dovecot - Nov 2014 - Dovecot-lda permission errors or maybe authentication errors?

I am a new dovecot user who recently transitioned my old mailserver to a new
CentOS/Postfix/Dovecot system.  I am running a simple configuration with
about a dozen system users and Maildir folders.  The e-mail setup seems to
be running fine when I use the default local-delivery-agent in Postfix.
However, I am trying to use the dovecot-lda instead so I can take advantage
of the sieve functionality.  

 

I have tried to specify the dovecot-lda in two ways.  First, in the
/etc/postfix/main.cf file:

 

mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a
"$RECIPIENT"

 

or alternatively, I leave the mailbox_command blank and specify the
following in the .forward file of a test user:

 

| "/usr/libexec/dovecot/dovecot-lda"

 

Either approach gives me the same error(s).  When a mail message is sent to
the test user USER1, the following errors appear in the dovecot-lda error
file:

 

Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission
denied (euid=524(user1) egid=524(user1) stat() failed: No such file or
directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error:
chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
Error: user user1: Initialization failed: Namespace 'INBOX.':
stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
egid=524(user1) stat() failed: No such file or directory, euid is not dir
owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to
server log for more information.

Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission
denied (euid=524(user1) egid=524(user1) stat() failed: No such file or
directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error:
chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
Error: user user1: Initialization failed: Namespace 'INBOX.':
stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
egid=524(user1) stat() failed: No such file or directory, euid is not dir
owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to
server log for more information.

 

At first, I interpreted this to mean the file permissions were not set
correctly on the home directory or the Maildir folder.  However, I have
opened these up to full rwx access for everyone and I still get the same
errors.  Alternatively, perhaps this is related somehow to the dovecot-lda
authentication process via the password or user databases, but I can't make
any sense of the documentation.

 

Can anyone suggest what might be wrong or how to better diagnose?

 

For reference, I am running dovecot version 2.0.9.

 

The dovecot-lda process also outputs the following messages (not errors)
when a test message is sent to the USER1 account:

 

Nov 04 08:47:29 lda: Debug: Loading modules from directory:
/usr/lib64/dovecot Nov 04 08:47:29 lda: Debug: Module loaded:
/usr/lib64/dovecot/lib90_sieve_plugin.so

Nov 04 08:47:29 lda(user1): Debug: Effective uid=524, gid=524,
home=/home/user1 Nov 04 08:47:29 lda(user1): Debug: Namespace :
type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:~/Maildir Nov 04 08:47:29 lda(user1):
Debug: maildir++: root=/home/user1/Maildir, index=, control=,
inbox=/home/user1/Maildir Nov 04 08:47:29 lda: Debug: Loading modules from
directory: /usr/lib64/dovecot Nov 04 08:47:29 lda: Debug: Module loaded:
/usr/lib64/dovecot/lib90_sieve_plugin.so

Nov 04 08:47:29 lda(user1): Debug: Effective uid=524, gid=524,
home=/home/user1 Nov 04 08:47:29 lda(user1): Debug: Namespace :
type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:~/Maildir Nov 04 08:47:29 lda(user1):
Debug: maildir++: root=/home/user1/Maildir, index=, control=,
inbox=/home/user1/Maildir

 

The output of dovecot -n is:

 

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final)
auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login
disable_plaintext_auth = no login_trusted_networks = 71.xx.xx.xx 71.xx.xx.xy
71.xx.xx.xz 71.xx.xx.yx mail_debug = yes mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto managesieve_sieve_capability fileinto
reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date mbox_write_locks = fcntl
namespace {

  inbox = yes

  location 
  prefix = INBOX.

  separator = .

}

passdb {

  driver = pam

}

plugin {

  sieve = ~/.dovecot.sieve

  sieve_dir = ~/sieve

  sieve_global_dir = home/sieve

  sieve_max_script_size = 1M

}

protocols = imap lmtp sieve

service auth {

  unix_listener /var/spool/postfix/private/auth {

    group = postfix

    mode = 0660

    user = postfix

  }

}

service managesieve-login {

  inet_listener sieve {

    port = 4190

  }

}

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

ssl_key = </etc/pki/dovecot/private/dovecot.pem

userdb {

  driver = passwd

}

protocol lda {

  info_log_path = /var/log/dovecot-lda.log

  log_path = /var/log/dovecot-lda-errors.log

  mail_plugins = sieve

  postmaster_address = postmaster at xxxxxxx.com }

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 4 Nov 2014, Robert Kryger wrote:
> I have tried to specify the dovecot-lda in two ways.  First, in the
> /etc/postfix/main.cf file:
>
> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER"
-a
> "$RECIPIENT"
>
> or alternatively, I leave the mailbox_command blank and specify the
> following in the .forward file of a test user:
>
> | "/usr/libexec/dovecot/dovecot-lda"
>
> Either approach gives me the same error(s).  When a mail message is sent to
> the test user USER1, the following errors appear in the dovecot-lda error
> file:
>
> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission
> denied (euid=524(user1) egid=524(user1) stat() failed: No such file or
> directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error:
> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
> Error: user user1: Initialization failed: Namespace 'INBOX.':
> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
> egid=524(user1) stat() failed: No such file or directory, euid is not dir
> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to
> server log for more information.
>
> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed: Permission
> denied (euid=524(user1) egid=524(user1) stat() failed: No such file or
> directory, euid is not dir owner) Nov 04 08:47:29 lda(user1): Error:
> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
> Error: user user1: Initialization failed: Namespace 'INBOX.':
> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
> egid=524(user1) stat() failed: No such file or directory, euid is not dir
> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings. Refer to
> server log for more information.
>
> At first, I interpreted this to mean the file permissions were not set
> correctly on the home directory or the Maildir folder.  However, I have
> opened these up to full rwx access for everyone and I still get the same
> errors.  Alternatively, perhaps this is related somehow to the dovecot-lda
> authentication process via the password or user databases, but I can't
make
> any sense of the documentation.
What's the output of:

ls -nal /home/user1

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa
rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE
JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+
qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83
rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO
jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg==YsBN
-----END PGP SIGNATURE-----