dovecot - May 2010 - dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied

I'm getting this ...

May 10 12:45:01 eth0 postfix/local[3416]: A788D685F7: to=<
xxxxxxxx at xxxxxxxx.net>, relay=local, delay=13, delays=13/0/0/0.03,
dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open
log file /var/log/dovecot/error.log: Permission denied )

So I'm looking at http://wiki.dovecot.org/LDA to see what I can do about
it.  I would have hoped some comments in the example config file would have
mentioned this and suggested a default practice solution.  Is this something
few people or many people encounter (among those using dovecot/deliver from
Postfix)?

If I do as the wiki describes and make separate log files for
dovecot/deliver to use, do I just make them owned by Postfix?  It would seem
to me a different directory might be more helpful (absent log files could be
created by having the directory permissions.  I'm also thinking in terms of
log rotations, too ... and I prefer to do log rotations by date stamping
rather than pushing sequence numbers (the legacy log rotation).

Any chance there are %-style variables I can use in log file/path names to
make log files automatically named by the date (and maybe time) ... kind of
like in a shell script I would do: `date +/path/to/tree/%Y/%m/%d.log` or
such.

I had to chmod 777 for it to work..


Thanks
------
Romer Ventura

On May 10, 2010, at 12:33 PM, Phil Howard wrote:
> I'm getting this ...
>
> May 10 12:45:01 eth0 postfix/local[3416]: A788D685F7: to=<
> xxxxxxxx at xxxxxxxx.net>, relay=local, delay=13, delays=13/0/0/0.03,
> dsn=4.3.0, status=deferred (temporary failure. Command output:  
> Can't open
> log file /var/log/dovecot/error.log: Permission denied )
>
> So I'm looking at http://wiki.dovecot.org/LDA to see what I can do  
> about
> it.  I would have hoped some comments in the example config file  
> would have
> mentioned this and suggested a default practice solution.  Is this  
> something
> few people or many people encounter (among those using dovecot/ 
> deliver from
> Postfix)?
>
> If I do as the wiki describes and make separate log files for
> dovecot/deliver to use, do I just make them owned by Postfix?  It  
> would seem
> to me a different directory might be more helpful (absent log files  
> could be
> created by having the directory permissions.  I'm also thinking in  
> terms of
> log rotations, too ... and I prefer to do log rotations by date  
> stamping
> rather than pushing sequence numbers (the legacy log rotation).
>
> Any chance there are %-style variables I can use in log file/path  
> names to
> make log files automatically named by the date (and maybe time) ...  
> kind of
> like in a shell script I would do: `date +/path/to/tree/%Y/%m/% 
> d.log` or
> such.

I am using static uids:
mail_uid = vmail
mail_gid = vmail
user = vmail
group = vmail

else it will do what you describe.

Thanks
------
Romer Ventura
> On Mon, May 10, 2010 at 13:59, Romer Ventura <rventura at h-st.com>  
> wrote:
> I had to chmod 777 for it to work..
>
> I did chmod 777 to see what it would do, and especially, what  
> userid the log files were owned by.  Bad news from that ... they  
> are owned by the first user I sent email to.  That seems to me to  
> be a Postfix issue where Postfix still thinks I mailing to local  
> system users, and running the deliver program under such a userid.   
> When I start adding users which don't have local system user  
> equivalents, that's going to be a problem
>
> Also, I'm finding that in mail_location = the variable %d is  
> empty.  It should be the domain.  Again, this seems like Postfix is  
> treating local delivery as all-users-are-equivalent for any local  
> domain (and that is definitely not the case).  So I need to look at  
> some Postfix config now to see how to make it pass the full email  
> address (user at domain ... so %n@%d represents the email address),  
> and to run dovecot/deliver as user vmail.
>
> At least I'm not using sendmail :-)
>
> This old legacy "system user" thing is sure a PITA.  It should  
> either be ON or OFF.
>  log files automatically named by the date (and maybe time) ...  
> kind of
> like in a shell script I would do: `date +/path/to/tree/%Y/%m/% 
> d.log` or
> such.