Hello,
Please accept my apologies for not giving all the details in the
original bug report. After further testing, I need to add that it is not
the permissions of .mailder that cause doveadm to fail. It fails because
the .maildir is a FUSE mount with access to all other users, including
potentially untrusted root, restricted. This configuration worked fine
until 2.3.18-r1. Has the context under which doveadm runs changed? Is
there a way to make it run as the user?
---
roughgrain.com - Mastering Mentoring
+447780565902
On 17/07/2022 11:20, Martin Kuchta wrote:
Hello,
Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes.
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8
# Hostname: www.example.com
auth_mechanisms = plain login
auth_username_format = %Ln
doveadm_password = # hidden, use -P to show it
hostname = www.example.xom
listen = *
login_greeting = Dovecot ready.
mail_location = maildir:~/.maildir
mail_plugins = notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapflags notify vnd.dovecot.pipe
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = *
driver = pam
}
plugin {
mail_replica = tcps:www.example.com:8000
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_extensions = +notify +imapflags +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
sieve_plugins = sieve_extprograms
}
postmaster_address = postmas...@example.com
protocols = imap lmtp sieve
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service doveadm {
inet_listener {
port = 8000
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
}
}
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = notify replication sieve
postmaster_address = postmas...@example.com
}
protocol lda {
mail_plugins = notify replication sieve
}
local_name mail.example.com {
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = # hidden, use -P to show it
}
local_name example.com {
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = # hidden, use -P to show it
}
--
roughgrain.com - Mastering Mentoring
+447780565902
