On Thu, 2007-02-08 at 13:53 +0000, Dick Middleton wrote:> Feb 8 13:09:35 deliver(<email-addr>): setgid(5002) failed: Operation
not permitted
> Feb 8 13:09:36 deliver(<email-addr>): setgid(5001) failed: Operation
not permitted
Your different users have different GIDs? But do they still have all the
same UID? Or do you care about GIDs at all? There are two possibilities:
1) Make deliver setuid-root so it has permissions to do the setgid()
calls (and make sure only Postfix has permissions to start the deliver).
2) Don't use those GIDs. Make userdb return the same GID as what deliver
already runs as.
> Feb 8 13:09:36 Devil postfix/pipe[9622]: 5AD5C103C:
to=<<email-addr>>,
> orig_to=<<email-addr>>, relay=dovecot, delay=0.05,
delays=0.01/0/0/0.04,
> dsn=5.3.0, status=bounced (Command died with status 89:
> \"/usr/libexec/dovecot/deliver\")
>
>
> When deliver fails because it can't connect to auth-master socket it
returns an
> undeliverable status which causes postfix to defer delivery. I think it
should
> do the same here.
Yea, it should. This has been in my TODO list for a while. Finally
implemented:
http://dovecot.org/list/dovecot-cvs/2007-February/007688.html
http://dovecot.org/list/dovecot-cvs/2007-February/007689.html
> The real question is how I give deliver the permission to do the setgid?
Is it
> enough to just add user vmail to each of the virtual user groups in
/etc/group.
No, Dovecot doesn't care about /etc/group.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070215/10d407a5/attachment.bin>