Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee wrote on 11/10/2010: Here is the postconf -n: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticatedpermit_tls_clientcerts reject_unauth_destinationreject_invalid_helo_hostname reject_non_fqdn_senderreject_non_fqdn_recipient reject_rbl_client cbl.abuseat.orgreject_rbl_client list.dsbl.orgreject_rbl_client opm.blitzed.org reject_rbl_client sbl.spamhaus.orgreject_rbl_client bl.spamcop.netreject_rbl_client dnsbl.sorbs.net=127.0.0.2 reject_rbl_client dnsbl.sorbs.net=127.0.0.3reject_rbl_client dnsbl.sorbs.net=127.0.0.4reject_rbl_client dnsbl.sorbs.net=127.0.0.5reject_rbl_client dnsbl.sorbs.net=127.0.0.7reject_rbl_client dnsbl.sorbs.net=127.0.0.9reject_rbl_client dnsbl.sorbs.net=127.0.0.11reject_rbl_client dnsbl.sorbs.net=127.0.0.12 these DNSBL's are dead: opm.blitzed.org list.dsbl.org -- Daniel
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee wrote on 11/10/2010:
Here is the dovecot entry from master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=dovecot:dovecot
argv=/usr/local/libexec/dovecot/deliver -d ${recipient}
Maybe the problem is that you run deliver as user dovecot. You
should use another user/group for deliver. Also you should make sure
that this user/group has correct permissions on /usr/vmail.
(See also: http://wiki2.dovecot.org/UserIds)
--
Daniel
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
On Wed, 2010-11-10 at 00:01 -0500, Maxime Longuepee wrote: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted Herein lies the answer, check the permissions and ownership signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:01 PM: I've been having an issue with dovecot since yesterday and can't figure it out. It would be really helpful if you mentioned what you changed yesterday. If delivery functioned before yesterday, and now it doesn't, you obviously changed something that caused breakage. All my users can send mail without any problem but all incomming mail are deffered. Here is the log from postfix complaining the mail has been deferred: Nov 9 23:35:51 www postfix/pipe[50019]: A20EB145FC2C: to=, relay=dovecot, delay=819, delays=819/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure) And here is the log from dovecot complaining it can't complete the operation /var/log/dovecot-deliver.log: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:01 PM: I've been having an issue with dovecot since yesterday and can't figure it out. It would be really helpful if you mentioned what you changed yesterday. If delivery functioned before yesterday, and now it doesn't, you obviously changed something that caused breakage. All my users can send mail without any problem but all incomming mail are deffered. Here is the log from postfix complaining the mail has been deferred: Nov 9 23:35:51 www postfix/pipe[50019]: A20EB145FC2C: to=, relay=dovecot, delay=819, delays=819/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure) And here is the log from dovecot complaining it can't complete the operation /var/log/dovecot-deliver.log: Nov 09 23:35:51 lda(EMAIL REMOVED FOR PRIVACY): Fatal: setresgid(6(mail),6(mail),6(mail)) failed with euid=143(dovecot): Operation not permitted I didn't change anything. This is a brand new install i'm trying to get to work.
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit :
Maxime Longuepee put forth on 11/9/2010 11:11 PM:
I didn't change anything.
This is a brand new install i'm trying to get to work.
Non-obfuscated output of the following commands would be helpful:
postconf -n
dovecot -n
Here is the postconf -n:
address_verify_map = btree:/var/spool/postfix/address_verify
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/spool/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = $myhostname, localhost
invalid_hostname_reject_code = 450
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_reject_code = 450
mydestination = SERVERNAME.HIDDEN.FOR.PRIVACY,
localhost.SERVERNAME.HIDDEN.FOR.PRIVACY, localhost
myhostname = SERVERNAME.HIDDEN.FOR.PRIVACY
mynetworks = 127.0.0.1, SERVERNAME.HIDDEN.FOR.PRIVACY
mynetworks_style = host
myorigin = SERVERNAME.HIDDEN.FOR.PRIVACY
newaliases_path = /usr/local/bin/newaliases
non_fqdn_reject_code = 450
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_tls_cert_file = /etc/ssl/server.crt
smtp_tls_key_file = /etc/ssl/server.key
smtp_tls_security_level = may
smtp_tls_session_cache_database =
btree:/var/spool/postfix/smtp_tls_session_cache
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticatedpermit_tls_clientcerts
reject_unauth_destinationreject_invalid_helo_hostname
reject_non_fqdn_senderreject_non_fqdn_recipient
reject_rbl_client cbl.abuseat.orgreject_rbl_client
list.dsbl.orgreject_rbl_client opm.blitzed.org
reject_rbl_client sbl.spamhaus.orgreject_rbl_client
bl.spamcop.netreject_rbl_client dnsbl.sorbs.net=127.0.0.2
reject_rbl_client dnsbl.sorbs.net=127.0.0.3reject_rbl_client
dnsbl.sorbs.net=127.0.0.4reject_rbl_client
dnsbl.sorbs.net=127.0.0.5reject_rbl_client
dnsbl.sorbs.net=127.0.0.7reject_rbl_client
dnsbl.sorbs.net=127.0.0.9reject_rbl_client
dnsbl.sorbs.net=127.0.0.11reject_rbl_client
dnsbl.sorbs.net=127.0.0.12
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/ssl/server.crt
smtpd_tls_key_file = /etc/ssl/server.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:6
virtual_mailbox_base = /usr/vmail
virtual_mailbox_domains =
mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 143
virtual_transport = dovecot
virtual_uid_maps = static:143
and here is the dovecot -n:
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 143
info_log_path = /var/log/maillog
last_valid_uid = 143
listen = *
log_path = /var/log/maillog
login_log_format_elements = user=%u method=%m rip=%r lip=%l %c
mail_debug = yes
mail_location = maildir:/usr/vmail/%d/%u
mail_privileged_group = mail
passdb {
args = /usr/local/etc/dovecot-sql.conf
driver = sql
}
plugin {
acl = vfile:/usr/local/etc/dovecot-acls
quota = maildir:storage=10240:messages=1000
trash = /usr/local/etc/dovecot-trash.conf
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
unix_listener auth-master {
group = mail
mode = 0660
user = dovecot
}
user = dovecot
}
service imap-login {
process_limit = 128
process_min_avail = 3
service_count = 1
user = dovecot-auth
}
service pop3-login {
process_limit = 128
process_min_avail = 3
service_count = 1
user = dovecot-auth
}
ssl_cert = /etc/ssl/server.crt
ssl_cipher_list = ALL:!LOW
ssl_key = /etc/ssl/server.key
userdb {
args = /usr/local/etc/dovecot-sql.conf
driver = sql
}
userdb {
driver = prefetch
}
verbose_proctitle = yes
protocol imap {
imap_client_workarounds = delay-newmail
}
protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:24 PM: Stan Hoeppner a écrit : Maxime Longuepee put forth on 11/9/2010 11:11 PM: I didn't change anything. This is a brand new install i'm trying to get to work. Non-obfuscated output of the following commands would be helpful: postconf -n dovecot -n I forgot to mention master.cf. Need that also, at least the dovecot entry. -- Stan
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Stan Hoeppner a écrit :
Maxime Longuepee put forth on 11/9/2010 11:24 PM:
Stan Hoeppner a écrit :
Maxime Longuepee put forth on 11/9/2010 11:11 PM:
I didn't change anything.
This is a brand new install i'm trying to get to work.
Non-obfuscated output of the following commands would be helpful:
postconf -n
dovecot -n
I forgot to mention master.cf. Need that also, at least the dovecot entry.
Here is the dovecot entry from master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=dovecot:dovecot
argv=/usr/local/libexec/dovecot/deliver -d ${recipient}
I really appreciate the fact that you are trying to help me, thanks and
I hope you will able to solve that problem!
Re: [Dovecot] Problem with dovecot delivery (version 2.0.7)
Maxime Longuepee put forth on 11/9/2010 11:42 PM:
Here is the dovecot entry from master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=dovecot:dovecot argv=/usr/local/libexec/dovecot/deliver
-d ${recipient}
I really appreciate the fact that you are trying to help me, thanks and
I hope you will able to solve that problem!
Well, virtual user setups aren't my specialty, so don't hold your
breath. ;)
http://linux.die.net/man/2/setresgid
You elided your OS platform from your dovecot -n. What OS/version is this?
From:
https://www.securecoding.cert.org/confluence/download/attachments/26017980/07+UNIX+Permissions+and+Privileges.pdf?version=1modificationDate=1238607959000
The results of the setresgid() expression depends on the
OS.
You may require Timo's assistance on this one.
--
Stan
