On Thu, Apr 03, 2014 at 07:26:09AM -0400, Jeffrey Walton wrote: > I've been suffering a permission problem in Postfix/Dovecot for a > couple of days now. The setup is using virtual domains and users, > so the path to user's `home` is `/var/mail/<domain>/<user>`; and > the path to `MailDir` is `/var/mail/<domain>/<user>/MailDir` > > The mail logs continue to show a *Permission Denied*: > > Apr 3 05:44:16 debian-x2 postfix/virtual[5670]: D6DDD1780100: > to=<j...@deltoid.com>, > relay=virtual, delay=0.15, delays=0.1/0.01/0/0.04, dsn=4.2.0, > status=deferred > (maildir delivery failed: create maildir file > /var/mail/deltoid.com/jeff/Maildir/tmp/1396518256.P5670.debian-x2: > Permission denied) > > Permissions are as follows: > > # ls -l /var/mail/
Also "ls -ld /var/mail" and same for /var; either parent directory could block permission. Another thing: /var/mail is traditionally used for system mail, making it a bad choice for virtual mail. I would suggest "vmail", whether under /var or /home, depending on your resources. > total 96 > drw-rws--- 4 vmail vmail 4096 Apr 2 18:19 deltoid.com --------/^ Why no "x"? I admit I am unsure how this works, but I believe you have thus denied the "vmail" user execute privilege on this directory, the group execute notwithstanding. > -rw-rw---- 1 nobody mail 80586 Apr 2 07:45 nobody See, there you have a local(8) mbox. Keep those separate. Perhaps also virtually alias your system mail to virtual mailboxes. Less secure to have everything under one UID/GID, but it's simpler to maintain. [snip] > `postfix` and `dovecot` are both in the `vmail` group: > > # members vmail > vmail postfix dovecot BAD idea. The "postfix" user should not share any groups. As for "dovecot", I think the same is true, but check the Dovecot wiki for definitive answers. > And Postfix's configuration is shown below. > > I have a little script that attempts to set the proper permission > bits, but its apparently wrong: > > # Ensure permissions are set on directories > chown -R vmail:vmail /var/mail/*.com > chmod -R 0660 /var/mail/*.com You're not setting execute bit on directories. See "man chmod". > chmod -R g+rwxs /var/mail/*.com > # chown -R dovecot:dovecot /var/mail/*.com/users [snip] > Two questions: > > 1. What is wrong with the current permissions? > > 2. What are the permissions supposed to be? The virtual_uid_maps user or virtual_gid_maps group needs to have "rwx" on virtual_mailbox_base, in the most common use case of "static:" maps for virtual_?id_maps. Better answer: this is basic Unix. You know the UID and GID of virtual(8) as it delivers. Permit rwx for the virtual process. > My apologies for the basic question. Many of the blog posts, > tutorials and Mini-HowTos are just not working as advertised. Of course not. Why would they? If you want to know how to configure any given software package, consult its documentation. http://www.postfix.org/VIRTUAL_README.html -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
