Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee wrote on 11/10/2010: Here is the postconf -n: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticatedpermit_tls_clientcerts reject_unauth_destinationreject_invalid_helo_hostname reject_non_fqdn_senderreject_non_fqdn_recipient reject_rbl_client cbl.abuseat.orgreject_rbl_client list.dsbl.orgreject_rbl_client opm.blitzed.org reject_rbl_client sbl.spamhaus.orgreject_rbl_client bl.spamcop.netreject_rbl_client dnsbl.sorbs.net=127.0.0.2 reject_rbl_client dnsbl.sorbs.net=127.0.0.3reject_rbl_client dnsbl.sorbs.net=127.0.0.4reject_rbl_client dnsbl.sorbs.net=127.0.0.5reject_rbl_client dnsbl.sorbs.net=127.0.0.7reject_rbl_client dnsbl.sorbs.net=127.0.0.9reject_rbl_client dnsbl.sorbs.net=127.0.0.11reject_rbl_client dnsbl.sorbs.net=127.0.0.12 these DNSBL's are dead: opm.blitzed.org list.dsbl.org -- Daniel
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee wrote on 11/10/2010: Here is the dovecot entry from master.cf: dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/local/libexec/dovecot/deliver -d ${recipient} Maybe the problem is that you run deliver as user dovecot. You should use another user/group for deliver. Also you should make sure that this user/group has correct permissions on /usr/vmail. (See also: http://wiki2.dovecot.org/UserIds) -- Daniel
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
On Wed, 2010-11-10 at 00:01 -0500, Maxime Longuepee wrote: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted Herein lies the answer, check the permissions and ownership signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:01 PM: I've been having an issue with dovecot since yesterday and can't figure it out. It would be really helpful if you mentioned what you changed yesterday. If delivery functioned before yesterday, and now it doesn't, you obviously changed something that caused breakage. All my users can send mail without any problem but all incomming mail are deffered. Here is the log from postfix complaining the mail has been deferred: Nov 9 23:35:51 www postfix/pipe[50019]: A20EB145FC2C: to=, relay=dovecot, delay=819, delays=819/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure) And here is the log from dovecot complaining it can't complete the operation /var/log/dovecot-deliver.log: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:01 PM: I've been having an issue with dovecot since yesterday and can't figure it out. It would be really helpful if you mentioned what you changed yesterday. If delivery functioned before yesterday, and now it doesn't, you obviously changed something that caused breakage. All my users can send mail without any problem but all incomming mail are deffered. Here is the log from postfix complaining the mail has been deferred: Nov 9 23:35:51 www postfix/pipe[50019]: A20EB145FC2C: to=, relay=dovecot, delay=819, delays=819/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure) And here is the log from dovecot complaining it can't complete the operation /var/log/dovecot-deliver.log: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted I didn't change anything. This is a brand new install i'm trying to get to work.
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n Here is the postconf -n: address_verify_map = btree:/var/spool/postfix/address_verify broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/spool/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost invalid_hostname_reject_code = 450 mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maps_rbl_reject_code = 450 mydestination = SERVERNAME.HIDDEN.FOR.PRIVACY, localhost.SERVERNAME.HIDDEN.FOR.PRIVACY, localhost myhostname = SERVERNAME.HIDDEN.FOR.PRIVACY mynetworks = 127.0.0.1, SERVERNAME.HIDDEN.FOR.PRIVACY mynetworks_style = host myorigin = SERVERNAME.HIDDEN.FOR.PRIVACY newaliases_path = /usr/local/bin/newaliases non_fqdn_reject_code = 450 owner_request_special = no queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + sample_directory = /usr/local/etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_tls_cert_file = /etc/ssl/server.crt smtp_tls_key_file = /etc/ssl/server.key smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce,permit smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticatedpermit_tls_clientcerts reject_unauth_destinationreject_invalid_helo_hostname reject_non_fqdn_senderreject_non_fqdn_recipient reject_rbl_client cbl.abuseat.orgreject_rbl_client list.dsbl.orgreject_rbl_client opm.blitzed.org reject_rbl_client sbl.spamhaus.orgreject_rbl_client bl.spamcop.netreject_rbl_client dnsbl.sorbs.net=127.0.0.2 reject_rbl_client dnsbl.sorbs.net=127.0.0.3reject_rbl_client dnsbl.sorbs.net=127.0.0.4reject_rbl_client dnsbl.sorbs.net=127.0.0.5reject_rbl_client dnsbl.sorbs.net=127.0.0.7reject_rbl_client dnsbl.sorbs.net=127.0.0.9reject_rbl_client dnsbl.sorbs.net=127.0.0.11reject_rbl_client dnsbl.sorbs.net=127.0.0.12 smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/server.crt smtpd_tls_key_file = /etc/ssl/server.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf virtual_gid_maps = static:6 virtual_mailbox_base = /usr/vmail virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 143 virtual_transport = dovecot virtual_uid_maps = static:143 and here is the dovecot -n: auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 143 info_log_path = /var/log/maillog last_valid_uid = 143 listen = * log_path = /var/log/maillog login_log_format_elements = user=%u method=%m rip=%r lip=%l %c mail_debug = yes mail_location = maildir:/usr/vmail/%d/%u mail_privileged_group = mail passdb { args = /usr/local/etc/dovecot-sql.conf driver = sql } plugin { acl = vfile:/usr/local/etc/dovecot-acls quota = maildir:storage=10240:messages=1000 trash = /usr/local/etc/dovecot-trash.conf } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } unix_listener auth-master { group = mail mode = 0660 user = dovecot } user = dovecot } service imap-login { process_limit = 128 process_min_avail = 3 service_count = 1 user = dovecot-auth } service pop3-login { process_limit = 128 process_min_avail = 3 service_count = 1 user = dovecot-auth } ssl_cert = /etc/ssl/server.crt ssl_cipher_list = ALL:!LOW ssl_key = /etc/ssl/server.key userdb { args = /usr/local/etc/dovecot-sql.conf driver = sql } userdb { driver = prefetch } verbose_proctitle = yes protocol imap { imap_client_workarounds = delay-newmail } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:24 PM: Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n I forgot to mention master.cf. Need that also, at least the dovecot entry. -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:24 PM: Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n I forgot to mention master.cf. Need that also, at least the dovecot entry. Here is the dovecot entry from master.cf: dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/local/libexec/dovecot/deliver -d ${recipient} I really appreciate the fact that you are trying to help me, thanks and I hope you will able to solve that problem!
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:42 PM: Here is the dovecot entry from master.cf: dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/local/libexec/dovecot/deliver -d ${recipient} I really appreciate the fact that you are trying to help me, thanks and I hope you will able to solve that problem! Well, virtual user setups aren't my specialty, so don't hold your breath. ;) http://linux.die.net/man/2/setresgid You elided your OS platform from your dovecot -n. What OS/version is this? From: https://www.securecoding.cert.org/confluence/download/attachments/26017980/07+UNIX+Permissions+and+Privileges.pdf?version=1modificationDate=1238607959000 The results of the setresgid() expression depends on the OS. You may require Timo's assistance on this one. -- Stan