On Tuesday 15 January 2008 03:56:28 Jerry Yeager wrote: > > while fiddling around with the configuration so Dovecot's LDA > > "deliver" can be > > used by multiple users by means of Getmail (you can read about that > > in [1]) I > > always end up running into the error message posted in the subject > > line: > > > > Jan 15 00:00:02 HOSTNAME deliver(USERID): Can't connect to auth server > > at /usr/local/var/run/dovecot/auth-master: Permission denied > > > > Notice how it says "/usr/local/var/run/dovecot"! How and why does > > dovecot > > ^^^^^^^^^^ > > think that anything of any importance can be found under /usr/local/ > > var/... ? > > Please see dovecot -n at the end of this message, but as far as I > > can tell I > > > > master: > > path: /var/run/dovecot/auth-master > > mode: 432 > > user: root > > group: dovecot > > For the quick answer to your immediate problem / question, try: > > cd /path/to/dovecot's/deliver (probably > /usr/local/libexec/dovecot/ ) > > chmod u+s deliver > > (enable the setuid bit for the deliver app). Your Getmail app may not > be truly running as root and thus does not really have permission to > do what you want. > > you may need to do the same for the group as well
Thank you as well for the reply! :)
Chmod'ing deliver really was a step forward in the right direction, although,
as I mentioned elsewhere in this thread, I did not quite get the
configuration right so a few messages from this and other mailing lists
bounced because deliver wasn't called correctly. Still trying to figure that
out.
> Unix permissions are weird sometimes, like a $100 television tube that
> protects a 50 cent fuse by blowing first.
Really great analogy :) I never had a problem with understanding Unix
permissions, but things seem to get complicated when you try to make
different parts of a mail system running smoothly together.
> It does look like (from your use of /usr/local/*****) you built
> dovecot to run out of /usr/local.
No, I really didn't (as far as I can tell). The installation prefix
is /usr/local, yes, but Dovecot runs out of /var/run/dovecot. But apparently
the auth_socket_path for protocol lda defaults to /usr/local/var/run/dovecot,
a parameter I'm still not sure what I need it for.
> One last thing, as a security idea, try something like
>
> master {
> path = /usr/local/var/run/dovecot/auth-master
> mode = 0600
> user = dovecot_user
> group = dovecot_group
> }
>
> and set your postfix line that calls deliver to match:
>
> dovecot unix - n n - - pipe flags=DRhu
> user=dovecot_user:dovecot_group argv=/usr/local/libexec/dovecot/
> deliver -f ${sender} -d ${recipient}
Thanks for this suggestion! But that would imply that I have a virtual user
setup, wouldn't it? Because I don't, all my users are regular Unix users with
shell accounts. That's why my Postfix main.cf contains just
home_mailbox = Maildir/
mailbox_command = /usr/local/libexec/dovecot/deliver
which is also what the LDA/Postfix wiki page says on wiki.dovecot.org. No
Dovecot entry in master.cf at all.
And, as also mentioned elsewhere in this thread, until yesterday I didn't even
have the master { ... } section uncommented, and no auth-master socket seems
to have been configured. But then again I only delivered through Postfix and
didn't need to have deliver called by a regular user.
Andreas
--
Andreas "daff" Ntaflos
Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
signature.asc
Description: This is a digitally signed message part.
