Thank you very much for your quick response. Problem solved (see below for
details).
On 2013-05-08, at 6:47 PM, Ben Morrow <b...@morrow.me.uk> wrote:
> At 12AM +0000 on 9/05/13 you (Earles, Jill) wrote:
>> I've been pouring over the documentation for dovecot, but can't find a
>> solution to this problem. I recently took over administration of the
>> dovecot email service at the University where I work, and things were
>> going smoothly. We've been creating email accounts for use with JIRA,
>> a bug reporting/tracking system, and one day recently, when I tried to
>> add a new account to JIRA, I got this error returned from dovecot:
>>
>> "AuthenticationFailedException: [IN-USE] Couldn't open INBOX:
>> Permission denied"
>
> This is not a dovecot message: presumably it's from JIRA?
You're right, that is how JIRA translated the message it got from dovecot. The
message I found in the dovecot log was very similar.
>
>> I got help from Atlassian, the creators of JIRA, and they sent me
>> links to some forum posts that said that changing the permissions of
>> that user's /var/mail/ directory to 0600 would solve the problem. I
>> changed that and no longer got the error.
>
> You say '/var/mail directory' but your dovecot.conf suggests you mean a
> file in /var/spool/mail. You need to be clear about which you mean.
Sorry about that. There is a symlink between the two. Yes, I changed it on
/var/spool/mail.
>
> Dovecot changes down to the user's uid to access the mail folders, so
> assuming the owners are correct either 0600 or 0660 should be fine.
> (Which you choose depends on how paranoid you are about users reading
> each others' mail, and what the group ownership is.
>
>> Being satisfied that this was a solution, I created a bunch of new
>> email accounts today to replace exchange accounts, and then changed
>> the permissions on all the /var/mail/ directories to 0600. Now I'm
>> getting that error again, even for pre-existing email addresses,
>> including the one that I had previously fixed by changing the
>> permissions the same way. I tried changing some of the older accounts
>> back to 0660, which is what they had before, and I still get the error
>> even after restarting dovecot.
> [...]
>> # dovecot -n
>> # 2.0.9: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux
>> Server release 6.4 (Santiago)
>> auth_debug = yes
>> auth_debug_passwords = yes
>
> Careful with this. You end up with passwords in the logs.
I'll get rid of this - was just grasping at straws trying to find a solution.
>
> [...]
>> Here's an except of the maillog from a recent attempt:
> [...]
>>
>> May 8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error:
>> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied
>
> This is interesting: normally stat only fails if the permissions on the
> directory (that is, /var/spool/mail itself) are wrong. Check you haven't
> changed them by mistake.
Yes, that was it. Thank you! Do you know what the permissions should be on
that directory? I used 0770 for now, but could change it if that's not ideal.
So glad it was a simple thing after all. And, as stupid as I feel for doing
this, it's a much better feeling than having taken down the mail server and not
knowing how to fix it.
>
>> May 8 17:46:50 moose dovecot: auth: Debug: client in:
>> AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip
>> removed}#011lport=110#011rport=64420#011resp=XXXXXXXXXXXXXXXXXXXX
>
> See? You've just posted the password for 'bvauw.relais'. Change it, now.
Damn, and there I was thinking I'd been careful about removing the sensitive
stuff. It's been changed.
>
> Ben
>
Thank you again. Have a great day.
Jill
