Thanks for the links: those were what I followed when I set things up.
The dovecot user is the $default_internal_user.
hermes conf.d # dovecot -n
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.2-hardened-r1-bordernet x86_64 Gentoo Base System release
2.1 ext4
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
auth_verbose_passwords = plain
disable_plaintext_auth = no
login_greeting = Awaiting command...
mail_location = maildir:/home/vmail/%d/%n/Maildir
mail_plugins = " quota"
mail_privileged_group = 100
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
expire = Trash 7
expire2 = Trash/* 7
expire3 = Spam 7
quota = maildir:User quota
quota_rule = *:storage=200M
quota_warning = storage=95%% quota-warning 95 %n %d
quota_warning2 = storage=80%% quota-warning 80 %n %d
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /home/vmail/dovecot/sieve
sieve_global_path = /home/vmail/dovecot/sieve/default.sieve
}
protocols = imap pop3 sieve
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = $default_internal_user
}
service quota-warning {
executable = script /etc/dovecot/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = dovecot
}
ssl_cert = </etc/ssl/dovecot/server.pem
ssl_key = </etc/ssl/dovecot/server.key
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = sieve quota
}
protocol lda {
mail_plugins = " quota sieve quota"
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = " quota quota imap_quota"
}
protocol pop3 {
mail_plugins = " quota quota"
}
hermes conf.d # stat /usr/libexec/dovecot/deliver
File: '/usr/libexec/dovecot/deliver' -> 'dovecot-lda'
Size: 11 Blocks: 0 IO Block: 4096 symbolic link
Device: 805h/2053d Inode: 267375 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2012-11-24 17:44:04.440976879 +0000
Modify: 2012-11-24 17:44:04.440976879 +0000
Change: 2012-11-24 17:44:04.440976879 +0000
Birth: -
hermes conf.d # stat /usr/libexec/dovecot/dovecot-lda
File: '/usr/libexec/dovecot/dovecot-lda'
Size: 22432 Blocks: 48 IO Block: 4096 regular file
Device: 805h/2053d Inode: 849010 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2012-11-24 17:43:57.124794021 +0000
Modify: 2012-11-24 17:44:02.204920992 +0000
Change: 2012-11-24 17:44:04.444976978 +0000
Birth: -
Thanks in advance for your help.
Chris
On Sat, March 2, 2013 11:15 am, Daniel Parthey wrote:
> Chris Richards wrote:
>> I've got a dovecot server running version 2.0.19 on Gentoo Hardened. I
>> have Postfix as my MTA, and it is calling the Dovecot LDA to deliver the
>> mail. Everything is working great, mail is being delivered, and the
>> users
>> are happy.
>>
>> However, I am noticing that I have random entries like this:
>>
>> Mar 1 20:19:23 hermes dovecot: lda: Error: userdb lookup:
>> connect(/var/run/dovecot/auth-userdb) failed: Permission denied
>> (euid=97(dovecot) egid=97(dovecot) missing +r perm:
>> /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755)
>> Mar 1 20:19:23 hermes dovecot: lda: Fatal: Internal error occurred.
>> Refer
>> to server log for more information.
>>
>> In Postfix master.cf, I have the following:
>> dovecot unix - n n - - pipe
>> flags=DRhu user=vmail:users argv=/usr/libexec/dovecot/deliver -f
>> ${sender} -d ${user}@${nexthop}
>>
>> Permissions on the socket are:
>> srw------- 1 vmail vmail 0 Feb 24 23:43 auth-userdb
>>
>> Judging from the log, my problem is that the LDA appears to be trying to
>> access the socket as the dovecot user (rather than the vmail user), but
>> my
>> question is why? What logging can I use to tell me if postfix is
>> calling
>> with the wrong permissions or if the lda is somehow getting confused?
>
> Have a look at
> http://wiki2.dovecot.org/LDA
> http://wiki2.dovecot.org/LDA/Postfix
> Maybe there you will find some helpful hints.
>
> Is /usr/libexec/dovecot/deliver or /usr/libexec/dovecot/dovecot-lda
> somehow setuid or setgid and owner/group dovecot? Where does the
> effective user euid=97(dovecot) and effective group egid=97(dovecot)
> come from, is it somewhere your dovecot config?
>
> Please show full output of
> # doveconf -n
> # stat /usr/libexec/dovecot/deliver
> # stat /usr/libexec/dovecot/dovecot-lda
>
> Regards
> Daniel
