dovecot - May 2006 - dovecot LDA w/virtual domains and postfix

Hi,

I've been trying to follow the documentation that I am finding, but am
running
into trouble getting things set up correctly for postfix + virtual domains 
(using ldap) with dovecot LDA.  I can get it to work without LDA, but I'm 
running into permissions problems when I try to run with LDA.  I am wondering 
if anyone has any good examples of configuring this.

I basically have a 'vmail' user (1015) that owns a /var/vmail/domains 
directory tree.  I have set the following in postfix master.cf:

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

In main.cf

dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
virtual_mailbox_base = /var/vmail/domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_domains = ldap:/etc/postfix/ldap-vdoms.cf
virtual_uid_maps = static:1015
virtual_gid_maps = static:12
home_mailbox = Maildir/

and in dovecot.conf:

protocols = imap imaps pop3 pop3s
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/sauerkraut.heinous.org.crt
ssl_key_file = /etc/ssl/private/sauerkraut.heinous.org.key
mail_extra_groups = mail
valid_chroot_dirs = /var/vmail/domains
default_mail_env = maildir:/var/vmail/domains/%d/%n/mail
protocol lda {
  postmaster_address = postmaster at frauerpower.com
}
protocol imap {
}
protocol pop3 {
}
auth default {
  mechanisms = plain
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  user = root
}
auth default_with_listener {
  mechanisms = plain
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  socket listen {
    master {
      path = /var/run/dovecot-auth-master
      mode = 0600
      user = vmail
      group = mail
    }
  }
}
plugin {
}

However, I must be missing something.  I get the following when trying to send 
the user a message:

 setuid(1015) failed: Operation not permitted

Doing 'postmap -q leah at frauerpower.com
ldap:/etc/postfix/ldap-mailbox.cf'
returns 'frauerpower.com/leah/mail/' which, in the non LDA mode worked
okay,
plonking the mail under /var/vmail/domains/frauerpower.com/leah/mail

How is this sort of thing normally set up?  Apologies in advance for my 
ignorance, I am pretty new to dovecot.

Leah

Hi Leah.

Leah Cunningham wrote:
> However, I must be missing something.  I get the following when trying to
send
> the user a message:
> 
>  setuid(1015) failed: Operation not permitted
Which one reports this error, Postfix or Dovecot?
> 
> Doing 'postmap -q leah at frauerpower.com
ldap:/etc/postfix/ldap-mailbox.cf'
> returns 'frauerpower.com/leah/mail/' which, in the non LDA mode
worked okay,
> plonking the mail under /var/vmail/domains/frauerpower.com/leah/mail
AFAIK Dovecot doesn't care about the return value of the Postfix
LDAP-Query, so this is irrelevant for Dovecot.

Regards


Andreas

Hi,

I am running into trouble getting things set up correctly for postfix + 
virtual domains  (using ldap) with dovecot LDA.  I can get it to work without 
LDA, but I'm running into permissions problems when I try to run with LDA. 
I
am wondering if anyone has any good examples of configuring this.

It would seem that we can't deliver in setuid mode, even though the 
documentation seemed to indicate that we can.

I basically have a 'vmail' user (1015) that owns a /var/vmail/domains 
directory tree.  I have set the following in postfix master.cf:

# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

In main.cf

dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
virtual_mailbox_base = /var/vmail/domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_domains = ldap:/etc/postfix/ldap-vdoms.cf
virtual_uid_maps = static:1015
virtual_gid_maps = static:12
home_mailbox = Maildir/

and in dovecot.conf:

protocols = imap imaps pop3 pop3s
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/sauerkraut.heinous.org.crt
ssl_key_file = /etc/ssl/private/sauerkraut.heinous.org.key
mail_extra_groups = mail
valid_chroot_dirs = /var/vmail/domains
default_mail_env = maildir:/var/vmail/domains/%d/%n/mail
protocol lda {
  postmaster_address = postmaster at frauerpower.com
}
protocol imap {
}
protocol pop3 {
}
auth default {
  mechanisms = plain
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  user = root
}
auth default_with_listener {
  mechanisms = plain
  userdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
  }
  socket listen {
    master {
      path = /var/run/dovecot-auth-master
      mode = 0600
      user = vmail
      group = mail
    }
  }
}
plugin {
}

However, I must be missing something.  I get the following when trying to send 
the user a message:

May  5 10:42:48 sauerkraut deliver: setuid(1015) failed: Operation not 
permitted
May  5 10:42:48 sauerkraut postfix/pipe[28978]: ECD7FF5E: 
to=<leah at frauerpower.com>, orig_to=<root at
oogabooga.heinous.org>,
relay=dovecot, delay=1, status=bounced (Command died with status 89: 
"/usr/lib/dovecot/deliver")

Doing 'postmap -q leah at frauerpower.com
ldap:/etc/postfix/ldap-mailbox.cf'
returns 'frauerpower.com/leah/mail/' which, in the non LDA mode worked
okay,
plonking the mail under /var/vmail/domains/frauerpower.com/leah/mail

How is this sort of thing normally set up?  Apologies in advance for my 
ignorance, I am pretty new to dovecot.

Leah