Yep, yep, yep, consider this solved. I believe I understand the issues involved, now.
Many thanks for your help! John Clements On Tue, Nov 3, 2015 at 12:44 PM, Larry Rosenman <larry...@gmail.com> wrote: > Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective > uid=1003, gid=1003, home=/home/granitemon > > > Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: > setegid(privileged) failed: Operation not permitted > > > so it's running as the normal user, and NOT with the mail group. > > I'm using exim with LMTP. LMTP is NOT a bad thing, and might make your > life easier. It does allow you to add sieve scripting if you want to via > pigeonhole. > > Sorry, I'm at a loss, as I do NOT run postfix. I'm not sure what it needs > to invoke dovecot-lda with gid mail in the group list. > > > > On Tue, Nov 3, 2015 at 2:40 PM, John Clements <johnbcleme...@gmail.com> > wrote: > >> Well, first, here are the logs I generated: >> >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective >> uid=1003, gid=1003, home=/home/granitemon >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Namespace inbox: >> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, >> subscriptions=yes location=mbox:~/mail:INBOX=/var/mail/granitemon >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: fs: >> root=/home/granitemon/mail, index=, indexpvt=, control=, >> inbox=/var/mail/granitemon, alt= >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: userdb lookup >> skipped, username taken from USER environment >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: none: root=, >> index=, indexpvt=, control=, inbox=, alt= >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Destination >> address: granite...@desmond.brinckerhoff.org (source: user@hostname) >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: >> setegid(privileged) failed: Operation not permitted >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): msgid=< >> 20151103202305.88be05f...@desmond.brinckerhoff.org>: save failed to >> INBOX: BUG: Unknown internal error >> Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: >> setegid(privileged) failed: Operation not permitted >> Nov 3 12:23:05 desmond postfix/local[26490]: 88BE05FF39: >> to=<granitemon@localhost>, relay=local, delay=0.04, >> delays=0.01/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure) >> >> At this point... well, I don't understand why dovecot signals an "Unknown >> internal error," but I think I understand that even if I *do* get this >> working, I'm pretty much throwing in the towel, because since postfix >> invokes the lda as the user receiving the mail, then this only works if all >> users receiving mail are in the mail group, which means any of them can >> mess up any other's mbox. >> >> So, it looks like even if this bug is fixed, I'm left with two obvious >> choices: >> - make /var/mail writeable by all users that receive mail, or >> - use LMTP instead. >> >> Many thanks for your help, >> >> John Clements >> >> >> On Tue, Nov 3, 2015 at 12:13 PM, Larry Rosenman <larry...@gmail.com> >> wrote: >> >>> and, are you SURE that dovecot-lda has mail in it's group list when it >>> is executing? >>> >>> On Tue, Nov 3, 2015 at 2:12 PM, Larry Rosenman <larry...@gmail.com> >>> wrote: >>> >>>> Hrm. if you turn up the debug on lda, do you get any more of a clue? >>>> >>>> Those permissions look fine to me. >>>> >>>> >>>> On Tue, Nov 3, 2015 at 2:10 PM, John Clements <johnbcleme...@gmail.com> >>>> wrote: >>>> >>>>> clements@desmond:/var/log$ ls -lda /var/mail >>>>> drwxrwsr-x 2 root mail 4096 Nov 2 22:07 /var/mail >>>>> >>>>> >>>>> Best, >>>>> >>>>> John Clements >>>>> >>>>> On Tue, Nov 3, 2015 at 11:52 AM, Larry Rosenman <larry...@gmail.com> >>>>> wrote: >>>>> >>>>>> what is the full permissions of /var/mail? >>>>>> >>>>>> >>>>>> ls -lda /var/mail >>>>>> >>>>>> On Tue, Nov 3, 2015 at 1:49 PM, John Clements < >>>>>> johnbcleme...@gmail.com> wrote: >>>>>> >>>>>>> I've been using dovecot+postfix happily for many years, and I'm now >>>>>>> configuring it for a new machine. However, I'm running into an old >>>>>>> problem >>>>>>> again, and thinking that there must be a better solution. >>>>>>> >>>>>>> The problem is that dovecot-lda is unable to create dotlock files in >>>>>>> the >>>>>>> /var/mail directory. >>>>>>> >>>>>>> Dovecot version: 1:2.2.13-12~deb8u1 (I'm guessing this is upstream >>>>>>> version >>>>>>> 2.2.13) >>>>>>> OS: Debian Jessie >>>>>>> >>>>>>> Currently, my mail directory has these permissions: >>>>>>> >>>>>>> clements@desmond:~$ ls -ld /var/mail >>>>>>> drwxrwsr-x 2 root mail 4096 Nov 2 22:07 /var/mail >>>>>>> clements@desmond:~$ ls -l /var/mail >>>>>>> total 8 >>>>>>> -rw------- 1 clements mail 1382 Nov 2 21:59 clements >>>>>>> -rw------- 1 granitemon mail 530 Nov 2 22:07 granitemon >>>>>>> >>>>>>> I've added >>>>>>> mail_privileged_group = mail >>>>>>> to allow creation of the dotlock files. >>>>>>> >>>>>>> When I configure postfix to deliver using dovecot-lda, I get logs >>>>>>> that look >>>>>>> like this: >>>>>>> >>>>>>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: >>>>>>> setegid(privileged) failed: Operation not permitted >>>>>>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< >>>>>>> 20151103181306.a4b5b5f...@desmond.xxxdomain.org>: save failed to >>>>>>> INBOX: >>>>>>> BUG: Unknown internal error >>>>>>> >>>>>>> In order to isolate the error, I took postfix out of the equation, >>>>>>> and >>>>>>> called dovecot-lda directly: >>>>>>> >>>>>>> clements@desmond:/tmp$ cat bogusmail >>>>>>> From: cleme...@xxxdomain.org >>>>>>> To: granitemon@localhost >>>>>>> Date: November 3 2015 >>>>>>> Subject: graaaah >>>>>>> >>>>>>> this is the body >>>>>>> clements@desmond:/tmp$ /usr/lib/dovecot/dovecot-lda -e -d clements < >>>>>>> bogusmail >>>>>>> BUG: Unknown internal error >>>>>>> clements@desmond:/tmp$ >>>>>>> >>>>>>> In response to this, mail.log now contains this similar error: >>>>>>> >>>>>>> Nov 3 11:34:57 desmond dovecot: lda(clements): msgid=unspecified: >>>>>>> save >>>>>>> failed to INBOX: BUG: Unknown internal error >>>>>>> Nov 3 11:34:57 desmond dovecot: lda(clements): Error: >>>>>>> setegid(privileged) >>>>>>> failed: Operation not permitted >>>>>>> >>>>>>> >>>>>>> I've tried a number of "random internet search" solutions, including >>>>>>> - changing perms on mail files from 660 to 600 >>>>>>> - enabling 'mail_access_groups=mail' in 10-mail.conf >>>>>>> - adding individual users to the mail group. >>>>>>> >>>>>>> I guess I'm pretty confident that if dovecot is writing "BUG: Unknown >>>>>>> internal error" in the logs, that this is is actually a bug in >>>>>>> dovecot. >>>>>>> >>>>>>> OBresearch: I read through the release notes of 2.2.14 -- 2.2.19 to >>>>>>> see if >>>>>>> a relevant-looking bug had been fixed, but nothing jumped out at me. >>>>>>> OBresearch: searching the dovecot mailing list, I found one >>>>>>> *extremely* >>>>>>> relevant thread called "Re: [Dovecot] started with dovecot sieve >>>>>>> <http://dovecot.markmail.org/message/kgd34wberxuvmrsa?q=setegid>", >>>>>>> but >>>>>>> there didn't seem to be a solution contained in the thread. >>>>>>> >>>>>>> Final note: this doesn't appear to be confined to debian jessie: I >>>>>>> took a >>>>>>> look at my existing installation, and I see that in fact I just went >>>>>>> ahead >>>>>>> and made /var/mail world-writeable, which seems... sub-optimal. I'm >>>>>>> sure I >>>>>>> could do that here, too, but I'd certainly rather not. >>>>>>> >>>>>>> Thanks in advance, and let me know if I've left out relevant crucial >>>>>>> information. >>>>>>> >>>>>>> Best, >>>>>>> >>>>>>> John Clements >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Larry Rosenman http://www.lerctr.org/~ler >>>>>> Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com >>>>>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Larry Rosenman http://www.lerctr.org/~ler >>>> Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com >>>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>>> >>> >>> >>> >>> -- >>> Larry Rosenman http://www.lerctr.org/~ler >>> Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com >>> US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >>> >> >> > > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larry...@gmail.com > US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961 >
