Thanks, Tom.
Here's an update to the sequence of the issue...
1) For some reason dovecot/auth is repeatedly trying to write to
/var/lib/plesk/mail/auth/passwd.db
I have confirmed that passwd.db is indeed the database that holds the email
account passwords.
Dovecot is doing this about 1-3 times per minute.
2) SELinux blocks these attempts and the denials are stored
/var/log/audit/audit.log as type AVC.
3) The Fedora Project's SETroubleshoot processes runs twice per minute, and
detects the new denial(s) in the audit.log.
4) SETroubleshoot reports "SELinux is preventing /usr/libexec/dovecot/auth from
write access on the file passwd.db." to the /var/log/messages file.
The question remains, what is causing dovecot/auth to repeatedly try to write
to /var/lib/plesk/mail/auth/passwd.db?
The IMAP protocol does allow a client to change the account password, so this
is a possible reason why dovecot is attempting to write. Is there any other
reason? Can dovecot be configured to disallow this? If these are password
change attempts, how can I determine for which email account(s)? Can I find
associated IPs?
The constant repeated nature of this issue has me baffled. Is there something
cached in dovecot that needs to be cleared out? If so, how? I have of course
tried restarting dovecot and also rebooting, but the issue persists.
I am seeing no problems with any of my clients' email accounts, including the
clients who are using IMAP.
I see now that I can turn on debugging output for dovecot... I'll try that.
On 3/3/25 11:54 AM, Tom Hendrikx via dovecot wrote:
On 01-03-2025 13:38, jcalvert--- via dovecot wrote:
Greetings,
I'm running dovecot 2.3.21.1 (Plesk says up-to-date) on AlmaLinux 8.10, Plesk
Obsidian 18.0.67 #3.
I'm getting this repeated error in /var/log/messages...
"SELinux is preventing /usr/libexec/dovecot/auth from write access on the file
passwd.db."
(I think passwd.db is the one in /var/lib/plesk/mail/auth/)
This causes...
"Activating via systemd: service name='org.fedoraproject.Setroubleshootd'"
which is taking a lot of CPU.
This error is happening continuously, about 1-3 times per minute.
Am I correct in thinking that an email client or webmail client is trying to
change an email account password via IMAP?
If so, I would like to know how to disable this ability in dovecot. (I would
like to change email account passwords only via Plesk.)
If not, why is dovecot trying to write to the passwd.db file? The fact that
SELinux is blocking this is concerning.
Hi,
Maybe the problem gets clearer when you can show the passwd configuration in
dovecot that Plesk has added.
Normally the passdb should be okay being read-only (see:
https://doc.dovecot.org/2.3/configuration_manual/authentication/sql/ where
SELECT queries are used).
Password changes can't be done through IMAP iirc, but maybe the lookup query
does something weird.
Kind regards,
Tom
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
