Ashraf Hassanein
asked on
Permission problem between postfix and dovecot
I have dovecot and postfix on a centos based server, I had a problem initially in recieving the email, where dovecot-lda can not receive the email because of permissions, with the support of the dovecot site and experts here I managed to change the permission of the file of the dovecot-lda to be as the advice of the website:
#chmod 04750 /usr/libexec/dovecot/dovec ot-lda
#ls -l /usr/libexec/dovecot/dovec ot-lda
-rwsr-x--- 1 root root 25144 Nov 22 16:10 /usr/libexec/dovecot/dovec ot-lda
And I restarted both postfix and dovecot and I got another problem where I am getting the following error in the delivery:
Dec 20 02:51:19 myserver postfix/pipe[25018]: EEB07DECFA: to=<myself@mydomain.com>, relay=dovecot, delay=17324, delays=17324/0.04/0/0.07, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/libexec/dovecot/deliv er: Permission denied )
I searched and I found that the /usr/libexec/dovecot/deliv er is symbolic of /usr/libexec/dovecot/dovec ot-lda and have the following permissions:
lrwxrwxrwx 1 root root 11 Dec 10 22:05 /usr/libexec/dovecot/deliv er -> dovecot-lda
So it appears now the postfix can execute this file.
This file is configured as per the following in the master.cf of the postfix:
# ========================== ========== ========== ========== ========== ========
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ========================== ========== ========== ========== ========== ========
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/ deliver -f $(sender) -d $(recipient)
So I have changed the permission to:
chmod 04755 /usr/libexec/dovecot/dovec ot-lda
Now I have warning:
Dec 20 03:02:48 myserver postfix/pipe[25121]: A5AE0DED09: to=<myself@mydomain.com>, relay=dovecot, delay=0.06, delays=0.04/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/libexec/dovecot/deliv er must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids )
Any idea how can this be solved?
#chmod 04750 /usr/libexec/dovecot/dovec
#ls -l /usr/libexec/dovecot/dovec
-rwsr-x--- 1 root root 25144 Nov 22 16:10 /usr/libexec/dovecot/dovec
And I restarted both postfix and dovecot and I got another problem where I am getting the following error in the delivery:
Dec 20 02:51:19 myserver postfix/pipe[25018]: EEB07DECFA: to=<myself@mydomain.com>, relay=dovecot, delay=17324, delays=17324/0.04/0/0.07, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/libexec/dovecot/deliv
I searched and I found that the /usr/libexec/dovecot/deliv
lrwxrwxrwx 1 root root 11 Dec 10 22:05 /usr/libexec/dovecot/deliv
So it appears now the postfix can execute this file.
This file is configured as per the following in the master.cf of the postfix:
# ==========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/
So I have changed the permission to:
chmod 04755 /usr/libexec/dovecot/dovec
Now I have warning:
Dec 20 03:02:48 myserver postfix/pipe[25121]: A5AE0DED09: to=<myself@mydomain.com>, relay=dovecot, delay=0.06, delays=0.04/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/libexec/dovecot/deliv
Any idea how can this be solved?
ASKER
Thanks that helped a lot I have found many issues, so to solve it I have done the following:
Well my mail user is in vmail and secmail so I did the following:
1- chgrp vmail /usr/libexec/dovecot/dovec ot-lda
2- chmod 04750 /usr/libexec/dovecot/dovec ot-lda
3- Add postfix user to vmail
4- And I think the main mistake was in my master.cf, so I changed:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/ deliver -f $(sender) -d $(recipient)
To
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/ deliver -f ${sender} -d ${recipient}
The only problem right now when when I execute any of the following commands I get user or directory not found:
/usr/libexec/dovecot/dovec ot-lda -a user
/usr/libexec/dovecot/dovec ot-lda -a user@mydomain.com
/usr/libexec/dovecot/dovec ot-lda -d user
/usr/libexec/dovecot/dovec ot-lda -d user@mydomain.com
Can you tell me what I am doing wrong?
Well my mail user is in vmail and secmail so I did the following:
1- chgrp vmail /usr/libexec/dovecot/dovec
2- chmod 04750 /usr/libexec/dovecot/dovec
3- Add postfix user to vmail
4- And I think the main mistake was in my master.cf, so I changed:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/
To
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/
The only problem right now when when I execute any of the following commands I get user or directory not found:
/usr/libexec/dovecot/dovec
/usr/libexec/dovecot/dovec
/usr/libexec/dovecot/dovec
/usr/libexec/dovecot/dovec
Can you tell me what I am doing wrong?
What does your postfix/dovecot use for the backend user management?
since you use vmail, is mysql the user/domain repository?
since you use vmail, is mysql the user/domain repository?
ASKER
I am using the backend to store home and mail directories login credentials for the mail server as well as the forum , I am not sure if I need it as well as for quota or not as the quota is not assigned oer user but globally but honestly I failed to configure it either ways , the database was creatwd in the first place eith postixadmin and it is a postgres db.
ASKER
Honstly I have strong doubt about my dovecot-sql.conf as there is no clear one explaination on how to configure and what to write all so all the dovecote and doveadm attributes will work
Is postfix also using mysql for user info.
Dovecot just adds to that additional columns/rows/....
Dovecot just adds to that additional columns/rows/....
ASKER
Yes postfix does that as well
It seems that you are using a guide per component versus a single guide using all the components.
A postfix, dovecot mysql will provide you with a single guide to configure.
Does postfix with mysql to deliver messages.
Not sure whether your setup is such that postfix uses one database within mysql and dovecot uses another versus both referencing the same databse for user/homedir references.
A postfix, dovecot mysql will provide you with a single guide to configure.
Does postfix with mysql to deliver messages.
Not sure whether your setup is such that postfix uses one database within mysql and dovecot uses another versus both referencing the same databse for user/homedir references.
ASKER
Here are the sql files for both dovecot and postfix
pgsql_virtual_alias_maps.c f
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
#query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
pgsql_virtual_domains_maps .cf
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
pgsql_virtual_mailbox_limi t_maps.cf
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
#query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
pgsql_virtual_mailbox_maps .cf
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
#query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
dovecot-sql.conf
driver = pgsql
connect = host=localhost dbname=postfix user=postfix password=<Password>
password_query = SELECT username as user, password, '/home/vmail/%n'||'@'||'%d ' as userdb_home, 'maildir:/var/vmail/%n'||' @'||'%d' as userdb_mail, 500 as userdb_uid, 500 as userdb_gid FROM mailbox WHERE username = '%n'||'@'||'%d' AND active = '1'
user_query = select '/home/vmail/%n' as home, 'maildir:/home/vmail/'||'% n' as mail , 500 As uid , 500 as gid, 'dirsize:storage=' || quota AS quota from mailbox where username=' n'||'@'||'%d'
# For using doveadm -A:
iterate_query = SELECT username, domain FROM mailbox where username='%n'||'@'||'%d'
pgsql_virtual_alias_maps.c
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
#query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
pgsql_virtual_domains_maps
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
pgsql_virtual_mailbox_limi
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
#query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
pgsql_virtual_mailbox_maps
user = postfix
password = <Password>
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
#query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
dovecot-sql.conf
driver = pgsql
connect = host=localhost dbname=postfix user=postfix password=<Password>
password_query = SELECT username as user, password, '/home/vmail/%n'||'@'||'%d
user_query = select '/home/vmail/%n' as home, 'maildir:/home/vmail/'||'%
# For using doveadm -A:
iterate_query = SELECT username, domain FROM mailbox where username='%n'||'@'||'%d'
ASKER
Can you guide me what is wrong?
ASKER
I am using the same database for both
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
`Thank you so much for the support
The difficulty it is not clear to me what is going on.
Your LDA permissions are once again rot/root and do not have the Setuid bit 4750
Where did you get the dovecot package from?
Your LDA permissions are once again rot/root and do not have the Setuid bit 4750
Where did you get the dovecot package from?
i got mine from yum install....
probably asker too and then somebody modified hos and made setuid...
PS i'd recommend having some system integrity checks in place for next system like rkhunter or chkrootkit from Fedora's EPEL repository...
probably asker too and then somebody modified hos and made setuid...
PS i'd recommend having some system integrity checks in place for next system like rkhunter or chkrootkit from Fedora's EPEL repository...
ASKER
Sorry for getting too late, but I was suffering in fixing the problem.
The reason I needed to compile postfix is that the one with normal yum does not have a support for mysql or postgres.
Now when I do doveadm -a user@mydomain.com I can see the quota there, however I am a bit puzzeled, as I understood earlier that if the dovecot.conf has the quota mentioned in it it will make use of the quota in the file and not from the database correct? how can I make the dovecot make use of the the quota in the database? shall I remove any existance of the quota in dovecot.conf? or any other advice?
The reason I needed to compile postfix is that the one with normal yum does not have a support for mysql or postgres.
Now when I do doveadm -a user@mydomain.com I can see the quota there, however I am a bit puzzeled, as I understood earlier that if the dovecot.conf has the quota mentioned in it it will make use of the quota in the file and not from the database correct? how can I make the dovecot make use of the the quota in the database? shall I remove any existance of the quota in dovecot.conf? or any other advice?
Usually, mysql is compiled into the package.
look at the dovecot config to deal with the examples.
http://wiki2.dovecot.org/Quota/Configuration
look at the dovecot config to deal with the examples.
http://wiki2.dovecot.org/Quota/Configuration
dovecot-lda is from dovecot. just reinstall dovecot...
yum reinstall dovecot
centosplus has one with postgresql support too (edit /etc/yum.repos.d/*.repo, enable=1 and exclude=kernel* in respective place)
Postfix van easily envorce mbox file quotas, no need to invoke dovecot-lda
yum reinstall dovecot
centosplus has one with postgresql support too (edit /etc/yum.repos.d/*.repo, enable=1 and exclude=kernel* in respective place)
Postfix van easily envorce mbox file quotas, no need to invoke dovecot-lda
Secmail group
Ref link bellow.
http://wiki2.dovecot.org/LDA