As I am new to dovecot and sieve I am really happy to get it working in a straight forward way. Thanks for the documentation to whom it concerns. Now I came to my limits with this failure messages in /home/rolf/.dovecot.sieve.log: sieve: info: started log at Jun 25 20:22:54. error: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: failed to store into mailbox 'INBOX': BUG: Unknown internal error. with this messages in mail.info: Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: connect from localhost[127.0.0.1] Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: 90898E0190: client=localhost[127.0.0.1] Jun 25 20:22:54 rolf14 postfix/cleanup[21669]: 90898E0190: message-id=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com> Jun 25 20:22:54 rolf14 postfix/qmgr[21172]: 90898E0190: from=<stephanie.otavy at live.com>, size=5291, nrcpt=1 (queue active) Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: disconnect from localhost[127.0.0.1] Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: setegid(privileged) failed: Operation not permitted Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: sieve: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: failed to store into mailbox 'INBOX': BUG: Unknown internal error Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: sieve: script /home/rolf/.dovecot.sieve failed with unsuccessful implicit keep (user logfile /home/rolf/.dovecot.sieve.log may reveal additional details) I guess the mentioned mail is spam. However, does this tell about some wrong configuration or access rights? Any indication what to improve? I get such an error about every 6 minutes.
Hi Rolf, Rolf wrote:> Now I came to my limits with this failure messages in > /home/rolf/.dovecot.sieve.log: > > sieve: info: started log at Jun 25 20:22:54. > error: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: > failed to store into mailbox 'INBOX': BUG: Unknown internal error. > > with this messages in mail.info: > > Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: connect from localhost[127.0.0.1] > Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: 90898E0190: client=localhost[127.0.0.1] > Jun 25 20:22:54 rolf14 postfix/cleanup[21669]: 90898E0190: message-id=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com> > Jun 25 20:22:54 rolf14 postfix/qmgr[21172]: 90898E0190: from=<stephanie.otavy at live.com>, size=5291, nrcpt=1 (queue active) > Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: disconnect from localhost[127.0.0.1] > Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: setegid(privileged) failed: Operation not permitted > Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: sieve: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: failed to store into mailbox 'INBOX': BUG: Unknown internal error > Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: sieve: script /home/rolf/.dovecot.sieve failed with unsuccessful implicit keep (user logfile /home/rolf/.dovecot.sieve.log may reveal additional details) > > I guess the mentioned mail is spam. However, does this tell about > some wrong configuration or access rights? Any indication what to > improve? I get such an error about every 6 minutes.lda ist the local delivery agent which seems to fail during delivery. "setegid(privileged) failed" looks like your lda running under a specific user is not allowed to change to the specified group id, maybe the user not a member of the configured group, but this is just a guess. For a deeper analysis we will need the full output of the following command: doveconf -n Regards, Daniel -- https://plus.google.com/103021802792276734820
Rolf wrote:> Am 2012-06-25 23:59, schrieb Daniel Parthey: > >Hi Rolf, > > > >Rolf wrote: > >>Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: setegid(privileged) failed: Operation not permittedDoesn't lda(rolf) mean it is being executed under user "rolf", not root or dovecot? How exactly do you invoke lda from your /etc/postfix/master.cf? You might also try to use LMTP via TCP to deliver mails from postfix to dovecot to work around any permission problems.> I have installed dovecot and docecot-sieve by Debians aptitudeYou don't seem to be the only one with these problems, see Debian BTS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626130> As far as I understand the "ps -f ax" output (see > below) dovecot runs with root privileges and postfix runs with its > own user privileges. > > root 20998 1 0 Jun25 ? Ss 0:03 /usr/sbin/dovecot -c /etc/dovecot/dovecot.confWell, the master process often runs as root, but child processes like lda may be configured to run as an unprivileged, or even as the user which owns the mailbox.> The mbox files below /var/mail are owned by > their respective users and have "mail" as their group, both can > write, world can do nothing. I added every related system user to > the mail group, also restarted postfix and dovecot.> root at rolf14:/var/mail# more /etc/group | grep mail: mail:x:8:amavis,dovecot,clamav,postfixUser "rolf" is not a member of group "mail", but I don't think he needs to be, otherwise he would be able to read the mails of all users on the system and this would be a security risk.> As I understand it, postfix activates the lda "deliver" as user > "postfix". Therefore it should be able to write to the mboxes at > /var/mail. If needed dovecot can write there as well.The lda should rather switch to the owner of the respective INBOX, e.g. /var/mail/rolf. Log message "lda(rolf)" looks like this happens. To summarize, I think LMTP will be the easiest way to fix the permission problems. Otherwise you would need to fiddle out how to prevent dovecot lda from switching to group additional group "mail", since unprivileged user "rolf" is not allowed to do that. Regards, Daniel -- https://plus.google.com/103021802792276734820
Rolf wrote:> Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: setegid(privileged) failed: Operation not permittedManual page "man 2 setegid" states that setegid() sets the effective group ID of the calling process. Unprivi- leged user processes may only set the effective group ID to the real group ID, the effective group ID or the saved set-group-ID. Your "postfix" user is a member of group "mail", but "mail" which you configured as "mail_privileged_group = vmail" is neither the primary group of user "postfix", nor is it the effective group id of the calling postfix process. Therefore you might get the error as documented in the manpage setegid(2): EPERM The calling process is not privileged (Linux: does not have the CAP_SETUID capability in the case of seteuid(), or the CAP_SET- GID capability in the case of setegid()) and euid (respectively, egid) is not the real user (group) ID, the effective user (group) ID, or the saved set-user-ID (saved set-group-ID). Regards Daniel -- https://plus.google.com/103021802792276734820
Am 2012-06-26 23:47, schrieb Daniel Parthey:> Rolf wrote: >> Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: >> setegid(privileged) failed: Operation not permitted > > Manual page "man 2 setegid" states that >Yes, thank you Daniel for pointing me to this subjects. Now I got a bit a deeper understanding how a file gets executed. My problem is that I do not exactly know from the error message who is starting what by which effective group id and to what group id it tries to switch. All guessing did not lead to a result. I tried: postfix is starting deliver with the effective group id "postfix" and wants to set the group id either to "mail" or to "rolf". But no success.