search for: mail_privileged_group

I have just upgraded to dovecot 1.0.13. All the documentation I can find in the example .conf file and the NEWS and ChangeLog files seems to say that the mail_privileged_group = mail setting is all I should need to make dovecot use group mail to create dotlock files. My understanding from what I read is that mail_privileged_group is used to set the group used while creating dotlock files in (in my case) /var/spool/mail, and mail_access_groups is used to set the group us...

Hello, Running dovecot 1.1.6 on centOS 5 and RHEL 5. With the settings: pop3_lock_session = yes mail_privileged_group = mail mail_location = mbox:~/:INBOX=/var/spool/mail/%u mbox_read_locks = fcntl mbox_write_locks = dotlock fcntl and /var/spool/mail permissions: drwxrwx--x 2 root mail 4096 Nov 19 10:16 mail/ Trying to connect via POP3 results in this error: --- Nov 19 09:31:01 lexiconn2 dovecot: child 32...

"Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead" I use the following: mail_extra_groups = mail nogroup Because I have the real and virtual accounts. What's the correct way to replace the above line? It seems that mail_privileged_group only accepts one group, but I need two. Any suggestion? Thank you! -- Linux 2.6.24:...

...gt;>When I would try to connect to managesieve, I got an error, and > >>>mail.err contains: > >>> > >>>dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) > >>> > >>>Also I got it when I try to connect to port 4190 at localhost > >>>(with telnet), and send the generated AUTH string (with > >>>sieve-auth-command.pl). > >>it can often help if you give versions of the dovecot and pigeonho...

I have just upgraded from 1.0.7 to 1.0.13. I read the comments in the example .conf file and it seemed what I needed to enable dotlock access to mailboxes in /var/spool/mail (writable by 'mail' group) was "mail_privileged_group = mail" so I removed the "mail_extra_groups = mail" that I had in 1.0.7 and added "mail_privileged_group = mail", but I got errors like the following: May 6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed with mbox file /var/spool/mail/xxx: Permission denied...

Hi, latest HG throws this error: May 8 06:42:33 spectre dovecot: master: Dovecot v2.0.beta4 (0a35407e6ff4) starting up May 8 06:48:01 spectre dovecot: imap(alias at domain.tld): Error: user alias at domain.tld: Couldn't drop privileges: Unknown mail_privileged_group: 5000 May 8 06:48:01 spectre dovecot: imap(alias at domain.tld): Error: Internal error occurred. Refer to server log for more information. Regards Thomas

...fectly). > > > > When I would try to connect to managesieve, I got an error, and > > mail.err contains: > > > > dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) > > > > Also I got it when I try to connect to port 4190 at localhost > > (with telnet), and send the generated AUTH string (with > > sieve-auth-command.pl). > it can often help if you give versions of the dovecot and pigeonhole as > well as posting the confi...

...a) should work even for first connection (ignore chown failure) or b)it should not work for following connection, so the behavior should be more consistent. Also it seems unclear what configuration option is required for making this work in new dovecot versions where configuration is split to mail_privileged_group and mail_access_groups. I see that after reading documentation in 10-mail.conf, some admins expects mail_privileged_group to be enough while mail_access_group is required to prevent fchown failure. Would it be possible to explicitly mention in the config file what option is required? I can add...

With this settings I don't get the expectet result, still get wrong permissions on new mailboxes. Aki did you also try with %u ? > In /etc/dovecot/conf.d/10-mail.conf follow options are set: > mail_gid = mail > mail_privileged_group = mail > mail_access_groups = mail > mail_location = mdbox:/var/spool/mail/%u On 15.05.2018 13:06, Aki Tuomi wrote: > I have to correct myself. I tested with sdbox now too, and it seems that > using > > mail_location=sdbox:~/Mail > > produces the expected...

...cot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared. If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following (in the preferred order): a) Upgrade to v1.0.11 and use the new mail_privileged_group setting instead of mail_extra_groups. b) Make /var/mail sticky and world-writable (chmod 01777 /var/mail) and clear mail_extra_groups setting. c) Make /var/mail sticky (chmod +t /var/mail) and keep mail_extra_groups setting. This fixes the main problem but some may be left. The mail_privileged_gro...

...cot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared. If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following (in the preferred order): a) Upgrade to v1.0.11 and use the new mail_privileged_group setting instead of mail_extra_groups. b) Make /var/mail sticky and world-writable (chmod 01777 /var/mail) and clear mail_extra_groups setting. c) Make /var/mail sticky (chmod +t /var/mail) and keep mail_extra_groups setting. This fixes the main problem but some may be left. The mail_privileged_gro...

Hi, I dont know why dsync requires o+rx in working dir, at least it could give better error message when working dir has o-rwx. # cd # mkdir test # cd test # dsync -D -v -u 'info at example.org' -o 'mail_privileged_group=mail' -o 'mail_location=mbox:/email/info at example.org/mail:INBOX=/var/mail/info at example.org' mirror 'maildir:~/Maildir' dsync(info at example.org): Info: Sport: only in source dsync(info at example.org): Info: INBOX: only in source # cd # mkdir test # chmod o-rwx test #...

...t;> >>> When I would try to connect to managesieve, I got an error, and >>> mail.err contains: >>> >>> dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) >>> >>> Also I got it when I try to connect to port 4190 at localhost >>> (with telnet), and send the generated AUTH string (with >>> sieve-auth-command.pl). >> it can often help if you give versions of the dovecot and pigeonhole as >> well a...

...s well with dovecot (I mean my filters works perfectly). When I would try to connect to managesieve, I got an error, and mail.err contains: dovecot: managesieve(airween at mydomain.hu): Error: user airween at madomain.hu: Couldn't drop privileges: getgrnam(vmail) failed: Permission denied (in mail_privileged_group setting) Also I got it when I try to connect to port 4190 at localhost (with telnet), and send the generated AUTH string (with sieve-auth-command.pl). Could anybody helps me to explain this message? Thanks, a.

...> auth_verbose = yes >> auth_verbose_passwords = yes >> disable_plaintext_auth = no >> first_valid_uid = 116 >> last_valid_uid = 116 >> log_path = /var/log/dovecot.log >> mail_home = /srv/mail/%u >> mail_location = mbox:~/mail:INBOX=/var/mail/%u >> mail_privileged_group = mail >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> m...

...* auth_socket_path = /var/run/dovecot/auth-master imapc_features = rfc822.size imapc_host = oldmail.whatever.com imapc_master_user = cyradmin imapc_password = <password hidden> mail_chroot = /var/vmail mail_debug = yes mail_gid = 5000 mail_location = maildir:~/Maildir mail_prefetch_count = 20 mail_privileged_group = vmail mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args...

...; >> With this settings I don't get the expectet result, still get wrong >> permissions on new mailboxes. Aki did you also try with %u ? >> >> > In /etc/dovecot/conf.d/10-mail.conf follow options are set: >> > mail_gid = mail >> > mail_privileged_group = mail >> > mail_access_groups = mail >> > mail_location = mdbox:/var/spool/mail/%u >> >> On 15.05.2018 13:06, Aki Tuomi wrote: >>> I have to correct myself. I tested with sdbox now too, and it seems that >>> using >>> >&...

...The configs were upgraded where needed but neither 10-mail.conf nor 15-mailboxes.conf were changed. 15-mailboxes is all commented out (I guess the default is auto-create, which isn't documented anywhere I could find) and the only non-comments in 10-mail.conf are --- mail_location = maildir:%h mail_privileged_group = mail --- So yes, no namespaces are explicitly defined/declared. The 2.3.4.1 version wrongly creates a maildirfolder file in the home directory (maildir root), preventing exim from correctly creating/using maildirsize. a) Is this expected behavior and can it be changed? b) How can I disable in...

...ilboxes get following permissions: >>>> ?????drwx--S--- 5 newuser mail 4096 Apr 23 19:31 >>>> /var/spool/mail/newuser/ >>>> >>>> In /etc/dovecot/conf.d/10-mail.conf follow options are set: >>>> ?????mail_gid = mail >>>> ?????mail_privileged_group = mail >>>> ?????mail_access_groups = mail >>>> >>>> I'm missing something to get right group permissions for new mailboxes? >>> >>> What permissions were you expecting? Also, which version of dovecot are >>> you running? >>&...

...ir = /var/run/dovecot/ disable_plaintext_auth = no lock_method = dotlock login_greeting = SpamZapper Email ready. login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_privileged_group = mail mbox_lock_timeout = 15 mins mmap_disable = yes passdb { ? driver = pam } protocols = imap pop3 service anvil { ? client_limit = 203 ? process_limit = 1 } service auth { ? user = root } service imap-login { ? chroot = login ? client_limit = 10 ? user = dovecot ? vsz_limit = 256 M } se...