Thank you very much for your quick response.  Problem solved (see below for 
details).  

On 2013-05-08, at 6:47 PM, Ben Morrow <b...@morrow.me.uk> wrote:

> At 12AM +0000 on  9/05/13 you (Earles, Jill) wrote:
>> I've been pouring over the documentation for dovecot, but can't find a
>> solution to this problem.  I recently took over administration of the
>> dovecot email service at the University where I work, and things were
>> going smoothly.  We've been creating email accounts for use with JIRA,
>> a bug reporting/tracking system, and one day recently, when I tried to
>> add a new account to JIRA, I got this error returned from dovecot:
>> 
>> "AuthenticationFailedException: [IN-USE] Couldn't open INBOX:
>> Permission denied"
> 
> This is not a dovecot message: presumably it's from JIRA?

You're right, that is how JIRA translated the message it got from dovecot.  The 
message I found in the dovecot log was very similar.

> 
>> I got help from Atlassian, the creators of JIRA, and they sent me
>> links to some forum posts that said that changing the permissions of
>> that user's /var/mail/ directory to 0600 would solve the problem.  I
>> changed that and no longer got the error.  
> 
> You say '/var/mail directory' but your dovecot.conf suggests you mean a
> file in /var/spool/mail. You need to be clear about which you mean.

Sorry about that.  There is a symlink between the two.  Yes, I changed it on 
/var/spool/mail.

> 
> Dovecot changes down to the user's uid to access the mail folders, so
> assuming the owners are correct either 0600 or 0660 should be fine.
> (Which you choose depends on how paranoid you are about users reading
> each others' mail, and what the group ownership is.
> 
>> Being satisfied that this was a solution, I created a bunch of new
>> email accounts today to replace exchange accounts, and then changed
>> the permissions on all the /var/mail/ directories to 0600.  Now I'm
>> getting that error again, even for pre-existing email addresses,
>> including the one that I had previously fixed by changing the
>> permissions the same way.  I tried changing some of the older accounts
>> back to 0660, which is what they had before, and I still get the error
>> even after restarting dovecot.
> [...]
>> # dovecot -n
>> # 2.0.9: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.32-131.0.15.el6.x86_64 x86_64 Red Hat Enterprise Linux 
>> Server release 6.4 (Santiago) 
>> auth_debug = yes
>> auth_debug_passwords = yes
> 
> Careful with this. You end up with passwords in the logs.

I'll get rid of this - was just grasping at straws trying to find a solution.

> 
> [...]
>> Here's an except of the maillog from a recent attempt:
> [...]
>> 
>> May  8 17:46:49 moose dovecot: pop3(lib.sysadmin): Error:
>> stat(/var/spool/mail/lib.sysadmin) failed: Permission denied
> 
> This is interesting: normally stat only fails if the permissions on the
> directory (that is, /var/spool/mail itself) are wrong. Check you haven't
> changed them by mistake.

Yes, that was it.  Thank you!  Do you know what the permissions should be on 
that directory?  I used 0770 for now, but could change it if that's not ideal.

So glad it was a simple thing after all.  And, as stupid as I feel for doing 
this, it's a much better feeling than having taken down the mail server and not 
knowing how to fix it.

> 
>> May  8 17:46:50 moose dovecot: auth: Debug: client in:
>> AUTH#0111#011PLAIN#011service=pop3#011lip={ip removed}#011rip={ip
>> removed}#011lport=110#011rport=64420#011resp=XXXXXXXXXXXXXXXXXXXX
> 
> See? You've just posted the password for 'bvauw.relais'. Change it, now.

Damn, and there I was thinking I'd been careful about removing the sensitive 
stuff.  It's been changed.

> 
> Ben
> 

Thank you again.  Have a great day.

Jill


Reply via email to