Im trying to convert my dovecot-lda setup to use LMTP for better
security. My setup is postfix + dovecot + mysql with virtual users.
Im setting up dovecot 2.2.1 w/postfix 2.10.0
Im still learning dovecot so Im not totally sure where Im going wrong.
Can someone point out why Im getting permission problems?
Im also concerned with server security, so if you notice anything that should
be better, please point that out. I am the only user on this Linux box.
Thank you!
ls -l /opt/imapdata/j/jeff/INBOX
total 8
drwxr-xr-x 2 vmail vmail 4096 Apr 27 14:21 ./
drwxr-xr-x 3 vmail vmail 4096 Apr 27 14:21 ../
Dovecot is running with the following users:
root 20847 0.0 0.0 15572 1108 ? Ss 10:23 0:00
/opt/optdovecot/sbin/dovecot
dovenull 20848 0.0 0.0 46752 2724 ? S 10:23 0:00
dovecot/imap-login
dovenull 20849 0.0 0.0 46752 2720 ? S 10:23 0:00
dovecot/imap-login
vmail 20850 0.0 0.0 13408 1068 ? S 10:23 0:00 dovecot/anvil
root 20851 0.0 0.0 13540 1192 ? S 10:23 0:00 dovecot/log
root 20853 0.0 0.0 16504 2128 ? S 10:23 0:00 dovecot/config
vmail 20854 0.0 0.0 136448 2972 ? S 10:23 0:00 dovecot/auth
Im getting the following when an email comes in:
Apr 29 10:11:57 fed8 postfix/virtual[20666]: D88F3DF3BD: to=<jeff at
mydomain.com>, relay=virtual, delay=370, delays=370/0.03/0/0.07, dsn=4.2.0,
status=deferred (delivery failed to mailbox ///opt/imapdata/j/jeff/INBOX/inbox:
unable to create lock file ///opt/imapdata/j/jeff/INBOX/inbox.lock: Permission
denied)
my postfix/master.cf entry:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f
${sender} -d ${recipient}
doveconf -n:
# 2.2.1: /opt/dovecot221/etc/dovecot/dovecot.conf
# OS: Linux 3.8.5-201.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow)
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
default_internal_user = vmail
first_valid_gid = 2000
first_valid_uid = 2000
listen = *
lock_method = flock
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = vmail
mail_privileged_group = vmail
mail_uid = vmail
mbox_lock_timeout = 1 mins
mbox_write_locks = fcntl
passdb {
args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
}
postmaster_address = jeff at otherdomain.com
protocols = imap lmtp
sendmail_path = /usr/lib/sendmail
service auth {
inet_listener {
port = 12345
}
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0660
user = vmail
}
user = $default_internal_user
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 2
service_count = 1
vsz_limit = 64 M
}
service lmtp {
executable = lmtp -L
inet_listener lmtp {
address = 192.168.1.22 127.0.0.1
port = 24
}
unix_listener lmtp {
mode = 0666
}
user = vmail
}
ssl = required
ssl_cert = </opt/dovecot/etc/dovecot/conf.d/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!MEDIUM:!SSLv1:!SSLv2:!MD5:!SSL1:!SSL2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!ADH-AES256-SHA:!ADH-AES128-SHA:!ADH-DES-CBC3-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!ADH-DES-CBC3-SHA:TLSv1
ssl_key = </opt/dovecot/etc/dovecot/conf.d/ssl/private/dovecot.pem
userdb {
args = uid=vmail gid=vmail home=/opt/imapdata/%1n/%n
driver = static
}
userdb {
args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = sql
}
userdb {
args = /opt/dovecot/etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = sql
}
verbose_ssl = yes
protocol lmtp {
info_log_path = /var/log/dovelmtp.log
mail_plugins = " sieve"
}
protocol lda {
info_log_path = /var/log/doveinfo.log
log_path = /var/log/dovelda.log
}
protocol imap {
imap_idle_notify_interval = 1 mins
imap_max_line_length = 64 k
mail_max_userip_connections = 5
}
/mf/home/jeep/shell/.signature
Am 29.04.2013 19:26, schrieb Jeff Lacki:> my postfix/master.cf entry: > > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient}with short look you mixed wrong with lda setup ? which may setup i.e like this dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient) i.e lmtp can be done like this /etc/postfix/main.cf virtual_transport = lmtp:unix:private/dovecot-lmtp /etc/dovecot/conf.d/10-master.conf service lmtp { vsz_limit = ... unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } process_min_avail = ... } Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Robert Schetterer <rs at sys4.de> wrote:> Am 29.04.2013 19:26, schrieb Jeff Lacki: > > my postfix/master.cf entry: > > > > dovecot unix - n n - - pipe > > flags=DRhu user=vmail:vmail argv=/opt/dovecot/libexec/dovecot/lmtp -f ${sender} -d ${recipient} > > with short look > you mixed wrong with lda setup ? > > which may setup i.e like this > > dovecot unix - n n - - pipe > flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -d > $(recipient) > > > i.e lmtp can be done like this > > /etc/postfix/main.cf > > virtual_transport = lmtp:unix:private/dovecot-lmtp > > /etc/dovecot/conf.d/10-master.conf > > service lmtp { > vsz_limit = ... > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > process_min_avail = ... > } > > > Best Regards > MfG Robert Schetterer >Thanks Robert, unfortunately I still get the same error after making those modifications. Any other suggestions? Thanks! /mf/home/jeep/shell/.signature
jeep at rahul.net (Jeff Lacki) wrote:> > Thanks Robert, unfortunately I still get the same error after > making those modifications. Any other suggestions? > > Thanks! > > /mf/home/jeep/shell/.signatureOk I changed the permissions on the directory: /opt/imapdata/j/jeff/INBOX to 777: total 20 drwxrwxrwx 2 postfix postfix 4096 Apr 29 17:46 ./ drwxr-xr-x 3 postfix postfix 4096 Apr 27 14:21 ../ -rw------- 1 2000 2000 8490 Apr 29 17:46 inbox I realize this isnt the most secure, but it is working. If anyone has the proper suggestion for me please let me know. I forgot to mention that the uid/gid are coming from the database. Thanks for any help, Jeff /mf/home/jeep/shell/.signature
Am 30.04.2013 02:48, schrieb Jeff Lacki:> jeep at rahul.net (Jeff Lacki) wrote: > >> >> Thanks Robert, unfortunately I still get the same error after >> making those modifications. Any other suggestions? >> >> Thanks! >> >> /mf/home/jeep/shell/.signature > > Ok I changed the permissions on the directory: > > /opt/imapdata/j/jeff/INBOX to 777: > > total 20 > drwxrwxrwx 2 postfix postfix 4096 Apr 29 17:46 ./ > drwxr-xr-x 3 postfix postfix 4096 Apr 27 14:21 ../ > -rw------- 1 2000 2000 8490 Apr 29 17:46 inbox > > I realize this isnt the most secure, but it is working. > > If anyone has the proper suggestion for me please let me know. > I forgot to mention that the uid/gid are coming from the database. > > Thanks for any help, > Jeff > > /mf/home/jeep/shell/.signature >depends what you wanna goal, you shouldnt use user postfix better create a seperate new user vmail group vmail in virtual setups Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein