dovecot - May 2021 - mail_crypt module and error with tmp directory

Il 03/05/21 10:42, Aki Tuomi ha scritto:
> 
>> On 03/05/2021 11:16 Fiorenza Meini <fmeini at esseweb.eu> wrote:
>>
>>   
>> Il 03/05/21 09:47, Aki Tuomi ha scritto:
>>>
>>>> On 03/05/2021 10:42 Fiorenza Meini <fmeini at esseweb.eu>
wrote:
>>>>
>>>>    
>>>> Hi,
>>>> I successfully enable mail_crypt module but I'm
experiencing a strange
>>>> behaviour with tmp directory while accessing with POP3
protocol:
>>>>
>>>> I see in log file:
>>>> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.)
failed:
>>>> Permission denied
>>>>
>>>> I changed tmp directory configuration (mail_temp_dir variable)
and
>>>> setting it with 777 permission, but the error is the same.
>>>>
>>>> On client side it's working everything, but I'd like to
understand the
>>>> error and if I have to be worried about it.
>>>>
>>>> Thank you and regards
>>>> Fiorenza
>>>>
>>>> -- 
>>>> Fiorenza Meini/Spazio Web
>>>>
>>>
>>> Are you by chance using selinux or apparmor there which could
prevent this? Also Dovecot's stock systemd unit prevenst you from writing
into random locations, /tmp should be fine though.
>>>
>>> Aki
>>>
>>
>> Hi,
>> I have apparmor installed on the machine, but even if stopped it the
>> problem didn't solved.
>>
>> I think dovecot's systemd unit file configuration is this
>> one:/usr/lib/tmpfiles.d/dovecot.conf
>>
>> It's content is this:
>> # Type Path                    Mode UID  GID     Age Argument
>> d      /var/run/dovecot/       0755 root root    -   -
>> d      /var/run/dovecot/login/ 0750 root dovecot -   -
>>
>> Should I insert here a line for /tmp directory ?
>>
>> Thank you and regards
>>
>> Fiorenza
> 
> I don't think you need to do that.
> 
> Also note that since you're using systemd, dovecot has PrivateTmp=yes,
which means that /tmp is actually /tmp/*service*dovecot*/tmp
> 
> Aki
> 
Hi,
thank you.
I can't see that directory under /tmp.... Is there a way to create it?

Regards
Fiorenza

> On 03/05/2021 11:53 Fiorenza Meini <fmeini at esseweb.eu> wrote:
> 
>  
> Il 03/05/21 10:42, Aki Tuomi ha scritto:
> > 
> >> On 03/05/2021 11:16 Fiorenza Meini <fmeini at esseweb.eu>
wrote:
> >>
> >>   
> >> Il 03/05/21 09:47, Aki Tuomi ha scritto:
> >>>
> >>>> On 03/05/2021 10:42 Fiorenza Meini <fmeini at
esseweb.eu> wrote:
> >>>>
> >>>>    
> >>>> Hi,
> >>>> I successfully enable mail_crypt module but I'm
experiencing a strange
> >>>> behaviour with tmp directory while accessing with POP3
protocol:
> >>>>
> >>>> I see in log file:
> >>>> Error: istream-seekable: safe_mkstemp(/tmp/dovecot.pop3.)
failed:
> >>>> Permission denied
> >>>>
> >>>> I changed tmp directory configuration (mail_temp_dir
variable) and
> >>>> setting it with 777 permission, but the error is the same.
> >>>>
> >>>> On client side it's working everything, but I'd
like to understand the
> >>>> error and if I have to be worried about it.
> >>>>
> >>>> Thank you and regards
> >>>> Fiorenza
> >>>>
> >>>> -- 
> >>>> Fiorenza Meini/Spazio Web
> >>>>
> >>>
> >>> Are you by chance using selinux or apparmor there which could
prevent this? Also Dovecot's stock systemd unit prevenst you from writing
into random locations, /tmp should be fine though.
> >>>
> >>> Aki
> >>>
> >>
> >> Hi,
> >> I have apparmor installed on the machine, but even if stopped it
the
> >> problem didn't solved.
> >>
> >> I think dovecot's systemd unit file configuration is this
> >> one:/usr/lib/tmpfiles.d/dovecot.conf
> >>
> >> It's content is this:
> >> # Type Path                    Mode UID  GID     Age Argument
> >> d      /var/run/dovecot/       0755 root root    -   -
> >> d      /var/run/dovecot/login/ 0750 root dovecot -   -
> >>
> >> Should I insert here a line for /tmp directory ?
> >>
> >> Thank you and regards
> >>
> >> Fiorenza
> > 
> > I don't think you need to do that.
> > 
> > Also note that since you're using systemd, dovecot has
PrivateTmp=yes, which means that /tmp is actually /tmp/*service*dovecot*/tmp
> > 
> > Aki
> > 
> 
> Hi,
> thank you.
> I can't see that directory under /tmp.... Is there a way to create it?
> 
> Regards
> Fiorenza
Depends a lot on your setup. I see I got the mask wrong, it's really

 /tmp/*systemd*dovecot*/tmp

Aki