>
> ps -eo pid,user,group,comm | grep postfix
> 2886706 postfix postfix pickup
> 2886707 postfix postfix qmgr
> 2886764 postfix postfix tlsmgr
Also as far as I know, postfix logs to syslog too. At least there is no
dedicated file or folder for it in /var/log.
Setting the permissions in /var/log/dovecot to 666 actually didn't
solve the problem, which just opens a whole other bunch of questions. So in
case that for some odd reason AppArmor logs aren't logged to syslog (and
also it doesn't have a dedicated file), these are the rules for dovecot and
postfix I could find:
postfix has an apparmor (in abstractions) file that doesn't say anything
about /var/log. It only has these rules for things in /var:
/var/spool/postfix/etc/* r,
/var/spool/postfix/lib/lib*.so* mr,
/var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/
/var/vmail/ /var/mail/ /var/spool/mail
Which doesn't seem to be relevant for this. No idea how dovecot can put the
mail into /maildirs/username, but since that's working I'm not complaining.
The file in abstractions only contains this:
# used with dovecot/*
abi <abi/3.0>,
capability setgid,
deny capability block_suspend,
# dovecot's master can send us signals
signal receive peer=dovecot,
owner @{run}/dovecot/config rw,
# Include additions to the abstraction
include if exists <abstractions/dovecot-common.d>
Am Di., 14. Mai 2024 um 13:45 Uhr schrieb <to...@tuxteam.de>:
> On Tue, May 14, 2024 at 01:29:17PM +0200, Richard wrote:
> > My guess is that postfix runs as postfix.
>
> That would be my guess too (or perhaps as some special "Debian-+postfix".
>
> > At least processes like local,
> > smtpd, bounce etc run as that user. But beyond that I have no idea how to
> > find that out. At least there's nothing in the postfix.service or
> > postfix@.service
> > about that. So I've changed the files to dovecot:postfix 664, but same
> > error.
>
> You might try
>
> ps -eo pid,user,group,comm | grep postfix
>
> or similar. Or have a look at Posrfix's log file ownerships.
>
> You might try making the log files in question world writable just
> to see whether the problem disappears or this approach is a blind
> alley (don't forget to revert that: leaving them world-writable
> seems like asking for trouble).
>
> Cheers
> --
> t
>
