Re: LDA ignores virtual mailbox settings
Hi Piotr, On Fri, Jan 01, 2021 at 05:59:42PM +0100, Piotr Auksztulewicz wrote: > Please note that local.conf is included by include_try directive. > Check local.conf permissions versus userid running deliver, configured > in master.cf. If it can't read local.conf, it will simply ignore it. I was somehow not aware of this problem, but this solved it nicely. There are some problems, still, but now things "almost work". Thanks a lot, Toni
Re: LDA ignores virtual mailbox settings
On Fri, Jan 01, 2021 at 03:45:14PM +, Toni Mueller wrote: > I found that there may be a problem in merging configuration directives. > In Debian, the main config file is /etc/dovecot/dovecot.conf. This > includes some snippets in /etc/dovecot/conf.d, and, at last, includes > /etc/dovecot/local.conf. > > In local.conf, I have different values for that, but only if I comment > them out in 10-mail.conf, I get LDA to try to deliver to the directory > where it should deliver. Therefore, I assume that later directives are Please note that local.conf is included by include_try directive. Check local.conf permissions versus userid running deliver, configured in master.cf. If it can't read local.conf, it will simply ignore it. -- Piotr "Malgond" Auksztulewicz firstn...@lastname.net
Re: LDA ignores virtual mailbox settings
Hi, thanks to all the people who tried to help me. I have made one more step into the right direction and wanted to share my findings. To recap, LDA pulls the right data from userdb, then ignores it and tries to deliver to the system default maibox location at /var/mail: On Sun, Dec 27, 2020 at 04:19:35PM +, Toni Mueller wrote: > 16:04:16 dovecot: auth: Debug: userdb out: > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 > > ^^ > > This shows that the database lookup works. The intended effect should be > that the message is delivered to > > /path-to-mailboxen/example.com/user/Maidir/new > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: > Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > not in group 8(mail), dir owned by 0:8 mode=0775) > > ^^ > > And this shows that dovecot-lda just ignores the result. 1. Directive merging: I found that there may be a problem in merging configuration directives. In Debian, the main config file is /etc/dovecot/dovecot.conf. This includes some snippets in /etc/dovecot/conf.d, and, at last, includes /etc/dovecot/local.conf. In /etc/dovecot/conf.d/10-mail.conf, there are these two statements: mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail In local.conf, I have different values for that, but only if I comment them out in 10-mail.conf, I get LDA to try to deliver to the directory where it should deliver. Therefore, I assume that later directives are not overwriting earlier directives, but "first wins" is an uncommon strategy - usually, it's "last wins". I'm not sure whether this is a bug or not, though, but a quick search did not reveal how things are supposed to be. 2. Wrong mailbox settings: I want to deliver to maildir and have these settings: Globally, ie, outside of all "blocks" ( [] { ... }), I have mail_location = maildir:~/Maildir:INBOX=maildir:~/Maildir In addition to that, I have this: namespace inbox { inbox = yes location = maildir:~/Maildir } But Dovecot wrote the mail to a file in mbox format, and the file being at ~/mail/inbox, with ~ being the home dir as taken from the SQL database. 3. Autocreate fails: I now have this for LDA and IMAP: cut protocol imap { mail_plugins = autocreate quota imap_quota mail_log trash virtual notify mail_max_userip_connections = 10 } protocol lda { mail_plugins = autocreate quota virtual mail_log trash notify ... } cut In the first instance, the home from the database was created by Dovecot, but then I moved it aside, so as to have Dovecot create a new one. But now I get this, even after lifting the plugin settings of LDA to the global scope: Jan 1 15:07:52 dovecot: lda(u...@example.com)<13951>: Fatal: Namespace '': Mail storage autodetection failed with home=/path-to-mailboxen/example.com/user Setting 'mail_location', as was suggested numerous times on the Internet, does not seem to have the desired effect, and I only have the 'inbox' namespace, anyway. Any ideas, please? TIA! Cheers, Toni
Re: LDA ignores virtual mailbox settings
> On 28/12/2020 16:35 Toni Mueller wrote: > > > Hi Aki, > > On Mon, Dec 28, 2020 at 03:37:33PM +0200, Aki Tuomi wrote: > > What you are describing will not be solved by looking at dovecot > > source code. > > ok. > > > Can you describe your configuration more? Maybe you are running > > dovecot in chroot or something? Can you consider using LMTP instead of > > LDA? > > I want to have as much information about the users and their mailboxes > as possible in an SQL database (I use Pg), so I can easily move things > around, change permissions and what-not. > > I thought about using LMTP, but so far shyed away from it because I > suspected that it would be unable to do uid/gid switching on a per-user > basis. But I'll check this idea out as well. > > I have not done anything special to the Debian installation, but > checking if that contains an unwanted chroot somewhere, is a good idea! > > > Thanks, > Toni LMTP can do uid/gid switching per user. Aki
Re: LDA ignores virtual mailbox settings
Hi Aki, On Mon, Dec 28, 2020 at 03:37:33PM +0200, Aki Tuomi wrote: > What you are describing will not be solved by looking at dovecot > source code. ok. > Can you describe your configuration more? Maybe you are running > dovecot in chroot or something? Can you consider using LMTP instead of > LDA? I want to have as much information about the users and their mailboxes as possible in an SQL database (I use Pg), so I can easily move things around, change permissions and what-not. I thought about using LMTP, but so far shyed away from it because I suspected that it would be unable to do uid/gid switching on a per-user basis. But I'll check this idea out as well. I have not done anything special to the Debian installation, but checking if that contains an unwanted chroot somewhere, is a good idea! Thanks, Toni
Re: LDA ignores virtual mailbox settings
Hi, Toni Mueller, 27.12.20: 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 dovecot: lda(u...@example.com)<5291>: msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, orig_to=, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) In /etc/postfix/master.cf, I have this to call it: dovecot unix - n n - - pipe flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient} I've tried strace-ing dovecot-lda, but it didn't really help me to understand why it discards the result of the userdb lookup. Can anyone please provide a cluebat, please? I'd change the setup towards postfix handing over the messages to dovecot via lmtp. You can easily achive this by setting relay_domains = btree:/etc/postfix/relay-transport in your postfix configuration and creating a file /etc/postfix/relay-transport: your_mail_domain lmtp:unix:private/lmtp-dovecot Mit freundlichen Grüßen Christian Schmidt -- No signature available.
Re: LDA ignores virtual mailbox settings
> On 28/12/2020 15:06 Toni Mueller wrote: > > > Hi Tamsy, > > On Mon, Dec 28, 2020 at 09:47:54AM +, Toni Mueller wrote: > > On Mon, Dec 28, 2020 at 09:52:17AM +0700, Tamsy wrote: > > > Try this: > > > > > > mail_home = /path-to-mailboxen/%d/%n > > > mail_location = maildir:~/Maildir:LAYOUT=fs > > > > > > and > > > > > > namespace inbox { > > > separator = / > > > prefix = > > > inbox = yes > > > subscriptions = yes > > > list = yes > > > type = private > > > hidden = no > > > } > > > > thank you for the idea. > > > > I'll give it a try (there was another variable needed to be set to avoid > > clashes with "new", but the name escapes me atm), although it doesn't > > cover a number of special cases that I have, where the location of the > > mailboxen does not follow this pattern. > > > > In the end, I want the database to be the single source of truth. > > well, I tried, but with no luck. LDA still wants to deliver to > /var/mail, as before. > > I am pretty sure that it must work somehow to fetch all data from a > database, because it did before. It would be really strange if someone > would have culled that functionaility. I am just not yet sure whether > it's just me not getting it right, or whether there's actually a bug. > > Next stop: Read Dovecot's source code (I dread that), unless someone > comes up with a better idea. > > Please. > > > Thanks, > Toni What you are describing will not be solved by looking at dovecot source code. Can you describe your configuration more? Maybe you are running dovecot in chroot or something? Can you consider using LMTP instead of LDA? Aki
Re: LDA ignores virtual mailbox settings
Hi Tamsy, On Mon, Dec 28, 2020 at 09:47:54AM +, Toni Mueller wrote: > On Mon, Dec 28, 2020 at 09:52:17AM +0700, Tamsy wrote: > > Try this: > > > > mail_home = /path-to-mailboxen/%d/%n > > mail_location = maildir:~/Maildir:LAYOUT=fs > > > > and > > > > namespace inbox { > > separator = / > > prefix = > > inbox = yes > > subscriptions = yes > > list = yes > > type = private > > hidden = no > > } > > thank you for the idea. > > I'll give it a try (there was another variable needed to be set to avoid > clashes with "new", but the name escapes me atm), although it doesn't > cover a number of special cases that I have, where the location of the > mailboxen does not follow this pattern. > > In the end, I want the database to be the single source of truth. well, I tried, but with no luck. LDA still wants to deliver to /var/mail, as before. I am pretty sure that it must work somehow to fetch all data from a database, because it did before. It would be really strange if someone would have culled that functionaility. I am just not yet sure whether it's just me not getting it right, or whether there's actually a bug. Next stop: Read Dovecot's source code (I dread that), unless someone comes up with a better idea. Please. Thanks, Toni
Re: LDA ignores virtual mailbox settings
Hi Tamsy, (your message was formatted a bit strangely) On Mon, Dec 28, 2020 at 09:52:17AM +0700, Tamsy wrote: > Try this: > > mail_home = /path-to-mailboxen/%d/%n > mail_location = maildir:~/Maildir:LAYOUT=fs > > and > > namespace inbox { > separator = / > prefix = > inbox = yes > subscriptions = yes > list = yes > type = private > hidden = no > } thank you for the idea. I'll give it a try (there was another variable needed to be set to avoid clashes with "new", but the name escapes me atm), although it doesn't cover a number of special cases that I have, where the location of the mailboxen does not follow this pattern. In the end, I want the database to be the single source of truth. Thanks, Toni
Re: LDA ignores virtual mailbox settings
*From:* Toni Mueller [mailto:supp...@oeko.net] *Sent:* Monday, December 28, 2020, 3:18 AM *To:* Aki Tuomi *Cc:* dovecot@dovecot.org *Subject:* LDA ignores virtual mailbox settings Hi Aki, thanks for your quick response! On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote: On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote: 16:04:16 dovecot: auth: Debug: master in:USER#0111#011u...@example.com#011service=lda 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't return userdb entries, trying the next userdb 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = 'A' 16:04:16 dovecot: auth: Debug: userdb out:USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 ^^ This shows that the database lookup works. The intended effect should be that the message is delivered to /path-to-mailboxen/example.com/user/Maidir/new 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: setegid(privileged) failed: Operation not permitted 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) ^^ And this shows that dovecot-lda just ignores the result. 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 dovecot: lda(u...@example.com)<5291>: msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, orig_to=, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) In /etc/postfix/master.cf, I have this to call it: dovecot unix - n n - - pipe flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient} Try adding mail_privileged_group = mail I am not sure why you recommend this. I never ever want to deliver to /var/mail, and my mailbox directory has group 'mailbox' - hence I have mail_privileged_group = mailbox in my configuration. My question is why this thing wants to deliver to /var/mail, despite having a different location from the userdb, and how I can force it to use the location from the userdb. Thanks, Toni Sorry, I misread your problem.. can you try checking output of `doveadm user ` # doveadm useru...@example.com field value uid 12345 gid 12345 home/path-to-mailboxen/example.com/user mailmaildir:~/Maildir:INBOX=~/Maildir quota_rule *:storage=0 and `doveadm auth lookup ` # doveadm -v auth lookupu...@example.com passdb:u...@example.com user :u...@example.com Also, including `doveconf -n` would be useful. # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7 # Hostname: testvm.example.com auth_debug = yes auth_debug_passwords = yes auth_failure_delay = 0 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time} %{storage_id} %{secured} disable_plaintext_auth = no login_access_sockets = tcpwrap mail_debug = yes mail_location = maildir:~/Maildir:INBOX=~/Maildir mail_privileged_group = mailbox managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = maildir:~/Maildir:INBOX=~/Maildir mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { expire = Tra
Re: LDA ignores virtual mailbox settings
Hi Aki, thanks for your quick response! On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote: > > On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote: > > > > 16:04:16 dovecot: auth: Debug: master in: > > > > USER#0111#011u...@example.com#011service=lda > > > > 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb > > > > didn't return userdb entries, trying the next userdb > > > > 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT > > > > '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota > > > > as quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND > > > > status = 'A' > > > > 16:04:16 dovecot: auth: Debug: userdb out: > > > > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 > > > > > > > > ^^ > > > > > > > > This shows that the database lookup works. The intended effect should be > > > > that the message is delivered to > > > > > > > > /path-to-mailboxen/example.com/user/Maidir/new > > > > > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > > Error: setegid(privileged) failed: Operation not permitted > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > > Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed: > > > > Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w > > > > perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > > > > > > ^^ > > > > > > > > And this shows that dovecot-lda just ignores the result. > > > > > > > > > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > > Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > > > > open(/var/mail/u...@example.com) failed: Permission denied > > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, > > > > we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > > msgid=<20201226224933.014...@laptop.example.com>: save failed to open > > > > mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox > > > > INBOX: open(/var/mail/u...@example.com) failed: Permission denied > > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, > > > > we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, > > > > orig_to=, relay=dovecot, delay=62083, > > > > delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) > > > > > > > > > > > > In /etc/postfix/master.cf, I have this to call it: > > > > > > > > dovecot unix - n n - - pipe > > > > flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} > > > > -d ${user}@${domain} -a ${recipient} > > > > > > > Try adding > > > > > > mail_privileged_group = mail > > > > I am not sure why you recommend this. I never ever want to deliver to > > /var/mail, and my mailbox directory has group 'mailbox' - hence I have > > > > mail_privileged_group = mailbox > > > > in my configuration. > > > > My question is why this thing wants to deliver to /var/mail, despite > > having a different location from the userdb, and how I can force it to > > use the location from the userdb. > > > > > > Thanks, > > Toni > > Sorry, I misread your problem.. > > can you try checking output of > > `doveadm user ` # doveadm user u...@example.com field value uid 12345 gid 12345 home/path-to-mailboxen/example.com/user mailmaildir:~/Maildir:INBOX=~/Maildir quota_rule *:storage=0 > and > > `doveadm auth lookup ` # doveadm -v auth lookup u...@example.com passdb: u...@example.com user : u...@example.com > Also, including `doveconf -n` would be useful. # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7 # Hostname: testvm.example.com auth_debug = yes auth_debug_passwords = yes auth_failure_delay = 0 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time} %{storage_id} %{secured} disable_plaintext_auth = no login_access_sockets = tcpwrap mail_debug = yes mail_location = maildir:~/Maildir:INBOX=~/Maildir mail_privileged_group = mailbox managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = maildir:~/Maildir:INBOX=~/Maildir mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbo
Re: LDA ignores virtual mailbox settings
Hi, On Sun, Dec 27, 2020 at 07:54:56PM +, Toni Mueller wrote: > My question is why this thing wants to deliver to /var/mail, despite > having a different location from the userdb, and how I can force it to > use the location from the userdb. I forgot to say that this thing has no trouble writing a file to roughly the desired location, reading /path-to-mailboxen/example.com/user/mail/.imap /path-to-mailboxen/example.com/user/mail/.imap/dovecot.list.index.log I've tried again by removing the entire user's directory, then saying "postfix flush" to push the email, when the file above was re-created. Thanks, Toni
Re: LDA ignores virtual mailbox settings
> On 27/12/2020 21:54 Toni Mueller wrote: > > > Hi Aki, > > On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote: > > > On 27/12/2020 18:19 Toni Mueller wrote: > > > > > > 16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=, > > > size=880, nrcpt=1 (queue active) > > > 16:04:16 dovecot: auth: Debug: master in: > > > USER#0111#011u...@example.com#011service=lda > > > 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't > > > return userdb entries, trying the next userdb > > > 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT > > > '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as > > > quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status > > > = 'A' > > > 16:04:16 dovecot: auth: Debug: userdb out: > > > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 > > > > > > ^^ > > > > > > This shows that the database lookup works. The intended effect should be > > > that the message is delivered to > > > > > > /path-to-mailboxen/example.com/user/Maidir/new > > > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > Error: setegid(privileged) failed: Operation not permitted > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission > > > denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: > > > /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > > > > ^^ > > > > > > And this shows that dovecot-lda just ignores the result. > > > > > > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > > > open(/var/mail/u...@example.com) failed: Permission denied > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, > > > we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > > msgid=<20201226224933.014...@laptop.example.com>: save failed to open > > > mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox > > > INBOX: open(/var/mail/u...@example.com) failed: Permission denied > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, > > > we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, > > > orig_to=, relay=dovecot, delay=62083, > > > delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) > > > > > > > > > In /etc/postfix/master.cf, I have this to call it: > > > > > > dovecot unix - n n - - pipe > > > flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d > > > ${user}@${domain} -a ${recipient} > > > > > Try adding > > > > mail_privileged_group = mail > > I am not sure why you recommend this. I never ever want to deliver to > /var/mail, and my mailbox directory has group 'mailbox' - hence I have > > mail_privileged_group = mailbox > > in my configuration. > > My question is why this thing wants to deliver to /var/mail, despite > having a different location from the userdb, and how I can force it to > use the location from the userdb. > > > Thanks, > Toni Sorry, I misread your problem.. can you try checking output of `doveadm user ` and `doveadm auth lookup ` Also, including `doveconf -n` would be useful. Aki
Re: LDA ignores virtual mailbox settings
Hi Aki, On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote: > > On 27/12/2020 18:19 Toni Mueller wrote: > > > > 16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=, size=880, > > nrcpt=1 (queue active) > > 16:04:16 dovecot: auth: Debug: master in: > > USER#0111#011u...@example.com#011service=lda > > 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't > > return userdb entries, trying the next userdb > > 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT > > '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as > > quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = > > 'A' > > 16:04:16 dovecot: auth: Debug: userdb out: > > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 > > > > ^^ > > > > This shows that the database lookup works. The intended effect should be > > that the message is delivered to > > > > /path-to-mailboxen/example.com/user/Maidir/new > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > Error: setegid(privileged) failed: Operation not permitted > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission > > denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, > > we're not in group 8(mail), dir owned by 0:8 mode=0775) > > > > ^^ > > > > And this shows that dovecot-lda just ignores the result. > > > > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > > open(/var/mail/u...@example.com) failed: Permission denied > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > > not in group 8(mail), dir owned by 0:8 mode=0775) > > 16:04:16 dovecot: lda(u...@example.com)<5291>: > > msgid=<20201226224933.014...@laptop.example.com>: save failed to open > > mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > > open(/var/mail/u...@example.com) failed: Permission denied > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > > not in group 8(mail), dir owned by 0:8 mode=0775) > > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, > > orig_to=, relay=dovecot, delay=62083, > > delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) > > > > > > In /etc/postfix/master.cf, I have this to call it: > > > > dovecot unix - n n - - pipe > > flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d > > ${user}@${domain} -a ${recipient} > > > Try adding > > mail_privileged_group = mail I am not sure why you recommend this. I never ever want to deliver to /var/mail, and my mailbox directory has group 'mailbox' - hence I have mail_privileged_group = mailbox in my configuration. My question is why this thing wants to deliver to /var/mail, despite having a different location from the userdb, and how I can force it to use the location from the userdb. Thanks, Toni
Re: LDA ignores virtual mailbox settings
> On 27/12/2020 18:19 Toni Mueller wrote: > > > Hi, > > I have a Debian/Buster system with Postfix and Dovecot from the Debian > repo, and with virtual users only (ie, no system users). These virtual > users are having all of their uids, gids, homes and mail quota in an > PostgreSQL database. The intent is to have postfix deliver the email via > dovecot's LDA, so I can set quota on a per-user basis. > > But for some odd reason, Dovecot's LDA can't find the user data from the > userdb, and then complains about not being able to write to /var/mail. > The following example shows how things fail when delivering a message > from Postfix's queue (therefore, the passdb failure is expected): > > In /etc/dovecot.conf, I have this, amongst other things: > > > mail_location = maildir:~/Maildir:INBOX=~/Maildir > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf.ext > } > userdb { > driver = prefetch > } > userdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf.ext > } > protocol lda { > mail_plugins = autocreate quota mail_log trash virtual notify > } > > > > > 16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=, size=880, > nrcpt=1 (queue active) > 16:04:16 dovecot: auth: Debug: master in: > USER#0111#011u...@example.com#011service=lda > 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't > return userdb entries, trying the next userdb > 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT > '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as > quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = > 'A' > 16:04:16 dovecot: auth: Debug: userdb out: > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 > > ^^ > > This shows that the database lookup works. The intended effect should be > that the message is delivered to > > /path-to-mailboxen/example.com/user/Maidir/new > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: > setegid(privileged) failed: Operation not permitted > 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: > Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > not in group 8(mail), dir owned by 0:8 mode=0775) > > ^^ > > And this shows that dovecot-lda just ignores the result. > > > 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: > Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > open(/var/mail/u...@example.com) failed: Permission denied > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > not in group 8(mail), dir owned by 0:8 mode=0775) > 16:04:16 dovecot: lda(u...@example.com)<5291>: > msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox > INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: > open(/var/mail/u...@example.com) failed: Permission denied > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're > not in group 8(mail), dir owned by 0:8 mode=0775) > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, > orig_to=, relay=dovecot, delay=62083, > delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) > > > In /etc/postfix/master.cf, I have this to call it: > > dovecot unix - n n - - pipe > flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d > ${user}@${domain} -a ${recipient} > > > I've tried strace-ing dovecot-lda, but it didn't really help me to > understand why it discards the result of the userdb lookup. > > > Can anyone please provide a cluebat, please? > > > > Thanks, > Toni Try adding mail_privileged_group = mail to your dovecot.conf. See https://doc.dovecot.org/settings/core/#mail-privileged-group Aki
LDA ignores virtual mailbox settings
Hi, I have a Debian/Buster system with Postfix and Dovecot from the Debian repo, and with virtual users only (ie, no system users). These virtual users are having all of their uids, gids, homes and mail quota in an PostgreSQL database. The intent is to have postfix deliver the email via dovecot's LDA, so I can set quota on a per-user basis. But for some odd reason, Dovecot's LDA can't find the user data from the userdb, and then complains about not being able to write to /var/mail. The following example shows how things fail when delivering a message from Postfix's queue (therefore, the passdb failure is expected): In /etc/dovecot.conf, I have this, amongst other things: mail_location = maildir:~/Maildir:INBOX=~/Maildir passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = prefetch } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } protocol lda { mail_plugins = autocreate quota mail_log trash virtual notify } 16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=, size=880, nrcpt=1 (queue active) 16:04:16 dovecot: auth: Debug: master in: USER#0111#011u...@example.com#011service=lda 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't return userdb entries, trying the next userdb 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = 'A' 16:04:16 dovecot: auth: Debug: userdb out: USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0 ^^ This shows that the database lookup works. The intended effect should be that the message is delivered to /path-to-mailboxen/example.com/user/Maidir/new 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: setegid(privileged) failed: Operation not permitted 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) ^^ And this shows that dovecot-lda just ignores the result. 16:04:16 dovecot: lda(u...@example.com)<5291>: Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 dovecot: lda(u...@example.com)<5291>: msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=, orig_to=, relay=dovecot, delay=62083, delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure) In /etc/postfix/master.cf, I have this to call it: dovecot unix - n n - - pipe flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -a ${recipient} I've tried strace-ing dovecot-lda, but it didn't really help me to understand why it discards the result of the userdb lookup. Can anyone please provide a cluebat, please? Thanks, Toni