mailing at securitylabs.it
2010-Nov-09 16:18 UTC
[Dovecot] auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied
Hello, just upgraded one of my testing machine from dovecot 1.2.15 to
2.0.7. After some trouble with permissions now all seems working, but
when I stop dovecot I have these errors in log:
Nov 9 17:08:07 in dovecot: master: Warning: Killed with signal 15 (by
pid=20362 uid=0 code=kill)
Nov 9 17:08:07 in dovecot: pop3-login: Error: read(anvil) failed: EOF
Nov 9 17:08:07 in dovecot: imap-login: Error: read(anvil) failed: EOF
Nov 9 17:08:07 in dovecot: imap(mailing at securitylabs.it): Server
shutting down. bytes=410/59361
Nov 9 17:08:07 in dovecot: imap(mailing at securitylabs.it): Server
shutting down. bytes=79/26605
Nov 9 17:08:07 in dovecot: imap(mailing at securitylabs.it): Server
shutting down. bytes=802/55708
Nov 9 17:08:07 in dovecot: imap(mailing at securitylabs.it): Server
shutting down. bytes=258/1242
Nov 9 17:08:07 in dovecot: auth: Error: read(anvil-auth-penalty)
failed: EOF
Nov 9 17:08:07 in dovecot: auth: Error:
net_connect_unix(anvil-auth-penalty) failed: Permission denied
dovecot -n:
# 2.0.7: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-xen-686 i686 Debian squeeze/sid
auth_cache_negative_ttl = 2 mins
auth_cache_size = 1000 M
auth_cache_ttl = 2 mins
auth_master_user_separator = *
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
disable_plaintext_auth = no
dotlock_use_excl = yes
first_valid_uid = 100
last_valid_uid = 105
lock_method = dotlock
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_greeting = Server ready.
mail_fsync = never
mail_gid = Debian-exim
mail_location = maildir:~/Maildir:INDEX=/var/indexes/%d/%n
mail_privileged_group = Debian-exim
mail_uid = Debian-exim
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables
body enotify environment mailbox date
namespace {
inbox = yes
location prefix separator = /
type = private
}
namespace {
location = maildir:~/Maildir/expunged
prefix = EXPUNGED/
separator = /
type = private
}
namespace {
location = maildir:~/Maildir/deleted
prefix = DELETED/
separator = /
type = private
}
namespace {
location = maildir:~/Maildir/deleted/expunged
prefix = DELETED/EXPUNGED/
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot-sql.conf
driver = sql
}
passdb {
args = /usr/local/etc/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
plugin {
lazy_expunge = EXPUNGED/ DELETED/ DELETED/EXPUNGED/
mail_log_events = delete expunge
mail_log_group_events quota = maildir
quota_warning = storage=80%% /usr/local/bin/dovecot-quota-warning.sh 80
quota_warning2 = storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90
sieve = ~/.dovecot.sieve
}
pop3_no_flag_updates = yes
protocols = imap pop3
service auth {
unix_listener auth-userdb {
group = Debian-exim
mode = 0600
user = Debian-exim
}
}
service imap-login {
client_limit = 256
process_limit = 128
process_min_avail = 3
service_count = 1
}
service imap {
drop_priv_before_exec = yes
process_limit = 256
vsz_limit = 256 B
}
service pop3-login {
client_limit = 256
process_limit = 128
process_min_avail = 3
service_count = 1
}
service pop3 {
drop_priv_before_exec = yes
process_limit = 256
vsz_limit = 256 B
}
ssl_cert = </usr/local/etc/dovecot.crt
ssl_key = </usr/local/etc/dovecot.key
userdb {
args = /usr/local/etc/dovecot-sql.conf
driver = sql
}
protocol imap {
mail_max_userip_connections = 10
mail_plugins = " notify quota imap_quota mail_log lazy_expunge"
}
protocol pop3 {
mail_max_userip_connections = 3
mail_plugins = " notify quota mail_log"
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = quota sieve
postmaster_address = postmaster at securitylabs.it
}
My /usr/local/var/run/dovecot directory:
4 drwxr-sr-x 4 root staff 4096 Nov 9 17:08 .
4 drwxrwsrwx 3 root staff 4096 Nov 9 17:05 ..
0 srw------- 1 root staff 0 Nov 9 17:05 anvil
0 srw------- 1 root staff 0 Nov 9 17:05 anvil-auth-penalty
0 srw------- 1 root staff 0 Nov 9 17:05 auth-client
0 srw------- 1 dovecot staff 0 Nov 9 17:05 auth-login
0 srw------- 1 root staff 0 Nov 9 17:05 auth-master
0 srw------- 1 Debian-exim Debian-exim 0 Nov 9 17:05 auth-userdb
0 srw------- 1 dovecot staff 0 Nov 9 17:05 auth-worker
0 srw------- 1 root staff 0 Nov 9 17:05 config
0 srw------- 1 root staff 0 Nov 9 17:05 dict
0 srw------- 1 root staff 0 Nov 9 17:05 director-admin
0 srw-rw-rw- 1 root staff 0 Nov 9 17:05 dns-client
0 srw------- 1 root staff 0 Nov 9 17:05 doveadm-server
0 lrwxrwxrwx 1 root staff 35 Nov 9 17:05 dovecot.conf ->
/usr/local/etc/dovecot/dovecot.conf
4 drwxr-xr-x 2 root root 4096 Nov 9 17:05 empty
4 drwxr-x--- 2 root dovenull 4096 Nov 9 17:05 login
My emails are delivered as user Debian-exim and users are virtual in a
MySQL DB. This system is behind a proxy (so the master user)
Timo Sirainen
2010-Nov-18 20:36 UTC
[Dovecot] auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied
On Tue, 2010-11-09 at 17:18 +0100, mailing at securitylabs.it wrote:> Hello, just upgraded one of my testing machine from dovecot 1.2.15 to > 2.0.7. After some trouble with permissions now all seems working, but > when I stop dovecot I have these errors in log: > > Nov 9 17:08:07 in dovecot: master: Warning: Killed with signal 15 (by > pid=20362 uid=0 code=kill) > Nov 9 17:08:07 in dovecot: pop3-login: Error: read(anvil) failed: EOFhttp://hg.dovecot.org/dovecot-2.0/rev/67fbf09d3fa5 fixes these.> Nov 9 17:08:07 in dovecot: auth: Error: read(anvil-auth-penalty) > failed: EOF > Nov 9 17:08:07 in dovecot: auth: Error: > net_connect_unix(anvil-auth-penalty) failed: Permission deniedhttp://hg.dovecot.org/dovecot-2.0/rev/3e4a65a74c40 fixes this so that if anvil actually does die too early, auth process kills itself.
Seemingly Similar Threads
- Setting lmtp_user_concurrency_limit causes anvil permission error
- read/connect anvil-auth-penalty failed: EOF/Connection refused
- Dovecot stops to work - anvil problem
- Converting to 2.0 and LMTP have userdb and auth-worker complaints
- Authentication/Penalty disabled (socket mode=0) introduces constant 5 sec delays (2.27 on debian 9)