dovecot - Aug 2011 - BUG - lmtp multiple recipients fail - setuid issue?

Hello,

I am not having much luck on this particular issue so I wanted to make
sure that this is registered as a potential bug.  The essence of the
problem is that for a given message addressed to multiple users, lmtp
writes the message correctly to the first addressed user only, then
subsequent user writes fail as the lmtp process doesn't run with the
proper permissions and tries to link files from different users as
part of its message writing.  Below you can see that lmtp (running
with steve's id, who was the first listed recipient) is trying to link
a file in jerry's inbox meeting with failure:

Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error:
link(/spool/mail/j/jerry/mail/INBOX/u.20423,
/spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.)
failed: Permission denied

Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve):
+1IXBeVXME58MAAARoVNxQ: msgid <201107271824.p6RIOPa5020900 at
backup.>: save failed to INBOX: Internal error occurred. Refer to
server log for more information. [2011-07-27 11:24:41]


Best regards,
-Boris

I am using version 2.0.13.  dovecot -n shows this:

# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-71.29.1.el6.i686 i686 CentOS Linux release 6.0 (Final) ext4
auth_debug = yes
auth_master_user_separator = *
auth_verbose = yes
auth_verbose_passwords = plain
lda_mailbox_autocreate = yes
mail_debug = yes
mail_location
sdbox:/spool/mail/%1Ln/%Ln/mail:INBOX=/spool/mail/%1Ln/%Ln/mail/INBOX
mbox_write_locks = fcntl
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
}
passdb {
  args = failure_show_msg=yes
  driver = pam
}
plugin {
  autocreate = INBOX
  autosubscribe = INBOX
}
service lmtp {
  inet_listener ltmp {
    port = 24
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = home=/spool/mail/%1Ln/%Ln
  driver = passwd
}
protocol lmtp {
  mail_plugins = " autocreate"
}

On Mon, 2011-08-01 at 14:28 -0700, Boris Lordis wrote:
> Jul 27 11:24:42 testmailserver dovecot: lmtp(12412, steve): Error:
> link(/spool/mail/j/jerry/mail/INBOX/u.20423,
>
/spool/mail/s/steve/mail/INBOX/.temp.1311791081.P12412Q2M989550.testmailserver.)
> failed: Permission denied
It shouldn't even try this.. I guess both INBOX directories use the same
group? That's why Dovecot's internal check fails to realize that it
can't use link().

This is now fixed in v2.1 hg tree. Too big of a change to fix in v2.0.
You could work around it by using unique GIDs for users, or patching
Dovecot's source code (mail_storage_copy_can_use_hardlink() to always
return FALSE)