[SOLVED] Postfix+Dovecot Maildir file ownership

efaj · 04-20-2010, 11:30 AM

I've got a Postfix + Dovecot mail configuration in a CentOS 5 box. Emails get send properly, mail scanner and spamassasin work as supposed, but without manually changing file permissions, you can't check mails neither from squirrel mail nor terminal's telnet.

The file gets the ownership from the LDAP user that it was addressed to, with Read and Write perms, Group is domain users, with no perms, and neither world has perms. Dovecot is using a vmail user and group to access this mails, therefore not having the appropiate permissions to open them.

I need to either change the receiving permissions or Dovecot permissions to change with the logged on user. There's an active connection to the AD that houses this users.

*Note: I am still unsure if I got the email server model correctly. I've been messing around this programs config files, with no change yet...

frndrfoe · 04-21-2010, 08:50 PM

The Dovecot imap or pop processes should fork as the user who authenticates so that they can have access, the mails are getting stored with the correct permissions. There is something weird in your dovecot config.

efaj · 04-29-2010, 11:53 AM

Quote:

Originally Posted by frndrfoe

The Dovecot imap or pop processes should fork as the user who authenticates so that they can have access, the mails are getting stored with the correct permissions. There is something weird in your dovecot config.

I tried to change the local delivery to deliver and now it got worse and now emails can't be received, postfix says there's no such user in "local recipient table"

Here's postconf -n

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:500
virtual_mailbox_base = /home/PRODUS/
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:500

and dovecot -n

Code:

# 1.0.7: /etc/dovecot.conf
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir/
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3): outlook-idle
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  passdb:
    driver: ldap
    args: /etc/dovecot-ldap.conf
  userdb:
    driver: static
    args: uid=500 gid=500 home=/home/PRODUS/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 384
      user: postfix
      group: postfix
[root@mail ~]# clear

[root@mail ~]# dovecot -n
# 1.0.7: /etc/dovecot.conf
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir/
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3): outlook-idle
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  passdb:
    driver: ldap
    args: /etc/dovecot-ldap.conf
  userdb:
    driver: static
    args: uid=500 gid=500 home=/home/PRODUS/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 384
      user: postfix
      group: postfix

frndrfoe · 04-29-2010, 01:53 PM

I dont know what this means.

Quote:

I tried to change the local delivery to deliver

It sounds like Postfix was working properly before, It was dovecot that was not forking as the authenticated user.

efaj · 05-05-2010, 11:38 AM

Quote:

Originally Posted by frndrfoe

I dont know what this means.

It sounds like Postfix was working properly before, It was dovecot that was not forking as the authenticated user.

"Deliver" is dovecot's local delivery something. Since I thought the problem was related to the email delivery in the computer I thought it would fix it.
Ok, your first post was right. Everything works right. But not with the configuration that was set when I got that box, so I deleted postfix and dovecot and once they were reinstalled after the basic configuration they worked.
The mails were sent as the AD user, and retrieved as the AD user.
Dunno which of the config parameters messed that but... it's solved now.