Hi, all. I'm trying to set up Postfix with dovecot LTMP delivery on a host where the user files (/var/spool/mail as well as home directories) are on NFS filesystems, which are exported root-squashed to the mail server. I definitely don't want to give the mail server root permissions on the user files.
LMTP delivery fails with this logged message (e.g.): Nov 16 17:51:36 lust dovecot: lmtp(anne)<16830><mkkzEPg1lGG+QQAAs/mAJw>: msgid=<202111162229.1agmtfao024...@vindemiatrix.encs.concordia.ca>: save failed to INBOX: Read-only mbox I found this posting where someone else had a similar problem and traced it in some detail back in 2019: https://dovecot.org/list/dovecot/2019-February/114611.html but apparently no one answered the fellow. In order to check that this is indeed the same problem, I temporarily changed the INBOX definition to make it write into /var/tmp/ (on a local filesystem), and delivery worked. I then temporarily changed the INBOX definition to make it write into an NFS filesystem with root NOT squashed, and again it worked (after I chmodded the directory to 1777 to allow any user to create a file). I believe that the person who wrote the above posting is correct: at some point, file access is (incorrectly) checked as root instead of as the target user. This is a bit of a showstopper for me. Any plans to address this? I attach the output of "dovecot -n", fwiw, but I don't think that this is a configuration problem... Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 a...@encs.concordia.ca +1 514 848-2424 x2285
# 2.3.16 (7e2e900c1a): /local/pkg/dovecot-2.3.16/root/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 () # OS: Linux 3.10.0-1160.45.1.el7.x86_64 x86_64 Scientific Linux release 7.9 (Nitrogen) # Hostname: lust.encs.concordia.ca auth_gssapi_hostname = $ALL auth_krb5_keytab = /local/data/dovecot/this_host.d/imap.keytab auth_mechanisms = plain login gssapi auth_username_format = %Ln auth_verbose = yes default_login_user = nul-dove first_valid_uid = 200 listen = * lmtp_hdr_delivery_address = original login_access_sockets = tcpwrap mail_attachment_fs = posix mail_fsync = always mail_location = mbox:~/mail:INBOX=/var/spool/mail/%1u/%u:INDEX=/local/data/dovecot/indexes/mail/%1u/%u mail_plugin_dir = /local/lib/dovecot mail_server_admin = mailto:serviced...@encs.concordia.ca managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /local/pkg/dovecot-CURRENT/root/etc/dovecot/encs.d/ldap.EXTRA driver = ldap } plugin { mail_log_events = mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } protocols = imap submission lmtp service imap-postlogin { executable = script-login /local/bin/imap-wrapper user = $default_internal_user } service imap { executable = imap imap-postlogin process_limit = 8192 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } ssl_cert = </etc/pki/tls/certs/mail.encs.pem ssl_key = # hidden, use -P to show it submission_relay_host = smtp.encs.concordia.ca submission_relay_trusted = yes userdb { driver = prefetch } userdb { args = /local/pkg/dovecot-CURRENT/root/etc/dovecot/encs.d/ldap.EXTRA driver = ldap } verbose_proctitle = yes protocol imap { mail_plugins = " mail_log notify" }
