Fatal: setgid from userdb lookup fails with wrong gid

Tue, 13 Oct 2020 15:25:20 -0700 

Hello all,
I'm quite new as well to Dovecot, just installed it on a FreeBSD system with Postfix and Rspamd as side apps. Things are running semi-smoothly for all users but I do have quite a few errors in the logs : 


Oct 13 19:43:56 apollo dovecot[24478]: 
imap(user1)<34412><zIeI9ZCxXDmsFhZG>: Fatal: setgid(1030(user1) from 
userdb lookup) failed with euid=1022(user4), gid=1022(user4), 
egid=1022(user4): Operation not permitted (This binary should probably 
be called with process group set to 1030(user1) instead of 1022(user4))
Oct 13 19:43:59 apollo dovecot[24478]: 
imap(user1)<37376><pPS79ZCx+kasFhZG>: Fatal: setgid(1030(user1) from 
userdb lookup) failed with euid=1124(user3), gid=1124(user3), 
egid=1124(user3): Operation not permitted (This binary should probably 
be called with process group set to 1030(user1) instead of 1124(user3))
Oct 13 19:46:45 apollo dovecot[24478]: 
imap(user2)<38858><3hOk/5CxVO1dBDTq>: Fatal: setgid(1136(user2) from 
userdb lookup) failed with euid=1038(user5), gid=1038(user5), 
egid=1038(user5): Operation not permitted (This binary should probably 
be called with process group set to 1136(user2) instead of 1038(user5))
Oct 13 19:48:55 apollo dovecot[24478]: 
imap(user3)<40607><jQtWB5GxHuwKAkQ2>: Fatal: setgid(1124(user3) from 
userdb lookup) failed with euid=1022(user4), gid=1022(user4), 
egid=1022(user4): Operation not permitted (This binary should probably 
be called with process group set to 1124(user3) instead of 1022(user4))



There seems to be confusion. The logs are trying to be helpful but I 
can't quite process it. Could someone point me in the right direction ?


system is used by about 60 users.

Thanks,

j.

--

doveconf -n
# 2.3.11.3 (502c39af9): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.11 (d71e0372)
# OS: FreeBSD 12.1-RELEASE-p10 amd64
# Hostname: apollo.domain1.tld
auth_mechanisms = plain login cram-md5
auth_username_format = %Ln
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext imapsieve vnd.dovecot.imapsieve

namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  type = private
}
passdb {
  args = scheme=cram-md5 /usr/local/etc/dovecot/cram-md5.pwd
  driver = passwd-file
}
plugin {
  imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_name = *
  quota = maildir:User quota

  quota_exceeded_message = Benutzer %u hat das Speichervolumen 
überschritten. / User %u has exhausted allowed storage space.

  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_before = /var/vmail/sieve/global/spam-global.sieve
  sieve_global_extensions = +vnd.dovecot.pipe
  sieve_pipe_bin_dir = /usr/local/bin
  sieve_plugins = sieve_imapsieve sieve_extprograms
}
postmaster_address = postmas...@apollo.domain1.tld
protocols = imap lmtp sieve
service auth {
  client_limit = 3000
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  service_count = 0
}
service imap {
  process_min_avail = 4
  service_count = 512
  vsz_limit = 1 G
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
  vsz_limit = 1 G
}
ssl_cert = </usr/local/etc/letsencrypt/live/apollo.domain1.tld/fullchain.pem

ssl_cipher_list = 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA

ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
syslog_facility = local5
userdb {
  driver = passwd
}
protocol lda {
  mail_plugins = sieve
}
protocol lmtp {
  mail_plugins = quota sieve
  postmaster_address = postmas...@domain1.tld
}
protocol imap {
  mail_max_userip_connections = 100
  mail_plugins = " quota imap_quota imap_sieve"
}
local_name imap.domain2.tld {

  ssl_cert = 
</usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem

  ssl_key = # hidden, use -P to show it
}
local_name mail.domain2.tld {

  ssl_cert = 
</usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem

  ssl_key = # hidden, use -P to show it
}






















					Reply via email to