Hi,
I have a Debian/Buster system with Postfix and Dovecot from the Debian
repo, and with virtual users only (ie, no system users). These virtual
users are having all of their uids, gids, homes and mail quota in an
PostgreSQL database. The intent is to have postfix deliver the email via
dovecot's LDA, so I can set quota on a per-user basis.
But for some odd reason, Dovecot's LDA can't find the user data from the
userdb, and then complains about not being able to write to /var/mail.
The following example shows how things fail when delivering a message
from Postfix's queue (therefore, the passdb failure is expected):
In /etc/dovecot.conf, I have this, amongst other things:
mail_location = maildir:~/Maildir:INBOX=~/Maildir
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
protocol lda {
mail_plugins = autocreate quota mail_log trash virtual notify
}
16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=<u...@example.com>, size=880,
nrcpt=1 (queue active)
16:04:16 dovecot: auth: Debug: master in:
USER#0111#011u...@example.com#011service=lda
16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't return
userdb entries, trying the next userdb
16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT
'/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as
quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status = 'A'
16:04:16 dovecot: auth: Debug: userdb out:
USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0
^^^^^^^^^^^^^^^^^^^^^^
This shows that the database lookup works. The intended effect should be
that the message is delivered to
/path-to-mailboxen/example.com/user/Maidir/new
16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
setegid(privileged) failed: Operation not permitted
16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied
(euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're not
in group 8(mail), dir owned by 0:8 mode=0775)
^^^^^^^^^^^^^^^^^^^^^^
And this shows that dovecot-lda just ignores the result.
16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox)
egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir
owned by 0:8 mode=0775)
16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox
INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
open(/var/mail/u...@example.com) failed: Permission denied (euid=12345(mailbox)
egid=12345(mailbox) missing +w perm: /var/mail, we're not in group 8(mail), dir
owned by 0:8 mode=0775)
16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=<u...@example.com>,
orig_to=<us...@example2.com>, relay=dovecot, delay=62083,
delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
In /etc/postfix/master.cf, I have this to call it:
dovecot unix - n n - - pipe
flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d
${user}@${domain} -a ${recipient}
I've tried strace-ing dovecot-lda, but it didn't really help me to
understand why it discards the result of the userdb lookup.
Can anyone please provide a cluebat, please?
Thanks,
Toni
