Hi John, On Sun, Feb 03, 2019 at 09:56:38AM +0100, John Fawcett wrote:> On 01/02/2019 13:39, Ervin Heged?s wrote: > > I'ld try to set up the managesieve (for RoundCube) - the sieve is > > works as well with dovecot (I mean my filters works perfectly). > > > > When I would try to connect to managesieve, I got an error, and > > mail.err contains: > > > > dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) > > > > Also I got it when I try to connect to port 4190 at localhost > > (with telnet), and send the generated AUTH string (with > > sieve-auth-command.pl).> it can often help if you give versions of the dovecot and pigeonhole as > well as posting the config (dovecot -n) since people may be able to spot > configuration errors.sorry, you're right, I forgot it :( # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 ext4 auth_mechanisms = plain login mail_location = maildir:/var/spool/postfix/virtual/%d/%n mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { args = /etc/dovecot/dovecot-sql.conf quota = maildir:User quota quota_rule = *:storage=500M quota_rule2 = Trash:storage=+50M quota_rule3 = spam:ignore sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = quota sieve } protocol imap { mail_max_userip_connections = 20 mail_plugin_dir = /usr/lib/dovecot/modules mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota }> It may be an obvious thing, but do you have a vmail group in /etc/group?sure, # getent group | grep vmail daemon:x:1:vmail vmail:x:5000:vmail thanks, a.
On 2/3/19 2:09 PM, Heged?s Ervin wrote:> Hi John, > > On Sun, Feb 03, 2019 at 09:56:38AM +0100, John Fawcett wrote: >> On 01/02/2019 13:39, Ervin Heged?s wrote: >>> I'ld try to set up the managesieve (for RoundCube) - the sieve is >>> works as well with dovecot (I mean my filters works perfectly). >>> >>> When I would try to connect to managesieve, I got an error, and >>> mail.err contains: >>> >>> dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) >>> >>> Also I got it when I try to connect to port 4190 at localhost >>> (with telnet), and send the generated AUTH string (with >>> sieve-auth-command.pl). >> it can often help if you give versions of the dovecot and pigeonhole as >> well as posting the config (dovecot -n) since people may be able to spot >> configuration errors. > sorry, you're right, I forgot it :( > > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-4-amd64 x86_64 ext4 > auth_mechanisms = plain login > mail_location = maildir:/var/spool/postfix/virtual/%d/%n > mail_privileged_group = vmail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave > namespace inbox { > inbox = yes > location = mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > args = /etc/dovecot/dovecot-sql.conf > quota = maildir:User quota > quota_rule = *:storage=500M > quota_rule2 = Trash:storage=+50M > quota_rule3 = spam:ignore > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > } > protocols = imap pop3 lmtp sieve > service auth-worker { > user = vmail > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > mode = 0600 > user = vmail > } > user = dovecot > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > ssl_cert = </etc/dovecot/dovecot.pem > ssl_key = </etc/dovecot/private/dovecot.pem > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = sieve > } > protocol lda { > mail_plugins = quota sieve > } > protocol imap { > mail_max_userip_connections = 20 > mail_plugin_dir = /usr/lib/dovecot/modules > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > } > > >> It may be an obvious thing, but do you have a vmail group in /etc/group? > sure, > > # getent group | grep vmail > daemon:x:1:vmail > vmail:x:5000:vmail > > > thanks, > > > > a. >Checking further, the managesieve-login process is chrooted by default. I wonder if it can then read /etc/group. Are you using mail_privileged_group because of the permissions on your mail storage directories would not otherwise allow them to be accessed? If not you could try to just set mail_privileged_group to blank and restart dovecot. John
Hi John, On Sun, Feb 03, 2019 at 04:44:44PM +0100, John wrote:> > On 2/3/19 2:09 PM, Heged?s Ervin wrote: > >Hi John, > > > >On Sun, Feb 03, 2019 at 09:56:38AM +0100, John Fawcett wrote: > >>On 01/02/2019 13:39, Ervin Heged?s wrote: > >>>I'ld try to set up the managesieve (for RoundCube) - the sieve is > >>>works as well with dovecot (I mean my filters works perfectly). > >>> > >>>When I would try to connect to managesieve, I got an error, and > >>>mail.err contains: > >>> > >>>dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) > >>> > >>>Also I got it when I try to connect to port 4190 at localhost > >>>(with telnet), and send the generated AUTH string (with > >>>sieve-auth-command.pl). > >>it can often help if you give versions of the dovecot and pigeonhole as > >>well as posting the config (dovecot -n) since people may be able to spot > >>configuration errors. > >sorry, you're right, I forgot it :( > > > ># 2.2.13: /etc/dovecot/dovecot.conf > ># OS: Linux 3.16.0-4-amd64 x86_64 ext4thanks for your detailed message,> Checking further, the managesieve-login process is chrooted by default.yes, I read it - but is there any way (and meaning) to configure it for not-chroot?> I > wonder if it can then read /etc/group. Are you using mail_privileged_group > because of the permissions on your mail storage directories would not > otherwise allow them to be accessed?yes... I guess :)> If not you could try to just set > mail_privileged_group to blank and restart dovecot.I leave it blank, restarted Dovecot, and now it works as well. Thanks again for your help. a.