> On 27/12/2020 18:19 Toni Mueller <supp...@oeko.net> wrote:
>
>
> Hi,
>
> I have a Debian/Buster system with Postfix and Dovecot from the Debian
> repo, and with virtual users only (ie, no system users). These virtual
> users are having all of their uids, gids, homes and mail quota in an
> PostgreSQL database. The intent is to have postfix deliver the email via
> dovecot's LDA, so I can set quota on a per-user basis.
>
> But for some odd reason, Dovecot's LDA can't find the user data from the
> userdb, and then complains about not being able to write to /var/mail.
> The following example shows how things fail when delivering a message
> from Postfix's queue (therefore, the passdb failure is expected):
>
> In /etc/dovecot.conf, I have this, amongst other things:
>
>
> mail_location = maildir:~/Maildir:INBOX=~/Maildir
> passdb {
> driver = sql
> args = /etc/dovecot/dovecot-sql.conf.ext
> }
> userdb {
> driver = prefetch
> }
> userdb {
> driver = sql
> args = /etc/dovecot/dovecot-sql.conf.ext
> }
> protocol lda {
> mail_plugins = autocreate quota mail_log trash virtual notify
> }
>
>
>
>
> 16:04:16 postfix/qmgr[4970]: 8CD6CE072E: from=<u...@example.com>, size=880,
> nrcpt=1 (queue active)
> 16:04:16 dovecot: auth: Debug: master in:
> USER#0111#011u...@example.com#011service=lda
> 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb didn't
> return userdb entries, trying the next userdb
> 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT
> '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota as
> quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND status =
> 'A'
> 16:04:16 dovecot: auth: Debug: userdb out:
> USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0
>
> ^^^^^^^^^^^^^^^^^^^^^^
>
> This shows that the database lookup works. The intended effect should be
> that the message is delivered to
>
> /path-to-mailboxen/example.com/user/Maidir/new
>
>
> 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
> setegid(privileged) failed: Operation not permitted
> 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
> Mailbox INBOX: open(/var/mail/u...@example.com) failed: Permission denied
> (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're
> not in group 8(mail), dir owned by 0:8 mode=0775)
>
> ^^^^^^^^^^^^^^^^^^^^^^
>
> And this shows that dovecot-lda just ignores the result.
>
>
> 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>: Error:
> Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
> open(/var/mail/u...@example.com) failed: Permission denied
> (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're
> not in group 8(mail), dir owned by 0:8 mode=0775)
> 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
> msgid=<20201226224933.014...@laptop.example.com>: save failed to open mailbox
> INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
> open(/var/mail/u...@example.com) failed: Permission denied
> (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail, we're
> not in group 8(mail), dir owned by 0:8 mode=0775)
> 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=<u...@example.com>,
> orig_to=<us...@example2.com>, relay=dovecot, delay=62083,
> delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
>
>
> In /etc/postfix/master.cf, I have this to call it:
>
> dovecot unix - n n - - pipe
> flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender} -d
> ${user}@${domain} -a ${recipient}
>
>
> I've tried strace-ing dovecot-lda, but it didn't really help me to
> understand why it discards the result of the userdb lookup.
>
>
> Can anyone please provide a cluebat, please?
>
>
>
> Thanks,
> Toni
Try adding
mail_privileged_group = mail
to your dovecot.conf. See
https://doc.dovecot.org/settings/core/#mail-privileged-group
Aki
