[Dovecot] expire plugin - setgid failed
Hello all, I'm trying to get the expire plugin working, but still having issues even with 1.1RC5. If I run the expire tool I get the following error: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted Same thing with --test: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool --test Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted gid 100 = users, uid 2005 = helmut The user mail box has the following permissions: [EMAIL PROTECTED]:/home/helmut# ll -n drwx-- 22 2005 100 4.0k May 17 13:14 mail Any help is appreciated. Thanks, Helmut server:~# dovecot -n # 1.1.rc5: /etc/dovecot.conf log_path: /var/log/mail/dovecot.log info_log_path: /var/log/mail/dovecot.log ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_process_size: 16 max_mail_processes: 16 mail_location: maildir:%h/mail umask: 7 mail_plugins: quota imap_quota mail_log expire namespace: type: public separator: / prefix: Public/ location: maildir:/home/public/mail:CONTROL=%h/mail/control/public:INDEX=%h/mail/index/public list: yes subscriptions: yes namespace: type: private separator: / inbox: yes list: yes subscriptions: yes auth default: verbose: yes passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: dovecot group: mail master: path: /var/run/dovecot/auth-master mode: 384 plugin: quota: maildir quota_rule: *:storage=1GB quota_rule2: Trash:storage=10%% expire: Trash 1 expire_dict: proxy::expire dict: expire: db:/var/lib/dovecot/expire.db
Re: [Dovecot] Development news
On Sun, 2008-03-16 at 20:29 +0200, Timo Sirainen wrote: First a list of all the new features and their state: 1. http://hg.dovecot.org/dovecot-threadindexes/ THREAD=REFERENCES indexes. Missing NFS flushes, support for mmap_disable=yes, breaks when more than one session modifies at the same time. Not tested much if the replies are really correct at all. Also started THREAD=X-REFERENCES2 but it doesn't work as expected. I've been fixing this recently. It seems to be finally working, but it could still use some optimizations and it seems the thread tree is rebuilt unnecessarily sometimes. Also stress testing sometimes gives next_iter loops error which I haven't tried to track down yet. THREAD X-REFERENCES2 works now. The code is also now in a state that adding SEARCH INTHREAD support shouldn't be too difficult. 2. http://hg.dovecot.org/dovecot-virtualboxes/ Virtual mailboxes. Nothing changed since http://dovecot.org/list/dovecot/2008-March/029546.html Nothing changed, but I just started thinking that the incremental change tracking probably belongs to lib-storage code. Then it would be quite easy to add support for SEARCH=CONTEXT (http://tools.ietf.org/html/draft-cridland-imap-context-05). Now if I could only get v1.1.0 out I could start merging these different branches to v1.2 tree. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] imap-login processes
On Fri, 2008-05-16 at 14:47 -0400, Bryan Polk wrote:
It would help to know what these extra processes are doing.
Unfortunately
there's no simple way to do that.. Maybe writing a script that trusses
the
processes for a few seconds and then seeing what it shows?
To truss each imap-login I would need to write the script to execute
truss imap-login and put that in place of imap-login in the config file?
That would probably work too, but I was thinking about getting a few
second snapshot using truss -p. So something like (untested):
for pid in `ps -ef|grep imap$|awk '{print $2}'`; do
truss -o log.$pid -p $pid
done
sleep 5
killall truss
signature.asc
Description: This is a digitally signed message part
[Dovecot] problem about mbox with quota
Hi, all.
Does mbox format support quota?
I got this error in log file:
dovecot: May 18 02:10:36 Error: POP3([EMAIL PROTECTED]): Unknown quota backend:
storage=10240
How can i solved it?
Thanks very much. :)
My dovecot configuration:
# /etc/dovecot.conf
log_path: /var/log/dovecot.log
protocols: pop3 pop3s imap imaps
ssl_cert_file: /etc/pki/dovecot/certs/dovecotCert.pem
ssl_key_file: /etc/pki/dovecot/private/dovecotKey.pem
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: mbox:/%Lh/%Ld/%Ln:INBOX=/%Lh/%Ld/%Ln
mbox_write_locks: dotlock fcntl
mbox_min_index_size: 10240
mbox_very_dirty_syncs: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
user: vmail
passdb:
driver: sql
args: /etc/dovecot-mysql.conf
userdb:
driver: sql
args: /etc/dovecot-mysql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 432
user: vmail
group: vmail
# /etc/dovecot-mysql.conf
driver = mysql
default_pass_scheme = CRYPT
connect = host=127.0.0.1 dbname=vmail user=vmail
[EMAIL PROTECTED]11769*16758)17720
password_query = SELECT password FROM mailbox WHERE username='%u' AND
active='1'
user_query = SELECT 2000 AS uid, 2000 AS gid, /home/vmail AS home,
maildir, CONCAT('storage=',quota) AS quota FROM mailbox WHERE
username='%u' AND active='1'
--
Best Regards.
Zhang Huangbin
- OpenBSD 4.2 -release, i386.
- RHEL 5.1 Client
[Dovecot] Security Hole in 1.0.13?
I'm running 1.0.13
If I run dovecot for a while, I see a /var/run/dotvecot folder created
with the following:
drwxr-xr-x 3 rootroot4096 2008-05-18 13:30 dotvecot
drwxr-xr-x 3 root root4096 2008-05-18 13:47 .
drwxr-xr-x 18 root root4096 2008-05-18 13:47 ..
srw--- 1 root root 0 2008-05-18 13:47 auth-worker.15138
srwxrwxrwx 1 root root 0 2008-05-18 13:47 dict-server
drwxr-x--- 2 root dovecot 4096 2008-05-18 13:47 login
-rw--- 1 root root 6 2008-05-18 13:47 master.pid
It appears to be created by imap-login
I've tried removing any dovecot remnants and reinstalling from the
1.0.13 tar.gz from the site.
After starting dovecot again after a few minutes the files appear.
The processes are running something on 6243 and 6244
(Presumably an exploit / login)
I have iptables setup to only allow existing ports in/out so I think
thats saved me so far.
I've switched to courier-imap in the interim.
Anyone want to assist in finding out how they are getting in?
Definitely dovecot related. If I don't run dovecot, seems secure. As
soon as I run dovecot, after a few minutes - rooted...
dovecot.conf
cat /etc/dovecot/dovecot.conf
base_dir = /var/run/dotvecot
protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7 #-- Ensure this is set up in syslog
conf
ssl_disable = no
login_max_processes_count = 128
login_max_connections = 256
login_greeting = K-Tex IMAP Server # -- CUSTOMISE
FORYOUR SITE
login_process_size = 64
login_process_per_connection = yes
login_processes_count = 16
ssl_cert_file = /var/qmail/control/servercert.pem # /usr/local/etc/ssl/
italy1-cert.pem
ssl_key_file =/var/qmail/control/clientcert.pem # /usr/local/etc/ssl/
italy1.pem
first_valid_uid = 89
first_valid_gid = 89
protocol imap {
listen = *:143
ssl_listen = *:993
#mail_plugins = quota imap_quota
#login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
imap_client_workarounds = outlook-idle
}
auth_process_size = 512
auth_cache_size = 512
auth_cache_ttl = 3600
auth default {
mechanisms = plain
# vpopmail authentication
passdb vpopmail {
#args =
}
# vpopmail
userdb vpopmail {
}
user = root
}
dict {
#quota = mysql:/etc/dovecot-dict-quota.conf
}
plugin {
quota = maildir
}
namespace private {
prefix = INBOX.
inbox = yes
}
