search for: mail_extra_groups

mail_extra_groups=mail setting is often used insecurely to give Dovecot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared. If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following (in the prefer...

mail_extra_groups=mail setting is often used insecurely to give Dovecot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared. If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following (in the prefer...

"Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead" I use the following: mail_extra_groups = mail nogroup Because I have the real and virtual accounts. What's the correct way to replace the above line? It seems that mai...

I have just upgraded from 1.0.7 to 1.0.13. I read the comments in the example .conf file and it seemed what I needed to enable dotlock access to mailboxes in /var/spool/mail (writable by 'mail' group) was "mail_privileged_group = mail" so I removed the "mail_extra_groups = mail" that I had in 1.0.7 and added "mail_privileged_group = mail", but I got errors like the following: May 6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed with mbox file /var/spool/mail/xxx: Permission denied May 6 12:48:54 sbh16 dovecot: POP3(xxx): Couldn'...

...ug). In short, when Dovecot hits the /home/domain directory which is owned by domain:domain and set to 750 permissions, it gets a permission denied, despite the user having the needed group membership to traverse these directories. So, in an effort to work around this problem, I came upon the mail_extra_groups option, which seems to allow me to drop dovecot into additional groups. If I add the domain group to this list, dovecot is able to traverse to the correct directory and all works exactly as I want it to with the domain directories being set to 750 permissions. Hooray! My only question, since...

...permissions are made buy the command chmod a+rwxt /var/spool/mail. So if someone wants to erase the /var/spool/mail directory, it's possible unfortunately. If there are theses permissions the user can receive his mails but it's dangerous I think. And if I modify the dovecot.conf file : mail_extra_groups = mail and if the permissions are the initial permission, and if I enter chmod +t /var/spool/mail the user can't receive his mail. Thanks Frederic

I'm trying to replace procmail with deliver but I'm having problems with the group part of things. I keep getting: Aug 29 16:44:19 dingbat deliver(mimo): open(/var/mail/.temp.dingbat.3969.d1689935a308e0dd) failed: Permission denied Aug 29 16:44:19 dingbat deliver(mimo): file_lock_dotlock() failed with mbox file /var/mail/mimo: Permission denied My primary group is mimo and I think

...[8044]: 9790BBE4A: to=<rgevaert at zalm.ugent.be>, relay=local, delay=0, status=deferred (temporary failure) Info: zalm:~# ls -ld /var/mail drwxrwsr-x 2 root mail 4096 Sep 20 16:56 /var/mail Giving o write access to the folder fixed it, but not in a way it has to be :) I already added mail_extra_groups = mail to dovecot.conf But this doesn't help. What have I missed. Thanks in advance, -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert e-mail: Rudy.Gevaert at UGent.be Directie ICT, Afdeling Infrastructuur Groep Systemen...

...Oct 16 17:00:50 mailtest dovecot: pop3-login: Login: user=<testuser>, method=PLAIN , rip=63.201.8.122, lip=64.4.143.26, TLS Oct 16 17:00:50 mailtest dovecot: pop3(testuser): Mailbox init failed top=0/0, retr=0/ del=0/0, size=0 I've read in the archives that this can be fixed by setting mail_extra_groups = mail in dovecot.conf, but OpenBSD has /var/mail owned by root:wheel mod 755, and /var/mail files owned by fileowner:users mod 600, and no mail group. Anyone know how I can fix this? Jeff Simmons jsimmons@goblin.punk.net Simmons Consulting - Network Eng...

...----- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/dovecot < 1.0.13-r1 >= 1.0.13-r1 Description =========== Dovecot uses the group configured via the "mail_extra_groups" setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-20...

...Backports on 3.1 Stable, x86; Filesystems are local reiserfs; IMAPs client is KMail 1.9.5 Non-default settings in dovecot.conf: protocols = imaps ssl_cert_file = /etc/dovecot/mail.cert.pem ssl_key_file = /etc/dovecot/mail.key.pem mail_location = maildir:/var/mail/ambrosia.plus.com/%n mail_extra_groups = mail first_valid_uid = 1000 first_valid_gid = 1000 umask = 007 maildir_copy_with_hardlinks = yes To reproduce:- 1. Using your IMAP client with two IMAP accounts, copy a message from a folder in one account, to a folder in the other account 2. See that the newly created message file...

...ory: /usr/lib64/dovecot/imap ddIModule loaded: /usr/lib64/dovecot/imap/lib01_acl_plugin.so log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log protocols: imap imaps login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_greeting_capability: yes mail_extra_groups: exalead mail_location: mbox:/opt/exalead/mail mail_debug: yes mail_plugins: acl auth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd userdb: driver: prefetch socket: type: listen client: master: path: /var/run/dovecot/auth-maste...

Hi, im using 0.99 stable in RPM form, Im using this for postfix+dovecot+real unix users, now i tried to enable virtual support with this: protocols = imap pop3 ssl_disable = yes log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.info login_user = dovecot mail_extra_groups = mail auth = default auth_mechanisms = plain auth_passdb = pam auth_userdb = passwd auth_userdb = passwd-file /etc/vhosts/userdb auth_passdb = passwd-file /etc/vhosts/passwd The above configuration works for local users but is not working for virtual users, it produces the error: dovecot-auth:...

...og info_log_path: /var/log/dovecot.log protocols: imap pop3 ssl_disable: yes login_dir: /var/run/dovecot/login login_executable(default): /opt/local/libexec/dovecot/imap-login login_executable(imap): /opt/local/libexec/dovecot/imap-login login_executable(pop3): /opt/local/libexec/dovecot/pop3-login mail_extra_groups: mail mail_location: maildir:/var/Maildir/%u mail_debug: yes mail_executable(default): /opt/local/libexec/dovecot/imap mail_executable(imap): /opt/local/libexec/dovecot/imap mail_executable(pop3): /opt/local/libexec/dovecot/pop3 mail_plugin_dir(default): /opt/local/lib/dovecot/imap mail_plugin_dir(...

Last night Dovecot stopped, and the last message in the log was: Fatal: write() failed to info log: Interrupted system call Would you please advise? *** # dovecot -n # 1.1.6: /usr/local/etc/dovecot.conf Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead # OS: FreeBSD 6.4-PRERELEASE i386 log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot.log protocols: imap pop3 imaps ssl_key_file: /etc/ssl/private/dovecot.key login_dir: /...

...t, and it is ready. a01 LOGIN test-user at my-domain.de test a01 NO Authentication failed. It does not work! But when I change the "%d" to my-domain.de, and login without the domain, it works! What am I doing wrong? Thanks! Nathan dovecot -n # 1.1.4: /etc/dovecot/dovecot.conf Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead base_dir: /var/run/dovecot/ log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot.info.log ssl_cert_file: /etc/exim4/exim.crt ssl_key_file: /etc/exim4/exim.key disable_plainte...

http://dovecot.org/releases/1.0/dovecot-1.0.11.tar.gz http://dovecot.org/releases/1.0/dovecot-1.0.11.tar.gz.sig * mail_extra_groups setting was commonly used insecurely. This setting is now deprecated. Most users should switch to using mail_privileged_group setting, but if you really need the old functionality use mail_access_groups instead. - mbox: Dropped some of the physical size fetch optimizations added in v1...

http://dovecot.org/rc/ Fixes the crashes people had been getting more often with 0.99.10.5. Also included all the patches in dovecot.org/patches/old: - SHA1 passwords - mail_extra_groups setting (Debian people can finally fix #185335 :) - autocreate missing maildirs (and don't crash) - maildir_stat_dirs setting If no problems are found within few days this will simply be renamed to 0.99.10.6. -------------- next part -------------- A non-text attachment was scrubbed... Name...

...#39;ve got a permission denied problem. I've read the VarMailDotLock wiki paper but there is still a security problem. If I enter : chmod a+rwxt /var/spool/mail it works but I think it's very dangerous to have thaht rights. So I've tried to edit the dovecot.conf file and to change the mail_extra_groups = mail and to change the rights : chmod +t /var/spool/mail but it doesn't work ! The mails are in /var/spool/mail/unix_user_name Could you please help me to configure the /var/spool/mail to have a good security and to allow people to receive their mails ? Thanks Frederic

...Evolution mail client, bu if I try to use outlook to get mails the authentication fail and I can't pass through the logon window. The maillog appear this message: dovecot: pop3-login: Disconnected: rip=192.168.0.22, lip=192.168.0.1 My dovecot configuration is: protocols = pop3 ssl_disable = yes mail_extra_groups = mail protocol imap { } protocol pop3 { pop3_uidl_format = %v.%u } protocol lda { postmaster_address = postmaster at example.com } auth_username_translation = "@." auth default { mechanisms = plain passdb pam { } userdb passwd { } user = root } dict { } plugin { } any id...