Hi Aki,
thanks for your quick response!
On Sun, Dec 27, 2020 at 10:00:40PM +0200, Aki Tuomi wrote:
> > On Sun, Dec 27, 2020 at 09:18:25PM +0200, Aki Tuomi wrote:
> > > > 16:04:16 dovecot: auth: Debug: master in:
> > > > USER#0111#011u...@example.com#011service=lda
> > > > 16:04:16 dovecot: auth: Debug: prefetch(u...@example.com): passdb
> > > > didn't return userdb entries, trying the next userdb
> > > > 16:04:16 dovecot: auth: Debug: sql(u...@example.com): SELECT
> > > > '/path-to-mailboxen/' || virtual_users.home AS home, uid , gid , quota
> > > > as quota_rule FROM virtual_users WHERE email = 'u...@example.com' AND
> > > > status = 'A'
> > > > 16:04:16 dovecot: auth: Debug: userdb out:
> > > > USER#0111#011u...@example.com#011home=/path-to-mailboxen/example.com/user#011uid=12345#011gid=12345#011quota_rule=*:storage=0
> > > >
> > > > ^^^^^^^^^^^^^^^^^^^^^^
> > > >
> > > > This shows that the database lookup works. The intended effect should be
> > > > that the message is delivered to
> > > >
> > > > /path-to-mailboxen/example.com/user/Maidir/new
> > > >
> > > > 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
> > > > Error: setegid(privileged) failed: Operation not permitted
> > > > 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
> > > > Error: Mailbox INBOX: open(/var/mail/u...@example.com) failed:
> > > > Permission denied (euid=12345(mailbox) egid=12345(mailbox) missing +w
> > > > perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > >
> > > > ^^^^^^^^^^^^^^^^^^^^^^
> > > >
> > > > And this shows that dovecot-lda just ignores the result.
> > > >
> > > >
> > > > 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
> > > > Error: Mailbox INBOX: Failed to autocreate mailbox: Mailbox INBOX:
> > > > open(/var/mail/u...@example.com) failed: Permission denied
> > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail,
> > > > we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > > 16:04:16 dovecot: lda(u...@example.com)<5291><DDxBHYCw6F+rFAAApiCoHg>:
> > > > msgid=<20201226224933.014...@laptop.example.com>: save failed to open
> > > > mailbox INBOX: Mailbox INBOX: Failed to autocreate mailbox: Mailbox
> > > > INBOX: open(/var/mail/u...@example.com) failed: Permission denied
> > > > (euid=12345(mailbox) egid=12345(mailbox) missing +w perm: /var/mail,
> > > > we're not in group 8(mail), dir owned by 0:8 mode=0775)
> > > > 16:04:16 postfix/pipe[5284]: 8CD6CE072E: to=<u...@example.com>,
> > > > orig_to=<us...@example2.com>, relay=dovecot, delay=62083,
> > > > delays=62083/0.04/0/0.04, dsn=4.3.0, status=deferred (temporary failure)
> > > >
> > > >
> > > > In /etc/postfix/master.cf, I have this to call it:
> > > >
> > > > dovecot unix - n n - - pipe
> > > > flags=DRhu user=_mailbox argv=/usr/lib/dovecot/deliver -f ${sender}
> > > > -d ${user}@${domain} -a ${recipient}
> > > >
> > > Try adding
> > >
> > > mail_privileged_group = mail
> >
> > I am not sure why you recommend this. I never ever want to deliver to
> > /var/mail, and my mailbox directory has group 'mailbox' - hence I have
> >
> > mail_privileged_group = mailbox
> >
> > in my configuration.
> >
> > My question is why this thing wants to deliver to /var/mail, despite
> > having a different location from the userdb, and how I can force it to
> > use the location from the userdb.
> >
> >
> > Thanks,
> > Toni
>
> Sorry, I misread your problem..
>
> can you try checking output of
>
> `doveadm user <username>`
# doveadm user u...@example.com
field value
uid 12345
gid 12345
home /path-to-mailboxen/example.com/user
mail maildir:~/Maildir:INBOX=~/Maildir
quota_rule *:storage=0
> and
>
> `doveadm auth lookup <username>`
# doveadm -v auth lookup u...@example.com
passdb: u...@example.com
user : u...@example.com
> Also, including `doveconf -n` would be useful.
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-13-amd64 x86_64 Debian 10.7
# Hostname: testvm.example.com
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 0
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
deliver_log_format = msgid=%m: %e -> %{to_envelope} %p %w %{delivery_time}
%{storage_id} %{secured}
disable_plaintext_auth = no
login_access_sockets = tcpwrap
mail_debug = yes
mail_location = maildir:~/Maildir:INBOX=~/Maildir
mail_privileged_group = mailbox
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location = maildir:~/Maildir:INBOX=~/Maildir
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
expire = Trash 30 Spam 30
quota = maildir
quota_rule = *:storage=50000
quota_rule2 = Trash:ignore
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_dir = ~/sieve
trash = /etc/dovecot/dovecot-trash.conf
}
protocols = pop3 imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl = no
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
mail_plugins = autocreate quota mail_log trash virtual notify
}
protocol imap {
mail_max_userip_connections = 10
mail_plugins = autocreate quota imap_quota mail_log trash virtual notify
}
Thank you!
-Toni
