[Dovecot] INBOX permissios woes
Hello, I have a dovecot system that uses winbind authentication against Active Directory. I set it up by following the directions in the wiki. That works great. When a new user receives an email, the inbox is created with permissions 600 (rw- --- --) and ownership user:mail , even though I did chmod 02770 /var/spool/mail. And then, when dovecot tries to access the inbox, it throws the error: Oct 29 13:47:59 imap-login: Info: Login: user=user1, method=PLAIN, rip=10.0.0.6, lip=10.0.0.26, mpid=29047, secured Oct 29 13:47:59 imap(user1): Error: stat(/var/mail/user1) failed: Permission denied Oct 29 13:47:59 imap(user1): Error: stat(/var/mail/user1) failed: Permission denied Accessing users' Sent, Trash, creating new folders all that works fine. I've been looking at the documentation, reading the wiki, searching on google, asking on IRC. If you have any hint or documentation that I've must have overlooked, please let me know. Here's my dovecot information: [josep@testmail ]$ dovecot --version 2.0.9 [josep@testmail ]$ dovecot -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.11.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_username_format = %Lu base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot-debug.log listen = * log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { driver = pam } protocols = imap service auth { unix_listener auth-userdb { mode = 0600 } } ssl_cert = /etc/pki/dovecot/certs/dovecot.pem ssl_key = /etc/pki/dovecot/private/dovecot.pem userdb { args = uid=503 gid=503 home=/home/vmail/%u driver = static } userdb { driver = passwd } [josep@testmail ]$ Thank you in advance, Josep This transmission is intended for the use of the entity or individual to which or whom it is addressed. The transmission or any documents accompanying the transmission may contain confidential information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the transmission or the documents is strictly prohibited. If you have received this confidential transmission in error, please destroy it and any accompanying documents and notify the sender immediately. Thank you.
Re: [Dovecot] Upgrade path questions
On Wednesday 13 January 2010 03:14:42 pm Thomas M Goerger wrote: Hi, We are currently running Dovecot v1.1.6 on our servers, and are contemplating an upgrade to 1.2, or 2.0 soon. We are wondering how many organizations are still running a 1.1 version of Dovecot, and if anyone has any thoughts on this transition. Have you upgraded from 1.1 to 1.2? What are your experiences with this? Have you upgraded from 1.1 to 2.0 directly? What are your experiences this way? We are also running an environment with both mbox and maildir formats. How many of you are running similarly, or are running solely maildir or mbox? We're just looking to gather information going forward, and anything you might be able to contribute would be very helpful. Thanks! * Tom Goerger - Email/Unix System Administrator * * University of MinnesotaEmail: t...@umn.edu * Hi Tom, We are running 1.1.x (http://atrpms.net/dist/el4/dovecot-1.1.x/), after a recent upgrade from 0.99 on a CentOS 4 system. The upgrade went flawlessly after reading the wiki, asking a couple of questions here and testing first with a test system. Then I looked at 1.2. I saw there was some possible issues with our set up, so I went with the good old and tried 1.1.x instead. So far 1.1.x is has performed beautiful, so if it is not broken, no reason to fix it. Down the line, I'll plan to upgrade to 1.2.x , after 2.0.x is fully stable. Of course I'll need some time, no current projects in /dev/TODO and a good reason to change something that works just fine :-) Regards, Josep -- Josep L. Guallar-Esteve - IT Department - Eastern Radiologists, Inc. This transmission is intended for the use of the entity or individual to which or whom it is addressed. The transmission or any documents accompanying the transmission may contain confidential information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the transmission or the documents is strictly prohibited. If you have received this confidential transmission in error, please destroy it and any accompanying documents and notify the sender immediately. Thank you.
[Dovecot] Upgrading Dovecot on CentOS 4, from 0.99 to 1.x
Hello, We have a production mail server running dovecot 0.99 (dovecot-0.99.14-1.rf). We are getting several errors corrected in dovecot 1.x versions: * corrupted inboxes (garbage at beggining of mbox files), * corrupted index files (Error: Corrupted file index /home/jsmith/.imap/Drafts/.imap.index: Sequence 6 not found from binary tree (6 msgs says header)), * others (Error: fcntl() failed with mbox file /var/mail/jsmith: Resource deadlock avoided), etc. I'm planning to upgrade using the instructions found at dovecot's wiki. -- Josep L. Guallar-Esteve This transmission is intended for the use of the entity or individual to which or whom it is addressed. The transmission or any documents accompanying the transmission may contain confidential information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the transmission or the documents is strictly prohibited. If you have received this confidential transmission in error, please destroy it and any accompanying documents and notify the sender immediately. Thank you.
[Dovecot] Upgrading Dovecot on CentOS 4 from 0.99 to 1.x
(sorry for my previous message, I sent it by mistake before finishing it) Hello, We have a production mail server running dovecot 0.99 (dovecot-0.99.14-1.rf). We are getting several errors corrected in dovecot 1.x versions: * corrupted inboxes (garbage at beggining of mbox files), * corrupted index files (Error: Corrupted file index /home/jsmith/.imap/Drafts/.imap.index: Sequence 6 not found from binary tree (6 msgs says header)), * others (Error: fcntl() failed with mbox file /var/mail/jsmith: Resource deadlock avoided), etc. I'm planning to upgrade using the instructions found at dovecot's wiki. On http://atrpms.net/dist/el4/ it is offered in 3 different versions: * dovecot 1..0.15-1_73.el4 * dovecot 1.1.19-1_96.el4 * dovecot 1.2.5-0_100.el4 I have a separated test system, where I'll test upgrading from 0.99 to final selected version, to discover any possible gotchas found while upgrading. Two questions: 1. Which version is the recommended to upgrade? I'd like stability and as little problems as possible over anything else, as we have a simple set up. 2. What is the preferred upgrade method? straight upgrade? (099 - rpm -Fvh dovecot-1.2 ? Or upgrading one release at a time? (0.99 1.0 1.1 ...) Thank you in advance for any recommendation. Regards, Josep -- Josep L. Guallar-Esteve This transmission is intended for the use of the entity or individual to which or whom it is addressed. The transmission or any documents accompanying the transmission may contain confidential information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the transmission or the documents is strictly prohibited. If you have received this confidential transmission in error, please destroy it and any accompanying documents and notify the sender immediately. Thank you.
Re: [Dovecot] Enabling security on POP3 and IMAP
Hello Richard, Maybe the included .pem files are bad (expire, pointing to wrong server name or whatnot) I'd generate new .pem files. dovecot documentation points to mkcert.sh script. With this script you can generate your own certificate, after filling in the OpenSSL config file used by mkcert.sh. On my system, the script is located at /usr/libexec/dovecot/mkcert.sh and the configuration file is at: /etc/pki/dovecot/dovecot-openssl.cnf With the key and certificate generated this script, dovecot is happy to work with ssl (imaps i my case) Hope this helps, Josep On Thursday 24 September 2009 11:39:59 am Richard Hobbs wrote: Hello, Thanks again for your response... However, upon closer inspection, it seems that both /etc/ssl/certs/dovecot.pem and /etc/ssl/private/dovecot.pem already exist! I'm running Debian Lenny 5.0 btw - does anyone know if these keys were simply part of the dovecot package, or whether they have been generated during the installation process and are therefore unique? If they are unique, then I don't need to generate my own, perhaps? Thanks again, Richard. Christian Schmidt wrote: Hello Richard, Richard Hobbs, 10.09.2009 (d.m.y): Thanks for the advice - how do i generate ssl cert files and ssl key files? Just use OpenSSL. There's a short description of what to do on http://www.apache-ssl.org - or in any other OpenSSL Howto... Gruss/Regards, Christian Schmidt -- Josep L. Guallar-Esteve - IT Department This transmission is intended for the use of the entity or individual to which or whom it is addressed. The transmission or any documents accompanying the transmission may contain confidential information. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the transmission or the documents is strictly prohibited. If you have received this confidential transmission in error, please destroy it and any accompanying documents and notify the sender immediately. Thank you.