Re: Dovecot sieve pigeonhole permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=(vmail) egid=(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: Permission denied (euid=(vmail) egid=(vmail) missing +w perm: /etc/dovecot, dir owned by 0:0 mode=0755) lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using the sievec tool Did you compiled the script manually as described in the error log? rpm -V dovecot dovecot-pigeonhole doesn't report any permission issues Versions: dovecot-2.2.18-2.fc22.x86_64 dovecot-pigeonhole-2.2.18-2.fc22.x86_64 Relevant config parts: mail_gid = vmail mail_uid = vmail plugin { sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve_after.sieve sieve_dir = ~/sieve } ls -lad /etc/dovecot/ drwxr-xr-x. 3 root root 4096 Jul 30 18:13 /etc/dovecot/ ls -la /etc/dovecot/*sieve* -rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve -rw-r- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin What's are the recommended permissions for the files/directories (also for root service startup of dovecot)? Did something change in permissions management? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVcHuIHz1H7kL/d9rAQK99wgAnp6aQJEioc/KbIWilj/JiNUJnWkMT090 DNvZBKXmGpD8IyNkAxvliVQyP3o8vbbBwaBMSoGXwlu7es9I1fKJI641pMgRNO/w r1iYkjFtP/sq4GvHoPVkTrs6QzKxVXQJZGfqsLvqAG58kieUM94QSyor5/7xa/1q XhGTH9ifJURqIDuwZkgcBKZPKJupd6+fyU8t9S27AVISjrPc5KVcuAh5yjYt2BrE 8cQRKysh+1xdLBswn4B/8jDcR9F04rjE2Py1AdmQpVjyC5AbfCbu9a9y5sCPuoEp g8NTF+kRrO6Y7rXU8aZwgpa9ScDoDMijOovpi3B/5U2r/40qpC4b7w== =bD4P -END PGP SIGNATURE-
Re: Dovecot sieve pigeonhole permission
On 05.08.2015 13:06, Steffen Kaiser wrote: On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=(vmail) egid=(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin Yes, I read it but I didn't like to give read permissions for all. Isn't there a better designed solution available? Nevertheless it works by setting the read permissions for all ... lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: Permission denied (euid=(vmail) egid=(vmail) missing +w perm: /etc/dovecot, dir owned by 0:0 mode=0755) lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using the sievec tool Did you compiled the script manually as described in the error log? Yes, I did, but didn't work because of the missing read permissions for all. Ciao, Gerhard -- http://www.wiesinger.com/
Re: Dovecot sieve pigeonhole permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Aug 2015, Gerhard Wiesinger wrote: On 05.08.2015 13:06, Steffen Kaiser wrote: On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=(vmail) egid=(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin Yes, I read it but I didn't like to give read permissions for all. Isn't well, what kind of users have shell or file level access to the server? there a better designed solution available? Nevertheless it works by setting the read permissions for all ... -rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve -rw-r- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin 1st: sieve scripts are not executable. 2nd: it needs read perm for all your LMTP users, that probable means: chown vmail /etc/dovecot/sieve_after.svbin chmod o=/etc/dovecot/sieve_after.svbin If you have some system users as well, you might need to chgrp as well. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVcH+h3z1H7kL/d9rAQJ7FwgAmY9KMnl6D/aUu2zabT2tptauOItjN/Rs hW9/Rkk15sRgsaqbVce+Qb/YMb80sH8VjdYQbtC9ea/PrwSoF/lDnp1W/ekJoc92 W8cQn1b6e+aoH2chUdw/sYGWuKEv8qpyzFmrxS8vGitcMzbICQcXh5WYxe0Ie19s GqpPKlPRKI/X84slV3BDV6NWILovrDY/UIa2wt4vW2rlUVDpwN1Z6Wfk3ExxoVo/ http0vL6XgXdrDeQ8SyeT+atxdOyQ5bhr/u485Ix0vsWR7AXJG07x6Ul10d8th/i nrTH6EfMCrLKdupD80lYhWUYvGZFmSm3dG+fbWKIgnd1YOr8Nth33Q== =7oLN -END PGP SIGNATURE-
question on autch cache parameters
Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ### master@uma:{SHA}=::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ### and use this group in a global ACL file. I discovered this only works on first NOT-cached login environment in imap-postlogin script on first login: AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf ACL_GROUPS=umareadmaster IP=127.0.0.1 _=/usr/bin/env on the second cached login it looks like this AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf IP=127.0.0.1 _=/usr/bin/env so the ACL_GROUPS is gone. is this intended to be like that. so groups not included in cache and I have to find another approach? anybody else encountered similar problems with some auth Variables and caching? Greetz Matze
2.2.18: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted.
Hello I have 2.2.18 built with: ./configure \ --prefix=$prefix \ --bindir=$prefix/bin \ --sbindir=$prefix/bin \ --sysconfdir=/etc \ --with-storages=maildir,imapc,pop3c \ --without-vpopmail \ --without-ldap I'm attempting to sync (backup) from another Dovecot server running version 2.0.21: Both servers don't have no explicit namespaces configured and both are using the Maildir storage plugin. doveadm -Dv -o imapc_user=remote_user -o imapc_host=source.host -o imapc_port=993 -o imapc_ssl=imaps -o imapc_password=remote_pass -o imapc_features=rfc822.size fetch-headers backup -R -u local_user imapc: All seems to go well, showing local and remote mailbox syncing without errors, then finally: dsync(mcg): Debug: brain M: Deleting mailbox 'INBOX' (GUID 59023c2a911dc255842bd09efc50): UIDVALIDITY changed (1355416734 - 1438784913) dsync(mcg): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. No mail is synced to the local server (2.2.18) after this error halts execution. What should I be looking for, in terms of possible causes of this error? I've tried syncing on a completely fresh mailbox, which hasn't been accessed by a mail client and the same error occurs. I've seen similar reports of this error before, without clear solutions / suggestions. Help would be greatly appreciated. Thanks
Re: question on autch cache parameters
just tested against dovecot 2.2.15 everythings works fine. so might be a bug introduced between 2.2.16 and 2.2.18 On 08/05/2015 04:30 PM, matthias lay wrote: Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ### master@uma:{SHA}=::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ### and use this group in a global ACL file. I discovered this only works on first NOT-cached login environment in imap-postlogin script on first login: AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf ACL_GROUPS=umareadmaster IP=127.0.0.1 _=/usr/bin/env on the second cached login it looks like this AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f MASTER_USER=master@uma SPUSER=private/pdf LOCAL_IP=127.0.0.1 USER=pdf AUTH_USER=master@uma PWD=/var/run/dovecot USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER SHLVL=1 HOME=/var/data/vmail/private/pdf IP=127.0.0.1 _=/usr/bin/env so the ACL_GROUPS is gone. is this intended to be like that. so groups not included in cache and I have to find another approach? anybody else encountered similar problems with some auth Variables and caching? Greetz Matze 0x7BCC653A.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Segfaults after upgrade to Debian Jessie
On Sat, 2015-07-25 at 00:32 +0100, Andrew Beverley wrote: Hi, I've just upgrade from Debian Wheezy to Debian Jessie and am getting: Fatal: master: service(lmtp): child 6761 killed with signal 11 (core dumped) It seems to be something to do with sieve. When I disable that from lmtp then everything works fine. OS: Debian Jessie Dovecot version: 2.2.13 CPU: x86 This is the gdb output: Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x7f8e4c94f626 in sieve_validator_register_command () from /usr/lib/dovecot/libdovecot-sieve.so.0 I've just tried upgrading to 2.2.18 (Stretch) but get the same error. I've opened a Debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794718 I have also tried downgrading to 2.1.7 (Wheezy) and everything works correctly. Thanks, Andy