On 19. May 2020, at 17.34, Joseph Nahmias <j...@nahmias.net> wrote: > > I have my machine configured to run fetchmail via cron, which retrieves my > emails from various different services. My .forward then sends all mail > through > procmail, for filtering, sorting into folders, etc... Procmail then calls the > dovecot-lda program to actually deliver the mail using the .procmailrc config > line DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME". I can then access my mail > via dovecot using a standard IMAP client. > > The problem: > > I recently upgrade my machine from stretch to buster, bringing with it a new > version of dovecot. Now, the fetchmail cron job is throwing errors like the > following: > > lda($USER,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: > Permission denied > > I see that the stats-writer socket is owned by root:dovecot with 0660 > permissions. Should the dovecot-lda program be set as setgid dovecot to allow > it to write to the socket? How is this socket really used? Are there any > security considerations I should be aware of prior to doing this?
In newer versions you could disable this with "stats_writer_socket_path=" but not with v2.3.4. I don't recommend setting dovecot-lda as setgid - it's not hardened for it. A safer way is to just make stats-writer world-writable, there's not that much harm that anyone can do with it (just mess up statistics and maybe cause it to waste memory / crash). service stats { unix_listener tats-writer { mode = 0666 } }