Frank
2014-Jan-27 06:57 UTC
[Dovecot] post-login scripting failing with "denied access to user" v2.1.7
I am trying to have a default sieve rule for new mailboxes that can be
edited by users using the round cube sieve plugin.
It would actually be better executed when a new user is created but my
postfixadmin runs on a separate machine so that's a bit tricky.
The "sieve-default =" setting won't quite achieve what I want as I
want users to be able to edit the default rule (to adjust SPAM level)
Mail works fine before I add my post-login script to
10-master.conf
----------------------
service imap {
# tell imap to do post-login lookup using a socket called
"imap-postlogin"
executable = imap imap-postlogin
}
service imap-postlogin {
# all post-login scripts are executed via script-login binary
executable = script-login /etc/dovecot/custom_sieve/postlogin.sh
# the script process runs as the user specified here (v2.0.14+):
user = mail # also tried $default_internal_user and root
# this UNIX socket listener must use the same name as given to imap
executable
unix_listener imap-postlogin {
}
}
After adding this setting, login fails and gives the error below.
It certainly looks like a permission issue, but I have checked my script is
executable and owned by vmail:vmail. The bash script executes fine as the mail
user.
The other possibility is that dovecot is denying access to the $HOME variable,
but that seems unlikely.
Nevertheless, I am stuck!
Log shows:
------------------
dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled)
dovecot: auth-worker(17522): mysql(database1): Connected to database
postfixadmin
dovecot: imap-login: Login: user=<test2 at fqdn.net>, method=PLAIN,
rip=10.0.3.120, lip=10.0.1.180, mpid=17524, TLS, session=<+blqxxxxxxxxxM>
dovecot: imap(test2 at fqdn.net): Post-login script denied access to user test2
at fqdn.net
BASH script: /etc/dovecot/custom_sieve/postlogin.sh
--------------------------------------------------
#!/bin/sh
if [ ! -f $HOME/dovecot.sieve ] # if file doesn't exist
then
mkdir -p $HOME/sieve
cp /etc/dovecot/custom_sieve/default.sieve $HOME/sieve/managesieve.sieve
ln -s $HOME/sieve/managesieve.sieve $HOME/dovecot.sieve
fi
DEFAULT SIEVE RULE: /etc/dovecot/custom_sieve/default.sieve
-----------------------------------
require ["fileinto"];
# rule:[SPAM]
if header :contains "X-Spam-Level" "**********"
{
fileinto "Junk";
}
Config
======
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.3 ext4
dict {
sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf
sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf
}
mail_location =
maildir:/home/vmail/%d/%n/Maildir:INDEX=/home/vmail/%d/%n/Maildir/indexes
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix }
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = dict:User Quota::proxy::sqluserquota
quota_rule2 = Trash:storage=+100M
sieve = ~/../.dovecot.sieve
sieve_dir = ~/../sieve
}
protocols = " imap sieve pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
service imap-postlogin {
executable = script-login /var/spool/mail/postlogin.sh
user = vmail
}
service imap {
executable = imap imap-postlogin
}
ssl_cert = </etc/ssl/mailserver/mailserver.pem
ssl_key = </etc/ssl/mailserver/private/mailserver_dcp.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
mail_plugins = " quota sieve"
postmaster_address = hidden at fqdn.net
}
protocol imap {
mail_plugins = " quota imap_quota"
}
Daniel Parthey
2014-Jan-27 17:10 UTC
[Dovecot] post-login scripting failing with "denied access to user" v2.1.7
Hi Frank, Am 27.01.2014 07:57, schrieb Frank: > After adding this setting, login fails and gives the error below. > It certainly looks like a permission issue, but I have checked my script is executable and owned by vmail:vmail. The bash script executes fine as the mail user. > The other possibility is that dovecot is denying access to the $HOME variable, but that seems unlikely. > Nevertheless, I am stuck! > > Log shows: > ------------------ > dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) > dovecot: auth-worker(17522): mysql(database1): Connected to database postfixadmin > dovecot: imap-login: Login: user=<test2 at fqdn.net>, method=PLAIN, rip=10.0.3.120, lip=10.0.1.180, mpid=17524, TLS, session=<+blqxxxxxxxxxM> > dovecot: imap(test2 at fqdn.net): Post-login script denied access to user test2 at fqdn.net http://wiki2.dovecot.org/PostLoginScripting You need to hand over the connection to the original imap handler, your script may not simple exit, but needs to exec its argument line: exec "$@" Kind regards Daniel -- Dipl.-Inf. Daniel Parthey System Engineer Metaways Infosystems GmbH Pickhuben 2, D-20457 Hamburg E-Mail: d.parthey at metaways.de Web: http://www.metaways.de Metaways Infosystems GmbH - Sitz: D-22967 Tremsb?ttel Handelsregister: Amtsgericht L?beck HRB 4508 AH Gesch?ftsf?hrung: Hermann Thaele, L?der-H.Thaele