Hi I'm very new to Dovecot (been using Courier for 5 years), but I've been persuaded of the merits of Dovecot and since the server needs upgrading that seems like the perfect time/excuse. On a test server, I set up postfix and installed Dovecot (running 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail store (Maildirs, for historical reasons located under /var/spool/mail/virtual/domain.com/user). Then I ran the courier migration perl script and everything was fine and dandy. However, when I can to do the production migration, things weren't as smooth. The new server is 64-bit (not that I think it makes a difference, but if you're going to help me you should have all the information :) Again, I installed Postfix and Dovecot Took down the old server Mirrored the Maildirs Ran the migration script Restarted everything At this point everything looked like it was ok. Mail was being received and delivered to the Maildirs and the IMAP login was fine. However, I noticed errors in the logs when retreiving mail with the MUA along the lines of: Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) After messing around with the chown and chmod (even though these were exactly the same as the test server) I finally discovered the issue. mail:~# ls /var/spool/mail/virtual/domain.net/simon/new -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA. After thinking for a while it occurred to me that this is covered in the LDA section. But making changes to the config file (either permissions or UID/GID) doesn't seem to make a difference. (Yes, I did restart postfix and dovecot after the changes). Anyway, here is my dovecot -n: mail:~# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/keys/ca.crt ssl_cert_file: /etc/ssl/keys/mail.net.crt ssl_key_file: /etc/ssl/private/mail.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mailsystem mail_location: maildir:/var/spool/mail/virtual/%d/%n maildir_very_dirty_syncs: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmaster at net mail_plugins: quota log_path: info_log_path: deliver_log_format: msgid=%m: %f: %$ auth default: mechanisms: plain login user: mailsystem verbose: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: static args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mailsystem master: path: /var/run/dovecot/auth-master mode: 432 user: mailsystem group: mailsystem plugin: quota: maildir As you can see, I tried to go 0660 in both client and master. The portion of my master.cf 81 # SPB - Attempt to deliver with Dovecot LDA 82 dovecot unix - n n - - pipe 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Is there anything else I should include? I'm pretty sure it's an error on my part. I'm just not clued up enough to know where. My second problem is that I thought I had things back to where they were before I messed with chown and chmod, but now I get this in the logs dovecot: dovecot: Fatal: chdir(/var/spool/mail/virtual/domain.net/simon/) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: /var/spool/mail/virtual) But the ls on that is exactly the same as on the test server: ls /var/spool/mail/virtual/ total 44K drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net So, now I'm stumped. I hope someone can spot the simple thing I've missed! Thanks. Simon
My guess is your delivering email with postfix to the inbox, instead of using dovecot-lda. And something odd is going on with that postfix to get odd permissions like that. You probably needed to edit the postfix virtual deliever transport, or maybe you just forget to active the dovecot-lda (deliever) transport. Quoting Simon Brereton <simon.brereton at buongiorno.com>:> Hi > > I'm very new to Dovecot (been using Courier for 5 years), but I've > been persuaded of the merits of Dovecot and since the server needs > upgrading that seems like the perfect time/excuse. > > On a test server, I set up postfix and installed Dovecot (running > 32-bit Debian Squeeze, installed from apt-get). I mirrored the mail > store (Maildirs, for historical reasons located under > /var/spool/mail/virtual/domain.com/user). Then I ran the courier > migration perl script and everything was fine and dandy. > > However, when I can to do the production migration, things weren't > as smooth. The new server is 64-bit (not that I think it makes a > difference, but if you're going to help me you should have all the > information :) > > Again, I installed Postfix and Dovecot > Took down the old server > Mirrored the Maildirs > Ran the migration script > Restarted everything > > At this point everything looked like it was ok. Mail was being > received and delivered to the Maildirs and the IMAP login was fine. > However, I noticed errors in the logs when retreiving mail with the > MUA along the lines of: > > Aug 26 16:59:48 mail dovecot: IMAP(simon at lydiard.net): > open(/var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) failed: Permission denied (euid=999(mailsystem) egid=115(mailsystem) missing +r perm: > /var/spool/mail/virtual/domain.net/simon/cur/1314328966.V801I166601bM756462.mail.net,S=2461:2,) > > After messing around with the chown and chmod (even though these > were exactly the same as the test server) I finally discovered the > issue. > > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the > mails from courier seem to have all been 0770 as you can see). If I > manually change the permission (to 0660) then I can see the mail in > the MUA. > > After thinking for a while it occurred to me that this is covered in > the LDA section. But making changes to the config file (either > permissions or UID/GID) doesn't seem to make a difference. (Yes, I > did restart postfix and dovecot after the changes). > > Anyway, here is my dovecot -n: > > mail:~# dovecot -n > # 1.2.15: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 > log_timestamp: %Y-%m-%d %H:%M:%S > protocols: imap imaps pop3 pop3s > ssl_ca_file: /etc/ssl/keys/ca.crt > ssl_cert_file: /etc/ssl/keys/mail.net.crt > ssl_key_file: /etc/ssl/private/mail.net.key > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/lib/dovecot/imap-login > login_executable(imap): /usr/lib/dovecot/imap-login > login_executable(pop3): /usr/lib/dovecot/pop3-login > mail_privileged_group: mailsystem > mail_location: maildir:/var/spool/mail/virtual/%d/%n > maildir_very_dirty_syncs: yes > mbox_write_locks: fcntl dotlock > mail_executable(default): /usr/lib/dovecot/imap > mail_executable(imap): /usr/lib/dovecot/imap > mail_executable(pop3): /usr/lib/dovecot/pop3 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 > imap_client_workarounds(default): outlook-idle delay-newmail > imap_client_workarounds(imap): outlook-idle delay-newmail > imap_client_workarounds(pop3): > pop3_client_workarounds(default): > pop3_client_workarounds(imap): > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh > lda: > postmaster_address: postmaster at net > mail_plugins: quota > log_path: > info_log_path: > deliver_log_format: msgid=%m: %f: %$ > auth default: > mechanisms: plain login > user: mailsystem > verbose: yes > passdb: > driver: sql > args: /etc/dovecot/dovecot-sql.conf > userdb: > driver: prefetch > userdb: > driver: static > args: uid=999 gid=115 home=/var/spool/mail/virtual/%d/%n > allow_all_users=yes > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: mailsystem > master: > path: /var/run/dovecot/auth-master > mode: 432 > user: mailsystem > group: mailsystem > plugin: > quota: maildir > > As you can see, I tried to go 0660 in both client and master. > > The portion of my master.cf > 81 # SPB - Attempt to deliver with Dovecot LDA > 82 dovecot unix - n n - - pipe > 83 flags=DRhu user=mailsystem argv=/usr/lib/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > Is there anything else I should include? > > I'm pretty sure it's an error on my part. I'm just not clued up > enough to know where. > > My second problem is that I thought I had things back to where they > were before I messed with chown and chmod, but now I get this in the > logs > > dovecot: dovecot: Fatal: > chdir(/var/spool/mail/virtual/domain.net/simon/) failed: Permission > denied (euid=999(mailsystem) egid=115(mailsystem) missing +x perm: > /var/spool/mail/virtual) > > But the ls on that is exactly the same as on the test server: > ls /var/spool/mail/virtual/ > total 44K > drwxrwS--- 11 postfix mailsystem 4.0K Aug 25 23:07 ./ > drwxrwsr-x 5 amavis mailsystem 4.0K Oct 19 2009 ../ > drwxrws--- 5 mailsystem mailsystem 4.0K Aug 26 02:33 domain.net > > So, now I'm stumped. I hope someone can spot the simple thing I've missed! > > Thanks. > > > Simon
On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote:> mail:~# ls /var/spool/mail/virtual/domain.net/simon/new > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the mails from courier seem to have all been 0770 as you can see). If I manually change the permission (to 0660) then I can see the mail in the MUA.If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.) In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them.