dovecot - Jul 2008 - Error - Dovecot Permission denied

CentOS 5.2
Postfix 2.3.3 (Came Packed with CentOS)
Dovecot 1.1.1
Dovecot-Sieve 1.1.5

Did a complete new fresh install. When I send a message to:
test at wildpeacockstudios.com, I get two error messages as listed in the
/var/log/maillog:

(1) (lost connection with mail.tibonline.net[12.179.81.11] while receiving
the initial server greeting)

(2) status=bounced (local configuration error. Command output: Fatal:
open(/etc/dovecot.conf) failed: Permission denied )



Attached are copies of (a) Postfix, (b) Dovecot, (c) Dovecot-Sieve in
'/home/test/' and (d) /var/log/maillog

----------------------
[root at www ~]# postconf -n 
alias_database = hash:/etc/aliases 
alias_maps = hash:/etc/aliases 
broken_sasl_auth_clients = yes 
command_directory = /usr/sbin 
config_directory = /etc/postfix 
daemon_directory = /usr/libexec/postfix 
debug_peer_level = 2 
home_mailbox = Maildir/ 
html_directory = no 
inet_interfaces = all 
mail_owner = postfix 
mailbox_command = /usr/libexec/dovecot/deliver 
mailq_path = /usr/bin/mailq.postfix 
manpage_directory = /usr/share/man 
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 
mydomain = wildpeacockstudios.com 
myhostname = mail.wildpeacockstudios.com 
mynetworks = 127.0.0.0/8 
myorigin = $mydomain 
newaliases_path = /usr/bin/newaliases.postfix 
queue_directory = /var/spool/postfix 
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES 
relay_domains = 
relayhost = 
sample_directory = /usr/share/doc/postfix-2.3.3/samples 
sendmail_path = /usr/sbin/sendmail.postfix 
setgid_group = postdrop 
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_path = private/auth 
smtpd_sasl_type = dovecot 
unknown_local_recipient_reject_code = 550 
[root at www ~]# 
[root at www ~]# 

----------------------
[root at www ~]# dovecot -n 
# 1.1.2: /etc/dovecot.conf 
login_dir: /var/run/dovecot/login 
login_executable(default): /usr/libexec/dovecot/imap-login 
login_executable(imap): /usr/libexec/dovecot/imap-login 
login_executable(pop3): /usr/libexec/dovecot/pop3-login 
mail_location: maildir:~/Maildir 
mail_executable(default): /usr/libexec/dovecot/imap 
mail_executable(imap): /usr/libexec/dovecot/imap 
mail_executable(pop3): /usr/libexec/dovecot/pop3 
mail_plugin_dir(default): /usr/lib/dovecot/imap 
mail_plugin_dir(imap): /usr/lib/dovecot/imap 
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh 
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh 
imap_client_workarounds(pop3): 
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh 
auth default: 
  mechanisms: plain login 
  passdb: 
    driver: pam 
  userdb: 
    driver: passwd 
  socket: 
    type: listen 
    client: 
      path: /var/spool/postfix/private/auth 
      mode: 432 
      user: postfix 
      group: postfix 
[root at www ~]# 

----------------------
/home/test/.dovecot-sieve

require ["fileinto", "vacation"];
# Move spam to spam folder
if exists "X-Spam-Flag" {
  fileinto "spam";
  # Stop here so that we do not reply on spams
  stop;
}
vacation
  # Reply at most once a day to a same sender
  :days 1
  :subject "Out of office reply"
  # List of recipient addresses which are included in the auto replying.
  # If a mail's recipient is not on this list, no vacation reply is sent for
it.
  :addresses ["test at wildpeacockstudios.com"]
"I'm out of office, please contact Joan Doe instead.
Best regards
John Doe";

----------------------
/var/log/maillog

Jul 26 09:39:28 www dovecot: Dovecot v1.1.2 starting up
Jul 26 09:39:29 www postfix/postfix-script: starting the Postfix mail system
Jul 26 09:39:29 www postfix/master[4963]: daemon started -- version 2.3.3,
configuration /etc/postfix
Jul 26 09:39:29 www postfix/qmgr[4969]: 6EBA241C0007:
from=<test at wildpeacockstudios.com>, size=722, nrcpt=1 (queue active)

Jul 26 09:39:31 www postfix/smtp[4996]: 6EBA241C0007:
to=<kbajwa at tibonline.net>, relay=mail.tibonline.net[12.179.81.11]:25,
delay=1011, delays=1009/0.15/2.3/0, dsn=4.4.2, status=deferred (lost
connection with mail.tibonline.net[12.179.81.11] while receiving the initial
server greeting)

Jul 26 09:41:07 www dovecot: pop3-login: Login: user=<test>, method=PLAIN,
rip=192.168.0.64, lip=65.103.190.107
Jul 26 09:41:08 www dovecot: POP3(test): Disconnected: Logged out top=0/0,
retr=0/0, del=0/0, size=0
Jul 26 09:41:17 www postfix/smtpd[5583]: connect from unknown[192.168.0.64]
Jul 26 09:41:17 www postfix/smtpd[5583]: D7F3F41C001C:
client=unknown[192.168.0.64], sasl_method=PLAIN, sasl_username=kirtib
Jul 26 09:41:17 www postfix/cleanup[5587]: D7F3F41C001C:
message-id=<488B459C.90600 at wildpeacockstudios.com>
Jul 26 09:41:17 www postfix/qmgr[4969]: D7F3F41C001C:
from=<test at wildpeacockstudios.com>, size=720, nrcpt=1 (queue active)
Jul 26 09:41:17 www postfix/smtpd[5583]: disconnect from
unknown[192.168.0.64]
Jul 26 09:41:18 www postfix/smtp[5588]: D7F3F41C001C:
to=<kbajwa at tibonline.net>, relay=mail.tibonline.net[12.179.81.11]:25,
delay=0.43, delays=0.06/0.01/0.37/0, dsn=4.4.2, status=deferred (lost
connection with mail.tibonline.net[12.179.81.11] while receiving the initial
server greeting)
Jul 26 09:42:05 www postfix/smtpd[5583]: connect from
mail.spaceportusa.net[12.179.81.11]
Jul 26 09:42:05 www postfix/smtpd[5583]: 8675D41C0028:
client=mail.spaceportusa.net[12.179.81.11]
Jul 26 09:42:06 www postfix/cleanup[5587]: 8675D41C0028:
message-id=<87B5712FBA1548208A9A393D2D28A036 at Sunshine>
Jul 26 09:42:06 www postfix/qmgr[4969]: 8675D41C0028:
from=<kbajwa at tibonline.net>, size=880, nrcpt=1 (queue active)
Jul 26 09:42:06 www postfix/smtpd[5583]: disconnect from
mail.spaceportusa.net[12.179.81.11]


Jul 26 09:42:06 www postfix/local[5596]: 8675D41C0028:
to=<test at wildpeacockstudios.com>, relay=local, delay=1,
delays=0.72/0.26/0/0.07, dsn=5.3.5, status=bounced (local configuration
error. Command output: Fatal: open(/etc/dovecot.conf) failed: Permission
denied )


Jul 26 09:42:06 www postfix/cleanup[5587]: 6C2DA41C002A:
message-id=<20080726154206.6C2DA41C002A at mail.wildpeacockstudios.com>
Jul 26 09:42:06 www postfix/qmgr[4969]: 6C2DA41C002A: from=<>, size=2882,
nrcpt=1 (queue active)
Jul 26 09:42:06 www postfix/bounce[5598]: 8675D41C0028: sender non-delivery
notification: 6C2DA41C002A
Jul 26 09:42:06 www postfix/qmgr[4969]: 8675D41C0028: removed
Jul 26 09:42:06 www postfix/smtp[5588]: 6C2DA41C002A:
to=<kbajwa at tibonline.net>, relay=mail.tibonline.net[12.179.81.11]:25,
delay=0.37, delays=0/0/0.37/0, dsn=4.4.2, status=deferred (lost connection
with mail.tibonline.net[12.179.81.11] while receiving the initial server
greeting)

---------------------------------

Help in fixing these errors is highly appreciated.

FYI: New to Postfix & Dovecot.
Thanks.

Kirti

kbajwa wrote:
> CentOS 5.2
> Postfix 2.3.3 (Came Packed with CentOS)
> Dovecot 1.1.1
> Dovecot-Sieve 1.1.5
> 
> Did a complete new fresh install. When I send a message to:
> test at wildpeacockstudios.com, I get two error messages as listed in the
> /var/log/maillog:
> 
> (1) (lost connection with mail.tibonline.net[12.179.81.11] while receiving
> the initial server greeting)
your postfix cannot connect to mail.tiboline.net. check if anything is 
breaking the connection (firewall, pix, ..., etc).

> 
> (2) status=bounced (local configuration error. Command output: Fatal:
> open(/etc/dovecot.conf) failed: Permission denied )
> 

# ls -l / | grep /etc
# ls -l /etc/dovecot.conf

and if you have selinux, apparmor or such beasts, make sure they are not 
  preventing deliver from accessing /etc and/or to /etc/dovecot.conf.

Hello:

Since I posted this original messages, I have installed, re-installed
Postfix-2.3.3, Dovecot-1.1.1 & Dovecot-Sieve-1.1.5 over and over & still
got
the "Permission Denied" error (see "/var/log/maillog" logs
below).

Here what I found! If I add the following in "/etc/postfix/main.cf";

Mailbox_command = /usr/libexec/dovecot/deliver

Then the "Permission Denied" error appears and all mail is bounced
back with
error message.

If I remove this line, all emails are delivered fine. No error.

This problem started when I switched dovecot from Ver# 1.0.7 to 1.1.1

So my question is: 

(1) has something changed in Dovecot V# 1.1.1 to cause this error?
(2) what if I leave this line out? Would it cause problem with either
Dovecot or Dovecot-Sieve?
(3) Any other solution.

FYI, I have already included Postfix, Dovecot & Dovecot-Sieve configuration
in my previous post.

HELP. I have spent 20 days on this problem.

Kirti


-------------------------------

Jul 27 09:12:48 www dovecot: Dovecot v1.1.2 starting up
Jul 27 09:12:49 www postfix/postfix-script: starting the Postfix mail system
Jul 27 09:12:49 www postfix/master[4948]: daemon started -- version 2.3.3,
configuration /etc/postfix

Jul 27 09:16:23 www postfix/smtpd[5613]: warning: 12.179.81.11: hostname
mail.greaterlink.net verification failed: Name or service not known
Jul 27 09:16:23 www postfix/smtpd[5613]: connect from unknown[12.179.81.11]
Jul 27 09:16:23 www postfix/smtpd[5613]: E31DA41C0028:
client=unknown[12.179.81.11]
Jul 27 09:16:24 www postfix/cleanup[5617]: E31DA41C0028:
message-id=<614A512260124AD1BF7288DB1ED46CE2 at Sunshine>
Jul 27 09:16:24 www postfix/qmgr[4967]: E31DA41C0028:
from=<kbajwa at tibonline.net>, size=860, nrcpt=1 (queue active)
Jul 27 09:16:24 www postfix/smtpd[5613]: disconnect from
unknown[12.179.81.11]


Jul 27 09:16:24 www postfix/local[5623]: E31DA41C0028:
to=<test at wildpeacockstudios.com>, relay=local, delay=0.99,
delays=0.74/0.03/0/0.22, dsn=5.3.5, status=bounced (local configuration
error. Command output: Fatal: open(/etc/dovecot.conf) failed: Permission
denied )

Jul 27 09:16:24 www postfix/cleanup[5617]: B73C441C002A:
message-id=<20080727151624.B73C441C002A at mail.wildpeacockstudios.com>
Jul 27 09:16:24 www postfix/qmgr[4967]: B73C441C002A: from=<>, size=2862,
nrcpt=1 (queue active)
Jul 27 09:16:24 www postfix/bounce[5626]: E31DA41C0028: sender non-delivery
notification: B73C441C002A
Jul 27 09:16:24 www postfix/qmgr[4967]: E31DA41C0028: removed
Jul 27 09:16:26 www postfix/smtp[5627]: B73C441C002A:
to=<kbajwa at tibonline.net>, relay=mail.tibonline.net[12.179.81.11]:25,
delay=1.4, delays=0.01/0.03/0.61/0.72, dsn=2.0.0, status=sent (250 OK)
Jul 27 09:16:26 www postfix/qmgr[4967]: B73C441C002A: removed

kbajwa <kbajwa at tibonline.net> wrote:
> Since I posted this original messages, I have installed, re-installed
> Postfix-2.3.3, Dovecot-1.1.1 & Dovecot-Sieve-1.1.5 over and over &
still got
> the "Permission Denied" error (see "/var/log/maillog"
logs below).
> 
> Here what I found! If I add the following in
"/etc/postfix/main.cf";
> 
> Mailbox_command = /usr/libexec/dovecot/deliver
> 
> Then the "Permission Denied" error appears and all mail is
bounced back with
> error message.
> 
> If I remove this line, all emails are delivered fine. No error.
[...]
> (2) what if I leave this line out? Would it cause problem with either
> Dovecot or Dovecot-Sieve?         
Unlikely; not setting mailbox_command just means Postfix will use local(8) 
for mail delivery.

[...]
> Jul 27 09:16:24 www postfix/local[5623]: E31DA41C0028:
> to=<test at wildpeacockstudios.com>, relay=local, delay=0.99,
> delays=0.74/0.03/0/0.22, dsn=5.3.5, status=bounced (local configuration
> error. Command output: Fatal: open(/etc/dovecot.conf) failed: Permission
> denied )
    
What are the permissions on /etc/dovecot.conf?  The mailbox_command is run 
with the UID and the primary group GID of the recipient, so if the conf file 
is unreadable by that user/group, you see the error above.  

[...]

-- 
Sahil Tandon <sahil at tandon.net>

kbajwa wrote:
> Hello:
> 
> Since I posted this original messages, I have installed, re-installed
> Postfix-2.3.3, Dovecot-1.1.1 & Dovecot-Sieve-1.1.5 over and over &
still got
> the "Permission Denied" error (see "/var/log/maillog"
logs below).
> 
> Here what I found! If I add the following in
"/etc/postfix/main.cf";
> 
> Mailbox_command = /usr/libexec/dovecot/deliver
> 
> Then the "Permission Denied" error appears and all mail is
bounced back with
> error message.
> 
> If I remove this line, all emails are delivered fine. No error.
> 
> This problem started when I switched dovecot from Ver# 1.0.7 to 1.1.1
> 
> So my question is: 
> 
> (1) has something changed in Dovecot V# 1.1.1 to cause this error?
> (2) what if I leave this line out? Would it cause problem with either
> Dovecot or Dovecot-Sieve?
if you remove it, mail will be directly delivered by postfix. so no 
dovecot-sieve for example.

> (3) Any other solution.
> 
> FYI, I have already included Postfix, Dovecot & Dovecot-Sieve
configuration
> in my previous post.
FYI, I have asked for the output of two commands:


# ls -l / | grep /etc
# ls -l /etc/dovecot.conf

in my previous post :)
> 
> HELP. I have spent 20 days on this problem.
if you ignore our posts, you may as well spend another 20 days ;-p

Mouss:

Here is the information you asked for:

[root at www ~]# ls -1 / | grep /etc 
[root at www ~]# ls -l /etc/dovecot.conf 
-rw-r----- 1 dovecot mail 46723 Jul 26 20:09 /etc/dovecot.conf 
[root at www ~]#  

I hope you have an answer.

Kirti


-----Original Message-----
From: dovecot-bounces+kbajwa=tibonline.net at dovecot.org
[mailto:dovecot-bounces+kbajwa=tibonline.net at dovecot.org] On Behalf Of mouss
Sent: Sunday, July 27, 2008 10:45 AM
Cc: dovecot at dovecot.org
Subject: Re: [Dovecot] Error - Dovecot Permission denied


FYI, I have asked for the output of two commands:


# ls -l / | grep /etc
# ls -l /etc/dovecot.conf

in my previous post :)

kbajwa <kbajwa at tibonline.net> wrote:
> I have posted the permissions on another post. However, when I look at
> "properties" & then "permissions" for
'dovecot.conf' file, following are the
> 'permissions' listed:
> 
> Owner:	dovecot
> Access:	Read & Write
> 
> Group:	Mail
> Access:	Read-Only
> 
> Others
> Access: none
This is the problem.  The mailbox_command runs neither as the dovecot user 
nor with the mail GID.  You need to give others access to read the file.
                    
# chmod o+r /etc/dovecot.conf
> 
> Execute: [] Allow executing file as program
> SELinux Context: file_t
> 
> I hope it makes sense to you, it does not to me.
> 
> Let me know if the above need some change.
[...]

-- 
Sahil Tandon <sahil at tandon.net>

On Sat, 2008-07-26 at 10:06 -0600, kbajwa wrote:
> (2) status=bounced (local configuration error. Command output: Fatal:
> open(/etc/dovecot.conf) failed: Permission denied )
So you're using multiple UIDs for users? Possible solutions:

a) Make dovecot.conf world-readable (Is there really something secret in
it? ssl_key_password is the only one I can think of.)

b) Use virtual users with a single UID and make dovecot.conf owned by
that UID.

c) Make deliver setgid-mail and change dovecot.conf group to mail.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20080727/4ca93e4e/attachment-0002.bin>

On 7/26/2008, kbajwa (kbajwa at tibonline.net) wrote:
> (1) (lost connection with mail.tibonline.net[12.179.81.11] while receiving
> the initial server greeting)
> 
> (2) status=bounced (local configuration error. Command output: Fatal:
> open(/etc/dovecot.conf) failed: Permission denied )
Please don't edit log entries like that... a lot of times the entries 
immeditately before or after what *you* think are relevant actually are 
*more* relevant...



-- 

Best regards,

Charles