lots of errors in maillog, why?

scottmusician · 12-20-2011, 07:11 AM

am a bit of a newbie, but I've recently built my first mail server (REHL with dovecot, postfix, SASL, ClamAV, MailScanner/SpamAssassin, PostGrey, SquirrelMail, Sieve).

Although I am yet to take it live (ie. redirect my MX records), my /var/log/maillog is starting to fill up with lots of log entries like this:

Code:

Dec 19 19:10:21 mail postfix/qmgr[28750]: B0995E26BE: from=<double-bounce@mail.mydomain.com>, size=909, nrcpt=1 (queue active)
Dec 19 19:10:21 mail postfix/qmgr[28750]: BC11BE2660: from=<root@mail.mydomain.com>, size=140734, nrcpt=1 (queue active)
Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: failed to stat user's sieve script: stat(/root/.dovecot.sieve) failed: Permission denied (euid=99(nobody) egid=12(mail) missing +x perm: /root) (using global script path in stead)
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: line 1: unexpected character(s) starting with 0xbe
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: line 1: unexpected unknown characters found at (the presumed) end of file
Dec 19 19:10:21 mail dovecot: deliver(root): sieve: main_script: parse failed
Dec 19 19:10:21 mail dovecot: deliver(root): mkdir(/home/root/mail/cur) failed: Permission denied (euid=99(nobody) egid=12(mail) missing +w perm: /home)
Dec 19 19:10:21 mail dovecot: deliver(root): msgid=<20111214150206.CED4CE2678@mail.mydomain.com>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-12-19 19:10:21]
Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied
Dec 19 19:10:21 mail dovecot: deliver(root): msgid=<20111217171244.B0995E26BE@mail.mydomain.com>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2011-12-19 19:10:21]

and so on. Other than these logs, the server is running fine. that said, I'm more than aware that this sort of behavious isn't good. Any ideas on how I can help cut this out?

- the good bits of my /etc/postfix/main.cf read like this:

Code:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient
#check_policy_service unix:postgrey/socket
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = 
  permit_mynetworks
  permit_sasl_authenticated  
  check_recipient_address hash:/etc/postfix/recipient_address
  reject_unauth_destination 
  check_policy_service unix:postgrey/socket
  
broken_sasl_auth_clients = yes

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.mydomain.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.mydomain.com.key
smptd_tls_chain_file = /etc/pki/tls/certs/gd_bundle.crt
tls_random_source = dev:/dev/urandom

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Some guesses about my primary problem are as follows:

SpamAssassin is installed (it came with MailScanner), but i guess I've never properly looked into configuring it - i Fugured that MailScanner would have done this?

I have also changed all user passwords (granted I am using Linux system accounts), but this hasn't helped.

Also, we are on PLAIN + LOGIN as authentication options - I know that PLAIN isn't the best but I haven't been able to get an alternative working (yet). What are the odds of this being the PRIMARY problem here?

I have a root user enabled, but he does not have a home folder (ie. no mail folder). I am worried that the various mailing attempts to mail him (RCPT TO root@mail.mydomain.com) are being kept in limbo somewhere - instead of being deleted - because it can't find his mailbox?

Any thoughts would be great - I am due to take the box online soon, but the last thing i want it to do is to unknowingly be relaying spam - or worse - collecting wads of mail that might bring it crashing to a halt one day.

Thanks again,

Scott

smallpond · 12-21-2011, 12:13 PM

The first two lines are from postfix and don't look like errors.
The rest of the lines are from dovecot, so your postfix config is not helpful.

Code:

Dec 19 19:10:21 mail dovecot: deliver(root): chdir(/root) failed: Permission denied

"mail" is the name of your system and "dovecot" is the application which is writing this line.
This says you are asking dovecot to do something in directory /root. That is the root user's home directory, so this is obviously wrong. Dovecot is started as a root process but drops root privileges so that an error in dovecot doesn't give root access to an attack. Post your dovecot config if you can't figure out the problem.

scottmusician · 01-15-2012, 09:06 PM

Hi again,

Thanks for the advise! I'm still having issues similar to the above, and haven't found the cause of it. I suspect it's something to do with dovecot's chrooting setup (which is admittedly the one area of dovecot that I haven't investigated a lot).

As an aside, I did find that I had 2x cron-based daily emails (one is logwatch, the other is a cron.daily report) that were attempting to send to root@mail.mydomain.com . I thought that this might be breaking things (As my mailboxes lie in their own custom location - /home/%u , and also I've not created a mailbox folder for 'root' user)... but even after redirecting cron+logwatch to a different address, these errors persist.

is something (perhaps someone externally) still trying to send stuff to root@mydomain.com? or is it simply some problems with dovecot.conf? Am i relaying? Here are all of my dovecot.conf lines containing the word 'root':

Code:

login_dir = /var/run/dovecot/login
login_chroot = yes
first_valid_uid = 500
last_valid_uid = 0
valid_chroot_dirs =
mail_chroot =

auth default {
  socket listen {
    client {

   path = /var/spool/postfix/private/auth
   mode = 0660
   user = postfix
   group = postfix

mechanisms = plain login

 #userdb vpopmail {
  #}
  user = root
  #chroot =
  #count = 1
}

  # Default user/group is the one who started dovecot-auth (root)
      #user =
      #group =