Thank you Jo?o! I too am concerned if this is a risky configuration. My understanding is that the list indexes are not critical and that is why the recommendation in an NFS environment is to place just those and the lock files in memory. Other index files are on permanent storage: [doug at mailserverdev doug]$ find ./ -name *index* ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.cache ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.log ./mail/storage/dovecot.map.index.log.2 ./mail/storage/dovecot.map.index ./mail/storage/dovecot.map.index.log Should I still be concerned? Doug On 3/25/2022 11:46 AM, Jo?o Silva wrote:> > I'm not sure about that configuration. > > I have seen huge index cache files for users with lots of mail, > putting those in memory may be a risk. > > > On 25/03/2022 14:56, doug wrote: >> Hi, >> >> Environment: Dovecot? 2.3.18 running on CentOS 7, mdbox, LDAP users >> >> I'm in the process of moving my mailboxes to NFS and moving with lock >> and index files in temp storage following instructions from >> https://doc.dovecot.org/configuration_manual/nfs. >> >> I set mail_location as: >> >> mail_location >> mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index >> >> What I discovered is /dev/shm/dovecot is created by the initial user >> who accesses their mail from a client, and with permissions 700.? >> This prevents subsequent users from creating their own index and lock >> files. >> >> # ls -l /dev/shm/dovecot >> total 0 >> drwx------ 2 mary users 60 Mar 25 10:00 mary >> >> Sample error message from maillog during mail delivery and from a >> dsync script. >> >> Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) >> >> dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) >> >> I couldn't locate documentation or discussions on how to set the >> ownership or permissions for /dev/shm/dovecot in the Dovecot >> configuration files. >> >> As a hack, I added this to /usr/libexec/dovecot/prestartscript. >> >> ! [[ -d? /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot >> chown dovecot:users /dev/shm/dovecot >> chmod 770 /dev/shm/dovecot >> >> This solved the problem, but left me wondering if I missed something >> obvious or if I am setting myself up for a problem later on, like >> with a Dovecot version upgrade. I could run these commands at bootup >> out of rc.local or a systemd script rather than customizing a Dovecot >> provided script. >> >> Is there a appropriate way of doing this that I missed? >> >> TIA, >> Doug-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/a1b34b0f/attachment-0001.htm>
In that case things can be more peacefull. I once had the mail in a NFS storage and was told to move to local storage because of speed issues. Really don't know if the .cache and .log should be put in a fast local storage to speed up things. On 25/03/2022 16:40, doug wrote:> Thank you Jo?o! I too am concerned if this is a risky configuration. > My understanding is that the list indexes are not critical and that is > why the recommendation in an NFS environment is to place just those > and the lock files in memory. Other index files are on permanent storage: > > [doug at mailserverdev doug]$ find ./ -name *index* > ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.cache > ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.log > ./mail/storage/dovecot.map.index.log.2 > ./mail/storage/dovecot.map.index > ./mail/storage/dovecot.map.index.log > > Should I still be concerned? > > Doug > > On 3/25/2022 11:46 AM, Jo?o Silva wrote: >> >> I'm not sure about that configuration. >> >> I have seen huge index cache files for users with lots of mail, >> putting those in memory may be a risk. >> >> >> On 25/03/2022 14:56, doug wrote: >>> Hi, >>> >>> Environment: Dovecot? 2.3.18 running on CentOS 7, mdbox, LDAP users >>> >>> I'm in the process of moving my mailboxes to NFS and moving with >>> lock and index files in temp storage following instructions from >>> https://doc.dovecot.org/configuration_manual/nfs. >>> >>> I set mail_location as: >>> >>> mail_location >>> mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index >>> >>> What I discovered is /dev/shm/dovecot is created by the initial user >>> who accesses their mail from a client, and with permissions 700.? >>> This prevents subsequent users from creating their own index and >>> lock files. >>> >>> # ls -l /dev/shm/dovecot >>> total 0 >>> drwx------ 2 mary users 60 Mar 25 10:00 mary >>> >>> Sample error message from maillog during mail delivery and from a >>> dsync script. >>> >>> Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) >>> >>> dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) >>> >>> I couldn't locate documentation or discussions on how to set the >>> ownership or permissions for /dev/shm/dovecot in the Dovecot >>> configuration files. >>> >>> As a hack, I added this to /usr/libexec/dovecot/prestartscript. >>> >>> ! [[ -d? /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot >>> chown dovecot:users /dev/shm/dovecot >>> chmod 770 /dev/shm/dovecot >>> >>> This solved the problem, but left me wondering if I missed something >>> obvious or if I am setting myself up for a problem later on, like >>> with a Dovecot version upgrade. I could run these commands at bootup >>> out of rc.local or a systemd script rather than customizing a >>> Dovecot provided script. >>> >>> Is there a appropriate way of doing this that I missed? >>> >>> TIA, >>> Doug >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/89a37cd9/attachment.htm>
Hi! Dovecot uses permissions from mail user storage folder and in absence of that, the parent folder. Your pre-start script looks good. If your NFS is fast enough, it's ok to keep .cache and .log in NFS. Aki> On 25/03/2022 18:57 Jo?o Silva <joaopfmlist at lipc.fis.uc.pt> wrote: > > > In that case things can be more peacefull. > I once had the mail in a NFS storage and was told to move to local storage because of speed issues. > Really don't know if the .cache and .log should be put in a fast local storage to speed up things. > > On 25/03/2022 16:40, doug wrote: > > > Thank youJo?o! I too am concerned if this is a risky configuration. My understanding is that the list indexes are not critical and that is why the recommendation in an NFS environment is to place just those and the lock files in memory. Other index files are on permanent storage: > > > > [doug at mailserverdev doug]$ find ./ -name *index* > > ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.cache > > ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.log > > ./mail/storage/dovecot.map.index.log.2 > > ./mail/storage/dovecot.map.index > > ./mail/storage/dovecot.map.index.log > > > > Should I still be concerned? > > > > Doug > > > > > > On 3/25/2022 11:46 AM, Jo?o Silva wrote: > > > > > I'm not sure about that configuration. > > > > > > I have seen huge index cache files for users with lots of mail, putting those in memory may be a risk. > > > > > > > > > On 25/03/2022 14:56, doug wrote: > > > > > > > Hi, > > > > > > > > Environment: Dovecot 2.3.18 running on CentOS 7, mdbox, LDAP users > > > > > > > > I'm in the process of moving my mailboxes to NFS and moving with lock and index files in temp storage following instructions from https://doc.dovecot.org/configuration_manual/nfs. > > > > > > > > I set mail_location as: > > > > > > > > > mail_location = mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index > > > > > > > > > What I discovered is /dev/shm/dovecot is created by the initial user who accesses their mail from a client, and with permissions 700. This prevents subsequent users from creating their own index and lock files. > > > > > > > > > # ls -l /dev/shm/dovecot > > > > > total 0 > > > > > drwx------ 2 mary users 60 Mar 25 10:00 mary > > > > > > > > > > > > > > Sample error message from maillog during mail delivery and from a dsync script. > > > > > Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) > > > > > > > > > > dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700) > > > > > > > > > > > > > > I couldn't locate documentation or discussions on how to set the ownership or permissions for /dev/shm/dovecot in the Dovecot configuration files. > > > > > > > > As a hack, I added this to /usr/libexec/dovecot/prestartscript. > > > > > > > > > ! [[ -d /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot > > > > > chown dovecot:users /dev/shm/dovecot > > > > > chmod 770 /dev/shm/dovecot > > > > This solved the problem, but left me wondering if I missed something obvious or if I am setting myself up for a problem later on, like with a Dovecot version upgrade.I could run these commands at bootup out of rc.local or a systemd script rather than customizing a Dovecot provided script. > > > > > > > > Is there a appropriate way of doing this that I missed? > > > > > > > > TIA, > > > > Doug > > > > > > > >