Thank you João! I too am concerned if this is a risky configuration. My
understanding is that the list indexes are not critical and that is why
the recommendation in an NFS environment is to place just those and the
lock files in memory. Other index files are on permanent storage:
[doug@mailserverdev doug]$ find ./ -name *index*
./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.cache
./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.log
./mail/storage/dovecot.map.index.log.2
./mail/storage/dovecot.map.index
./mail/storage/dovecot.map.index.log
Should I still be concerned?
Doug
On 3/25/2022 11:46 AM, João Silva wrote:
I'm not sure about that configuration.
I have seen huge index cache files for users with lots of mail,
putting those in memory may be a risk.
On 25/03/2022 14:56, doug wrote:
Hi,
Environment: Dovecot 2.3.18 running on CentOS 7, mdbox, LDAP users
I'm in the process of moving my mailboxes to NFS and moving with lock
and index files in temp storage following instructions from
https://doc.dovecot.org/configuration_manual/nfs.
I set mail_location as:
mail_location =
mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index
What I discovered is /dev/shm/dovecot is created by the initial user
who accesses their mail from a client, and with permissions 700.
This prevents subsequent users from creating their own index and lock
files.
# ls -l /dev/shm/dovecot
total 0
drwx------ 2 mary users 60 Mar 25 10:00 mary
Sample error message from maillog during mail delivery and from a
dsync script.
Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>:
Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug)
egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied
(euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned
by 97:100 mode=0700)
I couldn't locate documentation or discussions on how to set the
ownership or permissions for /dev/shm/dovecot in the Dovecot
configuration files.
As a hack, I added this to /usr/libexec/dovecot/prestartscript.
! [[ -d /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot
chown dovecot:users /dev/shm/dovecot
chmod 770 /dev/shm/dovecot
This solved the problem, but left me wondering if I missed something
obvious or if I am setting myself up for a problem later on, like
with a Dovecot version upgrade. I could run these commands at bootup
out of rc.local or a systemd script rather than customizing a Dovecot
provided script.
Is there a appropriate way of doing this that I missed?
TIA,
Doug
