Am 17.02.26 um 16:38 schrieb Markus Schönhaber via dovecot:

> 17.02.26, 16:26 +0100, Aki Tuomi via dovecot:
> 
>>    This looks more like syntax error than permission error.
> 
> Then please tell me: what exactly is wrong syntax-wise?
> 
> And why is no syntax error reported but "Permission denied"?

And is the syntax error expected to go away, if I make the private key
file world readable?
Because if I do, delivery works fine.

> 
> Regards
>   mks
> 
>>
>>    Aki
>>
>>      On 17/02/2026 17:19 EET Markus Schoenhaber via dovecot
>>      <[1][email protected]> wrote:
>>
>>
>>      Hi,
>>
>>      I'm trying to make Postfix hand incoming mail to Dovecot by using
>>      Dovecot's deliver. But this fails with a permission error:
>>
>>
>>        Feb 17 15:50:12 debian13-cont postfix/pipe[13133]: 171C17206:
>>        to=<[2][email protected]>, relay=dovecot, delay=0.17,
>>        delays=0.1/0/0/0.07, dsn=5.3.0, status=bounced (Command died with
>>        status 89: "/usr/lib/dovecot/deliver". Command output: doveconf:
>>        Fatal: Error in configuration file /etc/dovecot/certs.conf line 3:
>>        key_file: open(/etc/ssl/private/ssl-cert-snakeoil.key) failed:
>>        Permission denied )
>>
>>      How can I solve this (short of making the private key file world
>>      readable, of course)?
>>
>>      Regards
>>      mks
>>
>>
>>      I have this in Postfix' master.cf:
>>
>>
>>        dovecot unix - n n - - pipe
>>        flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f
>>        ${sender} -a ${recipient} -d ${user}@${domain}
>>
>>
>>      # LANG=C id vmail
>>      uid=501(vmail) gid=501(vmail) groups=501(vmail),104(ssl-cert)
>>
>>
>>      # LANG=C ls -l /etc/ssl/private/
>>      total 4
>>      -rw-r----- 1 root ssl-cert 1704 Feb 4 17:15 ssl-cert-snakeoil.key
>>
>>
>>      # doveconf -n
>>      # 2.4.2-2+debian13 (0962ed2104): /etc/dovecot/dovecot.conf
>>      # Pigeonhole version 2.4.2-2+debian13 (767418c3)
>>      # OS: Linux 6.19.0-2-MANJARO x86_64 Debian 13.3 btrfs
>>      # Hostname: debian13-cont
>>      dovecot_config_version = 2.4.2
>>      dovecot_storage_version = 2.4.2
>>      log_debug = category=sql
>>      mail_driver = sdbox
>>      mail_gid = vmail
>>      mail_home = /var/spool/vmail/home/%{user | domain}/%{user | username}
>>      mail_path = /var/spool/vmail/mail/%{user | domain}/%{user | username}
>>      mail_plugins {
>>      quota = yes
>>      }
>>      mail_uid = vmail
>>      protocols = imap lmtp sieve
>>      sql_driver = mysql
>>      mysql localhost {
>>      dbname = postfixadmin
>>      password = # hidden, use -P to show it
>>      user = postfixadmin
>>      }
>>      passdb sql {
>>      query = SELECT 'vmail' AS userdb_uid, 'vmail' AS userdb_gid,
>>      CONCAT('/var/spool/vmail/home/', maildir) AS userdb_home, CONCAT(quota,
>>      'B') AS userdb_quota_storage_size, username AS user, password FROM
>>      mailbox WHERE username = '%{user}' AND active = '1';
>>      }
>>      userdb prefetch {
>>      }
>>      userdb sql {
>>      iterate_query = SELECT username AS user FROM mailbox WHERE active = '1';
>>      query = SELECT 'vmail' AS uid, 'vmail' AS gid,
>>      CONCAT('/var/spool/vmail/home/', maildir) AS home, CONCAT(quota, 'B') AS
>>      quota_storage_size, username AS user, password FROM mailbox WHERE
>>      username = '%{user}' AND active = '1';
>>      }
>>      namespace inbox {
>>      inbox = yes
>>      separator = /
>>      mailbox Drafts {
>>      special_use = "\\Drafts"
>>      }
>>      mailbox Entwuerfe {
>>      special_use = "\\Drafts"
>>      }
>>      mailbox Junk {
>>      special_use = "\\Junk"
>>      }
>>      mailbox Trash {
>>      special_use = "\\Trash"
>>      }
>>      mailbox "Geloeschte Objekte" {
>>      special_use = "\\Trash"
>>      }
>>      mailbox Sent {
>>      special_use = "\\Sent"
>>      }
>>      mailbox "Gesendete Objekte" {
>>      special_use = "\\Sent"
>>      }
>>      }
>>      service auth {
>>      inet_listener tcp_auth {
>>      port = 12345
>>      }
>>      unix_listener /var/spool/postfix/private/auth {
>>      group = postfix
>>      mode = 0666
>>      user = postfix
>>      }
>>      }
>>      service auth-worker {
>>      }
>>      ssl_server {
>>      cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>>      key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>>      }
>>      protocol imap {
>>      mail_plugins {
>>      imap_quota = yes
>>      }
>>      }
>>      quota "User quota" {
>>      }
>>      dict_server {
>>      dict mysql {
>>      driver = sql
>>      sql_driver = mysql
>>      dict_map priv/quota/messages {
>>      sql_table = quota
>>      username_field = username
>>      dict_map_value_field messages {
>>      }
>>      }
>>      dict_map priv/quota/storage {
>>      sql_table = quota
>>      username_field = username
>>      dict_map_value_field bytes {
>>      }
>>      }
>>      }
>>      }
>>      quota_clone {
>>      dict proxy {
>>      name = mysql
>>      }
>>      }
>>
>>      _______________________________________________
>>      dovecot mailing list -- [3][email protected]
>>      To unsubscribe send an email to [4][email protected]
>>
>> References
>>
>>    Visible links
>>    1. mailto:[email protected]
>>    2. mailto:[email protected]
>>    3. mailto:[email protected]
>>    4. mailto:[email protected]
>> _______________________________________________
>> dovecot mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
> 
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]

_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to