {<br />driver = passwd<br />}<br />protocol lmtp {<br />mail_plugins = notify replication sieve<br />postmaster_address = postmaster@example.com<br />}<br />protocol lda {<br />mail_plugins = notify replication sieve<br />}<br />local_name mail.example.com {<br />ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem<br />ssl_key = # hidden, use -P to show it<br />}<br />local_name example.com {<br />ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem<br />ssl_key = # hidden, use -P to show it<br />}<br /><br /><br />
<div id="v1signature">-- <br />
<div class="v1pre" style="margin: 0; padding: 0; font-family: monospace;">roughgrain.com - Mastering Mentoring<br />+447780565902</div>
</div>
</div>
</div>
</div>
</blockquote>
</body></html>