Greetings all.
Please forgive me if I'm posting something that has already been
addressed, but my google-foo is not strong enough to find the solution.
I've got a dovecot server running version 2.0.19 on Gentoo Hardened. I
have Postfix as my MTA, and it is calling the Dovecot LDA to deliver the
mail. Everything is working great, mail is being delivered, and the users
are happy.
However, I am noticing that I have random entries like this:
Mar 1 20:19:23 hermes dovecot: lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: Permission denied
(euid=97(dovecot) egid=97(dovecot) missing +r perm:
/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755)
Mar 1 20:19:23 hermes dovecot: lda: Fatal: Internal error occurred. Refer
to server log for more information.
Since these messages came from the server log, looking in the server log
for more information is rather pointless.
I have 10-master.conf configured as follows:
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
In 15-lda.conf I have:
protocol lda {
mail_plugins = $mail_plugins sieve quota
}
In Postfix master.cf, I have the following:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:users argv=/usr/libexec/dovecot/deliver -f
${sender} -d ${user}@${nexthop}
Permissions on the socket are:
srw------- 1 vmail vmail 0 Feb 24 23:43 auth-userdb
Judging from the log, my problem is that the LDA appears to be trying to
access the socket as the dovecot user (rather than the vmail user), but my
question is why? What logging can I use to tell me if postfix is calling
with the wrong permissions or if the lda is somehow getting confused?
Any help or suggestions greatly appreciated.
Thanks,
Gizmo
Chris Richards wrote:> I've got a dovecot server running version 2.0.19 on Gentoo Hardened. I > have Postfix as my MTA, and it is calling the Dovecot LDA to deliver the > mail. Everything is working great, mail is being delivered, and the users > are happy. > > However, I am noticing that I have random entries like this: > > Mar 1 20:19:23 hermes dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=97(dovecot) egid=97(dovecot) missing +r perm: > /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Mar 1 20:19:23 hermes dovecot: lda: Fatal: Internal error occurred. Refer > to server log for more information. > > In Postfix master.cf, I have the following: > dovecot unix - n n - - pipe > flags=DRhu user=vmail:users argv=/usr/libexec/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > Permissions on the socket are: > srw------- 1 vmail vmail 0 Feb 24 23:43 auth-userdb > > Judging from the log, my problem is that the LDA appears to be trying to > access the socket as the dovecot user (rather than the vmail user), but my > question is why? What logging can I use to tell me if postfix is calling > with the wrong permissions or if the lda is somehow getting confused?Have a look at http://wiki2.dovecot.org/LDA http://wiki2.dovecot.org/LDA/Postfix Maybe there you will find some helpful hints. Is /usr/libexec/dovecot/deliver or /usr/libexec/dovecot/dovecot-lda somehow setuid or setgid and owner/group dovecot? Where does the effective user euid=97(dovecot) and effective group egid=97(dovecot) come from, is it somewhere your dovecot config? Please show full output of # doveconf -n # stat /usr/libexec/dovecot/deliver # stat /usr/libexec/dovecot/dovecot-lda Regards Daniel -- https://plus.google.com/103021802792276734820