I’m am still getting the errors I mentioned previously. Maybe half a dozen of them per day . . .
So, the location of my mail storage (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem mounted by gocryptfs. Do you think gocryptfs could be at fault here? Austin Witmer > On Aug 24, 2022, at 12:10 PM, lorek <dun...@gmail.com> wrote: > > There are a number of issues that can appear to be ACL issues when in fact > its something else. > > As other's have mentioned, AppArmor profiles and SELinux contexts can be > checked and are the most common. There are ACL permissions as well if you > enabled ACL (they are not enabled by default on Ubuntu server). > I've occasionally (rarely) seen some weird interactions with sockets between > MDA and MTA if the permissions on the directory were not set correctly. > > Additionally, if a mount permission mask is being used, that can occasionally > cause similar issues as well, as is often the case with using an NTFS backing > filesystem for maildir that's been mounted with unix perms. > There can also be some edge-cases with permissions in Ubuntu's flavored snap > containers as well as docker containers and custom sieves. > > Its difficult to say with any accuracy what is causing your issue with the > information provided. > > Have you increased the verbosity of the logging? > > If all of the normal culprits do not stand out, maybe some others will have > an idea. > > As a final fallback you can always set a breakpoint and use a reverse > debugger. Its not going to be performant but it will at least narrow down > where the issue is coming from, and what the intermediate states were that > led to the error so you can save/replicate them moving forward for > resolution. Non-determinism can creep into code in a lot of different ways. > > Best Regards, > N > > > On Tue, Aug 23, 2022 at 4:53 AM Austin Witmer <austi...@emypeople.net > <mailto:austi...@emypeople.net>> wrote: > Here is the output of dovecot -n > > austin@mail:~$ doveconf -n > # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.16 (09c29328) > # OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS > # Hostname: mail > auth_mechanisms = plain login > listen = * > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > sieve = > file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve > sieve_before = /var/lib/dovecot/sieve/ > sieve_global_dir = /var/lib/dovecot/sieve/ > sieve_global_path = /var/lib/dovecot/sieve/default.sieve > sieve_user_log = > file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log > } > protocols = imap lmtp pop3 imap lmtp sieve pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > } > ssl = required > ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem > <http://mail.mydomain.com/fullchain.pem> > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > driver = passwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol lmtp { > hostname = mail.mydomain.com <http://mail.mydomain.com/> > mail_plugins = " sieve" > postmaster_address = postmas...@mydomain.com > <mailto:postmas...@mydomain.com> > } > protocol lda { > mail_plugins = " sieve" > } > > > Austin Witmer > > >> On Aug 20, 2022, at 12:09 PM, Austin Witmer <austi...@emypeople.net >> <mailto:austi...@emypeople.net>> wrote: >> >> And no, I don’t think I am using ACL’s. >> >> getfacl austin /mnt/volume1/mailserver/plain/maildir/ >> getfacl: austin: No such file or directory >> getfacl: Removing leading '/' from absolute path names >> # file: mnt/volume1/mailserver/plain/maildir/ >> # owner: austin >> # group: austin >> user::rwx >> group::rwx >> other::r-- >> >> Austin Witmer >> >>> On Aug 20, 2022, at 11:15 AM, spi <s...@nurfuerspam.de >>> <mailto:s...@nurfuerspam.de>> wrote: >>> >>> >>>> Am 20.08.22 um 16:52 schrieb Austin Witmer: >>>> Hello all! >>>> >>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since >>>> then I am periodically getting some dovecot errors like the below in >>>> my mail log. As far as I can tell, my unix perms are just fine. What >>>> is ACL/MAC? >>>> >>>> Aug 20 14:41:58 mail dovecot: >>>> imap(u...@domain.com <mailto:u...@domain.com>)<56316><1NieGKPmuOdKwxVI>: >>>> Error: Mailbox INBOX: >>>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log> >>>> <http://domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log>>) failed: Permission denied >>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC >>>> wrong?)) >>>> >>>> And here is the listing showing the permissions for that file. >>>> >>>> *austin@mail*:*~*$ ls -la >>>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log> >>>> <http://domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log>> >>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 >>>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log> >>>> <http://domain.com/user/dovecot.index.log >>>> <http://domain.com/user/dovecot.index.log>>* >>>> >>>> What in the world is causing these errors, and what can I do about them? >>>> >>>> Thanks in advance! >>>> >>>> Austin Witmer >>> >>> >>> Do you use any ACLs? Is this just a block device mounted or do you use >>> any network file sharing like nfs? >>> >>> ACLs you can check by 'getfacl foo'. >>> >>> -- >>> Cheers >>> spi >
