Am 17.02.26 um 16:38 schrieb Markus Schönhaber via dovecot: > 17.02.26, 16:26 +0100, Aki Tuomi via dovecot: > >> This looks more like syntax error than permission error. > > Then please tell me: what exactly is wrong syntax-wise? > > And why is no syntax error reported but "Permission denied"?
And is the syntax error expected to go away, if I make the private key file world readable? Because if I do, delivery works fine. > > Regards > mks > >> >> Aki >> >> On 17/02/2026 17:19 EET Markus Schoenhaber via dovecot >> <[1][email protected]> wrote: >> >> >> Hi, >> >> I'm trying to make Postfix hand incoming mail to Dovecot by using >> Dovecot's deliver. But this fails with a permission error: >> >> >> Feb 17 15:50:12 debian13-cont postfix/pipe[13133]: 171C17206: >> to=<[2][email protected]>, relay=dovecot, delay=0.17, >> delays=0.1/0/0/0.07, dsn=5.3.0, status=bounced (Command died with >> status 89: "/usr/lib/dovecot/deliver". Command output: doveconf: >> Fatal: Error in configuration file /etc/dovecot/certs.conf line 3: >> key_file: open(/etc/ssl/private/ssl-cert-snakeoil.key) failed: >> Permission denied ) >> >> How can I solve this (short of making the private key file world >> readable, of course)? >> >> Regards >> mks >> >> >> I have this in Postfix' master.cf: >> >> >> dovecot unix - n n - - pipe >> flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f >> ${sender} -a ${recipient} -d ${user}@${domain} >> >> >> # LANG=C id vmail >> uid=501(vmail) gid=501(vmail) groups=501(vmail),104(ssl-cert) >> >> >> # LANG=C ls -l /etc/ssl/private/ >> total 4 >> -rw-r----- 1 root ssl-cert 1704 Feb 4 17:15 ssl-cert-snakeoil.key >> >> >> # doveconf -n >> # 2.4.2-2+debian13 (0962ed2104): /etc/dovecot/dovecot.conf >> # Pigeonhole version 2.4.2-2+debian13 (767418c3) >> # OS: Linux 6.19.0-2-MANJARO x86_64 Debian 13.3 btrfs >> # Hostname: debian13-cont >> dovecot_config_version = 2.4.2 >> dovecot_storage_version = 2.4.2 >> log_debug = category=sql >> mail_driver = sdbox >> mail_gid = vmail >> mail_home = /var/spool/vmail/home/%{user | domain}/%{user | username} >> mail_path = /var/spool/vmail/mail/%{user | domain}/%{user | username} >> mail_plugins { >> quota = yes >> } >> mail_uid = vmail >> protocols = imap lmtp sieve >> sql_driver = mysql >> mysql localhost { >> dbname = postfixadmin >> password = # hidden, use -P to show it >> user = postfixadmin >> } >> passdb sql { >> query = SELECT 'vmail' AS userdb_uid, 'vmail' AS userdb_gid, >> CONCAT('/var/spool/vmail/home/', maildir) AS userdb_home, CONCAT(quota, >> 'B') AS userdb_quota_storage_size, username AS user, password FROM >> mailbox WHERE username = '%{user}' AND active = '1'; >> } >> userdb prefetch { >> } >> userdb sql { >> iterate_query = SELECT username AS user FROM mailbox WHERE active = '1'; >> query = SELECT 'vmail' AS uid, 'vmail' AS gid, >> CONCAT('/var/spool/vmail/home/', maildir) AS home, CONCAT(quota, 'B') AS >> quota_storage_size, username AS user, password FROM mailbox WHERE >> username = '%{user}' AND active = '1'; >> } >> namespace inbox { >> inbox = yes >> separator = / >> mailbox Drafts { >> special_use = "\\Drafts" >> } >> mailbox Entwuerfe { >> special_use = "\\Drafts" >> } >> mailbox Junk { >> special_use = "\\Junk" >> } >> mailbox Trash { >> special_use = "\\Trash" >> } >> mailbox "Geloeschte Objekte" { >> special_use = "\\Trash" >> } >> mailbox Sent { >> special_use = "\\Sent" >> } >> mailbox "Gesendete Objekte" { >> special_use = "\\Sent" >> } >> } >> service auth { >> inet_listener tcp_auth { >> port = 12345 >> } >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> } >> service auth-worker { >> } >> ssl_server { >> cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem >> key_file = /etc/ssl/private/ssl-cert-snakeoil.key >> } >> protocol imap { >> mail_plugins { >> imap_quota = yes >> } >> } >> quota "User quota" { >> } >> dict_server { >> dict mysql { >> driver = sql >> sql_driver = mysql >> dict_map priv/quota/messages { >> sql_table = quota >> username_field = username >> dict_map_value_field messages { >> } >> } >> dict_map priv/quota/storage { >> sql_table = quota >> username_field = username >> dict_map_value_field bytes { >> } >> } >> } >> } >> quota_clone { >> dict proxy { >> name = mysql >> } >> } >> >> _______________________________________________ >> dovecot mailing list -- [3][email protected] >> To unsubscribe send an email to [4][email protected] >> >> References >> >> Visible links >> 1. mailto:[email protected] >> 2. mailto:[email protected] >> 3. mailto:[email protected] >> 4. mailto:[email protected] >> _______________________________________________ >> dovecot mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > > _______________________________________________ > dovecot mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
