My latest test: spam:dovecot => user: spam user1:dovecot => user: user1 root:dovecot => binary: /usr/local/libexec/deliver root:dovecot 777 => dir: /var/run/dovecot/
Still getting: deliver(user1): Can't connect to auth server at \ /var/run/dovecot/auth-master: Permission denied What's the key to this problem? If I set spam, user1, deliver and /var/run/dovecot/ to the same group, and give read/write permission in that directory to that group, why can't they all use auth-master? 1) User 'spam:dovecot' runs Smapassassin 2) Hands off to deliver (root:dovecot) 3) Deliver assumes 'user1:dovecot' identity 4) Can't access auth-master in 'root:dovecot' directory (777) So it's 'auth-master' that is (a) not available to 'user1' AND (b) not available to group 'dovecot'. Huh? Why not? I'm obviously missing info about the temporary 'auth-master'. Can anyone please give me a hand? I'd really appreciate it. Thank you. James > Thank you! Even setting the /var/run/dovecot tree to all chmod 777s > doesn't help. I'm probably mis-remembering the ownership of auth-master, > in my original note. I haven't seen it since I left my notes at work. > > With regard to this maillog entry: > >> postfix/pipe[29452]: 60990FA01BA: to=<recipi...@example-receive.com>, \ >> relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \ >> status=deferred (temporary failure) > > It IS a (temporary failure), because soon after I revert to the simple: >>> mailbox_command = /usr/local/libexec/dovecot/deliver > the message arrives to the recipient user's mailbox. > > It's the spamassassin => deliver handoff and user SWITCH that seems to be > problematic. > > But then, my brain is all garbled, at this point, so I can't really trust > any of my logic. I'll check back in, tomorrow. > > Thanks, again. > > James > >> Hi, >> >> I was having problems with permissions on auth-master too. I solve them >> creating manually the folder /var/run/dovecot with correct permissions >> but >> i >> see you already did that :\ >> >> On Sun, Apr 12, 2009 at 5:27 PM, James Butler >> <jbut...@thebestdefense.com>wrote: >> >>> I've been messing with this for too long, now, and I'm blind to >>> whatever's >>> wrong. Or I'm simply being dense. Either way, I need help with a common >>> issue. >>> >>> I'm trying to get Postfix+Spamassassin+Dovecot going on Fedora 10. >>> (I'll >>> get back to the global Sieve thingy soon, but I need to get this going, >>> first.) >>> >>> When using the simple: >>> mailbox_command = /usr/local/libexec/dovecot/deliver >>> everything is cool, except there's no Spamassassin involvement, >>> obviously. >>> >>> The problem shows itself when the Spamassassin user hands off to the >>> recipient user and Deliver + the recipient user tries to access >>> /var/run/dovecot/auth-master. >>> >>> Thank you for any insight you can provide. >>> >>> /var/run/dovecot: 755 root:dovecot >>> /var/run/dovecot/login: 750 root:dovecot >>> /var/run/dovecot/auth-master: 750 root:dovecot >>> (I think. auth-master is a temporary file? Comes and goes.) >>> >>> >From /etc/postfix/main.cf >>> >>> mailbox_transport = spamassassin >>> >>> >From /etc/postfix/master.cf: >>> >>> spamassassin unix - n n - - pipe >>> user=spam argv=/usr/bin/spamc -f -e /usr/libexec/dovecot/deliver >>> -f ${sender} -d ${user} -m ${extension} >>> >>> Here's my 'socket listen' section from /usr/local/etc/dovecot.conf: >>> >>> socket listen { >>> master { >>> path = /var/run/dovecot/auth-master >>> mode = 0666 >>> #user = >>> group = dovecot >>> } >>> client { >>> path = /var/run/dovecot/auth-client >>> mode = 0666 >>> #user = >>> group = dovecot >>> } >>> } >>> >>> >From /var/log/maillog: >>> >>> Postfix receives the message: >>> >>> postfix/smtpd[29447]: connect from \ >>> IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS] >>> postfix/smtpd[29447]: 60990FA01BA: \ >>> client=IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS] >>> postfix/cleanup[29451]: 60990FA01BA: \ >>> message-id=<49e20bf2.4090...@example-send.com> >>> postfix/qmgr[29441]: 60990FA01BA: from=<sen...@example-send.com>, \ >>> size=812, nrcpt=1 (queue active) >>> postfix/smtpd[29447]: disconnect from \ >>> IP-ADD-RE-SS.ptr.example-send.com[IP.ADD.RE.SS] >>> >>> Spamassassin processes the message as user 'spam': >>> >>> spamd[4121]: spamd: processing message\ >>> <49e20bf2.4090...@example-send.com> for spam:653 >>> spamd[4121]: spamd: clean message (3.0/5.0) for spam:653 in 5.2 >>> seconds,\ >>> 793 bytes. >>> spamd[4121]: spamd: result: . 2 - RDNS_DYNAMIC,TVD_SPACE_RATIO \ >>> scantime=5.2,size=793,user=spam,uid=653,required_score=5.0, \ >>> rhost=localhost.localdomain,raddr=127.0.0.1,rport=42493, \ >>> mid=<49e20bf2.4090...@example-send.com>,autolearn=no >>> >>> Spamassassin pipes result to Deliver which runs as recipient user. >>> >>> Deliver as recipient user doesn't have permission to auth: >>> >>> deliver(recipient): Can't connect to auth server at \ >>> /var/run/dovecot/auth-master: Permission denied >>> postfix/pipe[29452]: 60990FA01BA: to=<recipi...@example-receive.com>, \ >>> relay=spamassassin, delay=6, delays=0.33/0.01/0/5.7, dsn=4.3.0, \ >>> status=deferred (temporary failure) >>> >>> 1) I must use the 'user=' arg for spamc >>> 2) Can't use 'user=${user}' or $user: >>> fatal: get_service_attr: unknown username: ${user} >>> 3) Must use '-d ${user}' Deliver arg, otherwise >>> message gets delivered to user 'spam' >>> >>> AArrgh! TIA. >>> >>> >> >> >> -- >> telemóvel: 963446125 >> mail: rui....@gmail.com >> mail: ei04...@fe.up.pt >> website: http://paginas.fe.up.pt/~ei04073 >> > >