Problem using deliver as LDA
in [Postfix]
|
From: Bastien Semene on 21 Apr 2010 05:42 Hi list, There's something I can't figure out with deliver as LDA configuration. I'm working with Postfix and Dovecot. I configured deliver as explained in the official doc and some directives in found in the conf file or while googling to resolve my issue : dovecot.conf : protocol lda { postmaster = email(a)domain.com (actually working email) sendmail_path = /usr/sbin/sendmail auth_socket_path = /var/run/dovecot/auth-master } auth default { .... socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = nobody } ... } } postfix/main.cf : virtual_transport = dovecot postfix/master.cf : dovecot unix - n n - - pipe flags=DRhu user=nobody argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} But mail is not delivered, and produces the following log lines : Apr 21 11:21:43 mail dovecot: deliver(email(a)domain.com): Fatal: setgid(125(postfix)) failed with euid=65534(nobody), gid=65534(nobody), egid=65534(nobody): Operation not permitted Apr 21 11:21:43 mail postfix/pipe[27550]: 21BBF9247DE: to=<email(a)domain.com>, relay=dovecot, delay=1179, delays=1178/0.07/0/0.07, dsn=4.3.0, status=deferred (temporary failure) I did a "ls" in case some permissions went wrong, but everything seems ok : c# ls -hal /var/run/dovecot [root(a)mail] total 8 drwxr-xr-x 3 root wheel 512B Apr 21 11:11 . drwxr-xr-x 5 root wheel 512B Apr 21 11:11 .. srw------- 1 nobody wheel 0B Apr 21 11:11 auth-master srw------- 1 root wheel 0B Apr 21 11:11 auth-worker.27424 srwxrwxrwx 1 root wheel 0B Apr 21 11:11 dict-server lrwx------ 1 root wheel 27B Apr 21 11:11 dovecot.conf -> /usr/local/etc/dovecot.conf drwxr-x--- 2 root dovecot 512B Apr 21 11:11 login -rw------- 1 root wheel 6B Apr 21 11:11 master.pid Dovecot is using MySQL as the userdb backend, but I think auth process must pass through this socket to authenticate through dovecot against the MySQL server. Everything works fine while using (postfix) virtual as LDA. I think the setgid(125(postfix)) can be the problem, but the mailboxes uses this uid : virtual_uid_maps = static:125 # ls -hal /usr/local/mailboxes/domain.com [root(a)mail] total 6 drwx------ 3 postfix postfix 512B Nov 2 15:40 . drwx------ 3 postfix postfix 512B Nov 2 15:40 .. drwx------ 14 postfix postfix 1.0K Apr 21 09:58 email # cat /etc/passwd | grep 125 [root(a)mail] postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin Maybe the use of postfix as mail owner was a bad idea and the problem appears now that pipe(8) doesn't allow postfix as user. If I'm right, how can I solve this issue? -- Bastien Semene Administrateur R�seau& Syst�me Cyanide Studio - FRANCE
From: Bastien Semene on 21 Apr 2010 11:13 I tried to modify the files permissions and the uids in the conf file, but that changed nothing. I can't find what "euid" and "egid" exactly is, so I can't understand what postfix is logging. If someone can point me some resources on this, it will be a great help ! Thanks, Bastien Semene Le 21/04/2010 11:42, Bastien Semene a �crit : > Hi list, > > There's something I can't figure out with deliver as LDA configuration. > I'm working with Postfix and Dovecot. > > I configured deliver as explained in the official doc and some > directives in found in the conf file or while googling to resolve my > issue : > > dovecot.conf : > protocol lda { > postmaster = email(a)domain.com (actually working email) > sendmail_path = /usr/sbin/sendmail > auth_socket_path = /var/run/dovecot/auth-master > } > > auth default { > ... > socket listen { > master { > path = /var/run/dovecot/auth-master > mode = 0600 > user = nobody > } > ... > } > } > > postfix/main.cf : > virtual_transport = dovecot > > postfix/master.cf : > dovecot unix - n n - - pipe > flags=DRhu user=nobody > argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient} > > But mail is not delivered, and produces the following log lines : > Apr 21 11:21:43 mail dovecot: deliver(email(a)domain.com): Fatal: > setgid(125(postfix)) failed with euid=65534(nobody), > gid=65534(nobody), egid=65534(nobody): Operation not permitted > Apr 21 11:21:43 mail postfix/pipe[27550]: 21BBF9247DE: > to=<email(a)domain.com>, relay=dovecot, delay=1179, > delays=1178/0.07/0/0.07, dsn=4.3.0, status=deferred (temporary failure) > > I did a "ls" in case some permissions went wrong, but everything seems > ok : > c# ls -hal > /var/run/dovecot > [root(a)mail] > total 8 > drwxr-xr-x 3 root wheel 512B Apr 21 11:11 . > drwxr-xr-x 5 root wheel 512B Apr 21 11:11 .. > srw------- 1 nobody wheel 0B Apr 21 11:11 auth-master > srw------- 1 root wheel 0B Apr 21 11:11 > auth-worker.27424 > srwxrwxrwx 1 root wheel 0B Apr 21 11:11 dict-server > lrwx------ 1 root wheel 27B Apr 21 11:11 dovecot.conf > -> /usr/local/etc/dovecot.conf > drwxr-x--- 2 root dovecot 512B Apr 21 11:11 login > -rw------- 1 root wheel 6B Apr 21 11:11 master.pid > > Dovecot is using MySQL as the userdb backend, but I think auth process > must pass through this socket to authenticate through dovecot against > the MySQL server. > Everything works fine while using (postfix) virtual as LDA. > I think the setgid(125(postfix)) can be the problem, but the mailboxes > uses this uid : > virtual_uid_maps = static:125 > # ls -hal /usr/local/mailboxes/domain.com > [root(a)mail] > total 6 > drwx------ 3 postfix postfix 512B Nov 2 15:40 . > drwx------ 3 postfix postfix 512B Nov 2 15:40 .. > drwx------ 14 postfix postfix 1.0K Apr 21 09:58 email > > # cat /etc/passwd | grep > 125 [root(a)mail] > postfix:*:125:125:Postfix Mail > System:/var/spool/postfix:/usr/sbin/nologin > > Maybe the use of postfix as mail owner was a bad idea and the problem > appears now that pipe(8) doesn't allow postfix as user. > If I'm right, how can I solve this issue? > > -- Administrateur R�seau& Syst�me Cyanide Studio - FRANCE
|
Pages: 1 Prev: Wildcard certificate warning Next: Postfix sending NDR instead of rejecting in SMTP session |