Ernest Deak
2015-Jul-03 12:12 UTC
Dovecot LMTP tries to access a directory of a different user, than the one it actually changed to.
Hello, I encountered a problem when trying to send an email to multiple recipients. === LOG == ... cut ... Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: none: root=, index=, control=, inboxJul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Connect from local Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: Loading modules from directory: /usr/lib64/dovecot Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: auth input: han.solo system_groups_user=han.solo uid=805 gid=800 home=/home/han.solo Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: auth input: tester system_groups_user=tester uid=802 gid=800 home=/home/tester Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Debug: auth input: vader system_groups_user=vader uid=804 gid=800 home=/home/vader Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): Debug: Effective uid=805, gid=800, home=/home/han.solo Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): Debug: fs: root=/home/han.solo/mail, index=, control=, inbox=/var/mail/han.solo Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user's script path /home/han.solo/.dovecot.sieve doesn't exist (using global script path in stead) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user has no valid personal script Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: no scripts to execute: reverting to default delivery. Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, han.solo): 70NxN1FlllUqXgAA0vrzwA: msgid=<55966551.IfKOMu/T0WTB9M5x%vader at dhcp90.#####>: saved mail to INBOX Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Debug: Effective uid=802, gid=800, home=/home/tester Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Debug: fs: root=/home/tester/mail, index=, control=, inbox=/var/mail/tester Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user's script path /home/tester/.dovecot.sieve doesn't exist (using global script path in stead) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user has no valid personal script Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: no scripts to execute: reverting to default delivery. Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: stat(/home/han.solo/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=802(tester) egid=800(kerber) missing +x perm: /home/han.solo, euid is not dir owner) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: open(/home/han.solo/mail/.imap/INBOX/dovecot.index) failed: Permission denied (euid=802(tester) egid=800(kerber) missing +x perm: /home/han.solo, euid is not dir owner) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): 70NxN1FlllUqXgAA0vrzwA: msgid=<55966551.IfKOMu/T0WTB9M5x%vader at dhcp90.#####>: save failed to INBOX: BUG: Unknown internal error Jul 3 12:34:57 dhcp90 sendmail[24121]: t63AYvn5024116: to=<tester at dhcp90.#####>, ctladdr=<vader at dhcp90.#####> (804/800), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=91062, relay=localhost, dsn=4.2.0, stat=Deferred: 451 4.2.0 <tester> BUG: Unknown internal error Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Debug: Effective uid=804, gid=800, home=/home/vader Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Debug: fs: root=/home/vader/mail, index=, control=, inbox=/var/mail/vader Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user's script path /home/vader/.dovecot.sieve doesn't exist (using global script path in stead) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: user has no valid personal script Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Debug: 70NxN1FlllUqXgAA0vrzwA: sieve: no scripts to execute: reverting to default delivery. Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Error: stat(/home/han.solo/mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=804(vader) egid=800(kerber) missing +x perm: /home/han.solo, euid is not dir owner) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): Error: open(/home/han.solo/mail/.imap/INBOX/dovecot.index) failed: Permission denied (euid=804(vader) egid=800(kerber) missing +x perm: /home/han.solo, euid is not dir owner) Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, vader): 70NxN1FlllUqXgAA0vrzwA: msgid=<55966551.IfKOMu/T0WTB9M5x%vader at dhcp90.#####>: save failed to INBOX: BUG: Unknown internal error Jul 3 12:34:57 dhcp90 sendmail[24121]: t63AYvn5024116: to=<vader at dhcp90.#####>, ctladdr=<vader at dhcp90.#####> (804/800), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=91062, relay=localhost, dsn=4.2.0, stat=Deferred: 451 4.2.0 <vader> BUG: Unknown internal error Jul 3 12:34:57 dhcp90 sendmail[24121]: t63AYvn5024116: to=<han.solo at dhcp90.#####>, ctladdr=<vader at dhcp90.#####> (804/800), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=91062, relay=localhost, dsn=2.0.0, stat=Sent Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106): Disconnect from local: Client quit ========== The setup is as follows: All users have /bin/false instead of a shell. Each user has a unique UID but they all have 1 GID (800) My MTA is sendmail I am using dovecot-lmtp for local delivery Mailbox format is mbox Configured managesieve plugin to listen on 4190. (not sure if this is even related but it might) The problem I see is that lmtp(user1) tries to access the home directory /home/user2 and I cannot figure out the reason why. This only happens when sending mails to multiple recipients. I see the that lmtp complains that it doesn't have execute permissions. But I don't want to place execute permissions for others on the entire /home/* dir structure. Also, 700 are the default creation permissions. So new users would have to be chmod'ed manually. (unless there is a setting in dovecot) I used "mailx" to send a test email to multiple recipients `echo "test message" | mailx -s "subject" -r vader at dhcp90.##### han.solo at dhcp90.##### vader at dhcp90.##### tester at dhcp90.#####` The only one who actually receives the message is han.solo at dhcp90.##### and The same happens with aliases in /etc/aliases. `echo "group test" | mailx -s "subject" -r vader at dhcp90.##### grouplist at dhcp90.#####` "grouplist" is defined in /etc/aliases and contains the same users as in the log Any help with this is greatly appreciated. Here is my dovecot configuration: === `dovecot -n` ==# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) auth_debug = yes auth_mechanisms = plain login disable_plaintext_auth = no lda_mailbox_autocreate = yes mail_debug = yes mail_full_filesystem_access = yes mail_gid = mail mail_location = mbox:~/mail:INBOX=/var/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service lmtp { client_limit = 1 executable = /usr/libexec/dovecot/lmtp -L inet_listener lmtp { address = 127.0.0.1 ::1 port = 24 } process_min_avail = 1 } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } protocol lmtp { mail_plugins = " sieve" postmaster_address = postmaster } ==============`rpm -qa | grep dovecot` dovecot-pigeonhole-2.0.9-8.el6_6.4.x86_64 dovecot-2.0.9-8.el6_6.4.x86_64 Thanks in advance. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4249 bytes Desc: S/MIME Cryptographic Signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150703/7ad78227/attachment-0001.p7s>
Steffen Kaiser
2015-Jul-03 13:09 UTC
Dovecot LMTP tries to access a directory of a different user, than the one it actually changed to.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 3 Jul 2015, Ernest Deak wrote:> Hello, I encountered a problem when trying to send an email to multiple > recipients.> Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: > stat(/home/han.solo/mail/.imap/INBOX/dovecot.index.log) failed: Permission > denied (euid=802(tester) egid=800(kerber) missing +x perm: /home/han.solo, > euid is not dir owner) > Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: > open(/home/han.solo/mail/.imap/INBOX/dovecot.index) failed: Permission denied > (euid=802(tester) egid=800(kerber) missing +x perm: /home/han.solo, euid is > not dir owner) > Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): 70NxN1FlllUqXgAA0vrzwA: > msgid=<55966551.IfKOMu/T0WTB9M5x%vader at dhcp90.#####>: save failed to > INBOX: BUG: Unknown internal error> My MTA is sendmail > I am using dovecot-lmtp for local delivery > Mailbox format is mbox > Configured managesieve plugin to listen on 4190. (not sure if this is even > related but it might) > > The problem I see is that lmtp(user1) tries to access the home directory > /home/user2 and I cannot figure out the reason why. > This only happens when sending mails to multiple recipients.> I see the that lmtp complains that it doesn't have execute permissions. But I > don't want to place execute permissions for others on the entire /home/* dir > structure.as far as I remember there had been (or is) a bug in Dovecot, that privilegues are not changed correctly when delivering to another user. If that's the case, limit the number of recipients per LMTP message to 1, see r= field in mailer definition in op.me. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVZaJdHz1H7kL/d9rAQJrBAf/XYV/Pma3MEyZsyk90g/llcRbXK4kn84J IopHII8l82XPGZKBsaaEp3hkNn+hKkNxwPpLXD57Ny5rM9fAZkYrvW/ZPBZ6pFoQ htMF5VXkpZ9i99ftCMGo4KmpbJC1cpmnTluxJvKclgjzwRLWfCdhuRH51YnAhinM 8dItrRyrv/5H0T8HeIQi9QSQPdquCiuY8RVQvos+6dClb3XEKAjyRwmjs0SRgoI2 Zqewwls6UbaXbgDqA+2umySRjHh8lQsIWg4DFcSigH3vE7XuYdruphbsHdY7Ssib nT/l3WhrjjdXEoAzTPZgmorzP7/e/NM9rYZxNxgopht4YDBPX1/CYA==JYrh -----END PGP SIGNATURE-----
Arkadiusz MiĆkiewicz
2015-Jul-03 22:01 UTC
Dovecot LMTP tries to access a directory of a different user, than the one it actually changed to.
On Friday 03 of July 2015, Ernest Deak wrote:> Hello, I encountered a problem when trying to send an email to multiple > recipients.That bug exists for some time http://www.dovecot.org/list/dovecot/2014-September/097688.html but no solution exists and I think no one actually tried to fix it. (no solution beside already mentioned ugly workaround with limiting to 1 recipient per lmtp session) -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )
Ernest Deak
2015-Jul-06 07:20 UTC
Dovecot LMTP tries to access a directory of a different user, than the one it actually changed to.
Adding r= field into the Mlocal definition of sendmail.cf worked out. However, I dug around the documentation and found a macro one can define to achieve this without having to mess around with the .cf file. I am adding this here for anyone who might encounter the same problem. In an .mc file, you can write: define(`LOCAL_MAILER_MAXRCPTS',`1') To achieve the same effect. Thanks to all for the hints. On 03.07.2015 15:09, Steffen Kaiser wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 3 Jul 2015, Ernest Deak wrote: > >> Hello, I encountered a problem when trying to send an email to >> multiple recipients. > >> Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: >> stat(/home/han.solo/mail/.imap/INBOX/dovecot.index.log) failed: >> Permission denied (euid=802(tester) egid=800(kerber) missing +x perm: >> /home/han.solo, euid is not dir owner) >> Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): Error: >> open(/home/han.solo/mail/.imap/INBOX/dovecot.index) failed: >> Permission denied (euid=802(tester) egid=800(kerber) missing +x perm: >> /home/han.solo, euid is not dir owner) >> Jul 3 12:34:57 dhcp90 dovecot: lmtp(24106, tester): >> 70NxN1FlllUqXgAA0vrzwA: msgid=<55966551.IfKOMu/T0WTB9M5x%vader at >> dhcp90.#####>: save failed to INBOX: BUG: Unknown internal error > >> My MTA is sendmail >> I am using dovecot-lmtp for local delivery >> Mailbox format is mbox >> Configured managesieve plugin to listen on 4190. (not sure if this is >> even related but it might) >> >> The problem I see is that lmtp(user1) tries to access the home >> directory /home/user2 and I cannot figure out the reason why. >> This only happens when sending mails to multiple recipients. > >> I see the that lmtp complains that it doesn't have execute >> permissions. But I don't want to place execute permissions for others >> on the entire /home/* dir structure. > > as far as I remember there had been (or is) a bug in Dovecot, that > privilegues are not changed correctly when delivering to another user. > If that's the case, limit the number of recipients per LMTP message to > 1, see r= field in mailer definition in op.me. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVZaJdHz1H7kL/d9rAQJrBAf/XYV/Pma3MEyZsyk90g/llcRbXK4kn84J > IopHII8l82XPGZKBsaaEp3hkNn+hKkNxwPpLXD57Ny5rM9fAZkYrvW/ZPBZ6pFoQ > htMF5VXkpZ9i99ftCMGo4KmpbJC1cpmnTluxJvKclgjzwRLWfCdhuRH51YnAhinM > 8dItrRyrv/5H0T8HeIQi9QSQPdquCiuY8RVQvos+6dClb3XEKAjyRwmjs0SRgoI2 > Zqewwls6UbaXbgDqA+2umySRjHh8lQsIWg4DFcSigH3vE7XuYdruphbsHdY7Ssib > nT/l3WhrjjdXEoAzTPZgmorzP7/e/NM9rYZxNxgopht4YDBPX1/CYA=> =JYrh > -----END PGP SIGNATURE------------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4249 bytes Desc: S/MIME Cryptographic Signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150706/293f7179/attachment.p7s>