[Dovecot] Operation not permitted
Hi all,
Slowly but surely moving forward, I hope...
I get the following error (in the maillog file) after I've installed
Managesieve:
*Aug 13 10:13:52 li73-31 dovecot: deliver(andre at
paranoidandroid.co.za): Fatal: setgid(501(paranoidandroid)) failed with
euid=104(vmail), gid=106(vmail), egid=106(vmail): Operation not permitted*
/Does anybody know what this means and how to fix it?/
Don't know if it has anything to do with sieve (I've changed the
/usr/etc/dovecot.conf file from mail_plugins = cmusieve to mail_plugins
= sieve)
My config is below:
dovecot config:
--
# 1.2.1: /usr/etc/dovecot.conf
# OS: Linux 2.6.18.8-x86_64-linode1 x86_64 CentOS release 5.3 (Final)
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/paranoidandroidCA/server.crt
ssl_key_file: /etc/pki/paranoidandroidCA/server.key
login_dir: /usr/var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
mechanisms: plain login cram-md5 ntlm
passdb:
driver: sql
args: /etc/dovecot/dovecot_sql_passdb.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot_sql_userdb.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /usr/var/run/dovecot/auth-master
mode: 384
user: vmail
postfix config:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost
mydomain = paranoidandroid.co.za
myhostname = mail.paranoidandroid.co.za
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_limit = 500
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
master.cf:
-
pickupfifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scacheunix - - n - 1 scache
dovecot unix - n n - - pipe flags=DRhu
user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
Re: [Dovecot] Operation not permitted
Thank you for your response. It helped a lot. The contents of the conf
file is:
connect = host=localhost dbname=[db] user=[*] password=[*]
user_query = SELECT CONCAT('maildir:', domain.home_dir, '/mail/',
mailbox.maildir, 'mail') as mail, domain.uid, domain.gid,
CONCAT('quota=maildir:storage=', mailbox.quota) AS quota,
CONCAT(domain.home_dir, '/mail/', mailbox.maildir) as home FROM domain
JOIN mailbox ON domain.domain = mailbox.domain WHERE mailbox.username =
'%u';
[*] is not vmail :)
Ok there are two entries in the domain table; one for ALL uid gid =
null and one for paranoidandroid.co.za having uid and gid of 501. I'm
not sure how these entries are created, I guess it is by mail admin.
Should I hack it to 104? or make a new entry? If new entry, then through
mail admin, and how?
My apologies for all the questions I'm new to Linux and would really
like to learn...
Best regards,
Andre
Timo Sirainen wrote:
On Aug 14, 2009, at 9:01 AM, André Labuschagné wrote:
*Aug 13 10:13:52 li73-31 dovecot: deliver(andre at
paranoidandroid.co.za): Fatal: setgid(501(paranoidandroid)) failed
with euid=104(vmail), gid=106(vmail), egid=106(vmail): Operation not
permitted*
This means that you start deliver as vmail:vmail (which I guess is
intended), but userdb lookup says that this user should have GID
paranoidandroid. So deliver tries to change the proces's GID, but
isn't allowed to because it's not running as root.
userdb:
driver: sql
args: /etc/dovecot/dovecot_sql_userdb.conf
What do you have in user_query? Is it intended that different users
have different gids (and maybe uids)?
Re: [Dovecot] Mail not begin processed
Thank you for the response
postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost
mydomain = paranoidandroid.co.za
myhostname = mail.paranoidandroid.co.za
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_limit = 500
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
master.cf:
--
pickupfifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgrunix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounceunix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verifyunix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scacheunix - - n - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d
${recipient}
Many thanx
Timo Sirainen wrote:
On Sat, 2009-08-08 at 14:57 +0200, André Labuschagné wrote:
Aug 8 14:55:02 li73-31 postfix/qmgr[20163]: warning: connect to
transport private/dovecot: Connection refused
What does master.cf contain? Or postconf -n? This is anyway Postfix
configuration problem, nothing really to do with Dovecot (your transport
name just happens to be dovecot).
Re: [Dovecot] Mail not begin processed
Hi Thank you for the response. The dovecot's config is: --- # 1.2.1: /usr/etc/dovecot.conf # OS: Linux 2.6.18.8-x86_64-linode1 x86_64 CentOS release 5.3 (Final) protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/pki/paranoidandroidCA/server.crt ssl_key_file: /etc/pki/paranoidandroidCA/server.key login_dir: /usr/var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: mechanisms: plain login cram-md5 ntlm passdb: driver: sql args: /etc/dovecot/dovecot_sql_passdb.conf userdb: driver: sql args: /etc/dovecot/dovecot_sql_userdb.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /usr/var/run/dovecot/auth-master mode: 384 user: vmail The log file snippet is: - Aug 8 14:54:51 li73-31 postfix/smtpd[25196]: connect from mail-ew0-f209.google.com[209.85.219.209] Aug 8 14:54:51 li73-31 postfix/smtpd[25196]: E571527388: client=mail-ew0-f209.google.com[209.85.219.209] Aug 8 14:54:52 li73-31 postfix/cleanup[25202]: E571527388: hold: header Received: from mail-ew0-f209.google.com (mail-ew0-f209.google.com [209.85.219.209])??by mail.paranoidandroid.co.za (Postfix) with ESMTP id E571527388??for an...@paranoidandroid.co.za; Sat, 8 Aug 20 from mail-ew0-f209.google.com[209.85.219.209]; from=tungste...@gmail.com to=an...@paranoidandroid.co.za proto=ESMTP helo=mail-ew0-f209.google.com Aug 8 14:54:52 li73-31 postfix/cleanup[25202]: E571527388: message-id=898bcad90908080554i45eb5dfakad36de457c2ba...@mail.gmail.com Aug 8 14:54:52 li73-31 MailScanner[24606]: New Batch: Scanning 1 messages, 2705 bytes Aug 8 14:55:02 li73-31 MailScanner[24606]: Virus and Content Scanning: Starting Aug 8 14:55:02 li73-31 MailScanner[24606]: Requeue: E571527388.AC203 to 9C2282738E Aug 8 14:55:02 li73-31 MailScanner[24606]: Uninfected: Delivered 1 messages Aug 8 14:55:02 li73-31 postfix/qmgr[20163]: 9C2282738E: from=tungste...@gmail.com, size=1981, nrcpt=1 (queue active) Aug 8 14:55:02 li73-31 postfix/qmgr[20163]: warning: connect to transport private/dovecot: Connection refused Aug 8 14:55:02 li73-31 postfix/error[25208]: 9C2282738E: to=an...@paranoidandroid.co.za, relay=none, delay=11, delays=11/0.01/0/0.15, dsn=4.3.0, status=deferred (mail transport unavailable) Aug 8 14:55:02 li73-31 MailScanner[24606]: Deleted 1 messages from processing-database Aug 8 14:55:22 li73-31 postfix/smtpd[25196]: disconnect from mail-ew0-f209.google.com[209.85.219.209] Timo Sirainen wrote: On Fri, 2009-08-07 at 15:39 +0200, Andre Labuschagne wrote: Good day all, [Dovecot version 1.2.1] I've set up postfix and dovecot on Centos. I have a problem with the mail, it is begin received but not processed by dovecot. I've looked in the maillog file and found two problems; the first is that private/dovecot directory (I think it should be a directory) did not exist and the second problem is mail transport unavailable. private/dovecot is typically dovecot authentication socket for SMTP AUTH. deliver doesn't need it. I've create a directory called /var/spool/postfix/private/dovecot but I get the following error in the log file: Connection refused (Is this an ownership issue? I've made the owner postfix) As for the second problem, I've spend the most of the past 3 days googling the error and found very little useful information. Do I need to supply more info? Yeah. Postfix configuration, dovecot -n output and exact log messages what happens when you try to deliver a mail.
