Hi all. I've had a hard time trying to find out why deliver isn't working after I've updated dovecot from v1.11 to v1.2.8. It just gave me EX_TEMPFAIL without any info in the logs. My deliver was setuid-root.
Once I've made a simple shell wrapper script for the deliver executable which saves deliver's stdout+stderr, I've found the reason: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids Did a 'chmod o-x deliver' and fixed groups/owners and now everything works as it should. I think this error message should go to log files, not just to stdout/stderr. And it's worth to describe this behaviour in the Wiki. Cheers, Denis