0

I'm no able to find a complete tutorial about Maildir and the folders where reside owner and permissions if there's any and you already found it , please share.

Anyway I wonder if there is a way to get errors outputs related to Maildir configuration with Postfix , Dovecot log or any other tool , something like (hey this folder has a wrong owner or there is a lack of permissions or even if is not created)

I know your going to tell me: send us your folder and configuration , but I would like to know how to debug this for other future cases.

What I would really would like to know is for example: My virtual users has /home/user/domain/usermail/Maildir

What permissions and owner should have home, user, domain , usermail and Maildir

Please keep in mind what I care the most is TO LEARN TO DEBUG related problems with folders permissions.

and I have in dovecot.conf:

 verbose_ssl=yes
 mail_debug=yes
 auth_debug=yes
 auth_verbose=yes

and in master.cf postfix conf on this lines

smtp    inet    n       -       n       -       -       smtpd -v
submission inet n       -       n       -       -       smtpd -v

BTW is drwxr-s--- permission ok with usermail folder ?

MikZuit
  • 391
  • 2
  • 7
  • 16

2 Answers2

2

I assume you are using dovecot-lda to deliver your Mails to your Maildir. IIRC dovecot-lda shows you detailed information about what permissions it's missing.

dovecot-lda doesn't have access to the global logging facility of dovecot. So you have to configure logging for the dovecot-lda separately. Therefore you have to look for "protocol lda {" in your dovecot configuration and change the parameters log_path and info_log_path according to your needs. If you put here files than those should be writeable by dovecot-lda and if you want to use syslog (aka leave the parameters empty) you have to modify the permission of /dev/log.

The dovecot wiki has more details: http://wiki2.dovecot.org/LDA

BTW: You don't need smtp and submission verbose log in postfix if you want to find out whats the problem with the local mail delivery.

sebokopter
  • 716
  • 5
  • 11
  • that's interesting , what alternatives do i have as dovecotLDA? – MikZuit Mar 07 '15 at 15:57
  • 2
    @MikZuit: I would recommend dovecot-lda since it enables you to use some more dovecot features like indexing, sieve-support and quota-policy. But you can also set up postfix to deliver your mails to your Maildir via [local(8)](http://www.postfix.org/local.8.html) or [virtual(8)](http://www.postfix.org/virtual.8.html), like suggested by [André Daniel](http://serverfault.com/a/673696/78147). – sebokopter Mar 08 '15 at 09:59
2

For virtual users you need to create a system user account and have it own the mails, and then configure that user's UID & GID in Postfix and Dovecot.

Here are the relevant parts of my dovecot.conf :

userdb {
  driver = static
  args = uid=8 gid=12 home=/var/spool/mail/%n
}

mail_location = maildir:~
mail_uid = 8
mail_gid = 12

The userdb is a really simple passwd-like file with just usernames and passwords and everything else is hardcoded in the actual userdb {...} block above, so UID and GID, and the "home" of the user is in /var/spool/mail and starts with whatever login was used (assuming it was defined in the passwd file beforehand, otherwise access will be denied).

mail_location tells it that mails are in maildir format and located in ~ (home), which corresponds to the "home" path it got from the userdb above. mail_gid/uid again set the ownership of the mails to the corresponding system user that should own the mails; it should obviously be the same in Postfix.

Postfix main.cf :

virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = hash:/etc/postfix/vmailboxes
virtual_uid_maps = static:8
virtual_gid_maps = static:12

Same base directory as Dovecot, the /etc/postfix/vmailboxes just has the syntax <mail user account> <mail directory>/ so for example if it contains serverfault serverfault/ that tells Postfix that any mail received to serverfault@domain would end up in /var/spool/mail/serverfault, which corresponds to where Dovecot will look for them when you log in with the serverfault username.

The virtual_uid/gid_maps are again to set the ownership of the mails to the system user we choose/created beforehand, it should be the same as Dovecot.

I don't know of any particular options for logging required to display errors, if I mess up the permissions of the virtual mail folder my Dovecot starts screaming in the logs without any special configuration (no logging-related options in my dovecot.conf) :

Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: chdir(/var/spool/mail/username/) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: chdir(/var/spool/mail/username) failed: Permission denied
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: opendir(/var/spool/mail/username) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /var/spool/mail/username)
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: opendir(/var/spool/mail/username) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /var/spool/mail/username)
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:04 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: chdir(/var/spool/mail/username/) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: chdir(/var/spool/mail/username) failed: Permission denied
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/.Sent Messages/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/.Sent Messages/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:09 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:10 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/.Sent Messages/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)
Mar 07 12:54:10 sanctuary dovecot[2175]: imap(username): Error: stat(/var/spool/mail/username/tmp) failed: Permission denied (euid=8(mail) egid=12(mail) missing +x perm: /var/spool/mail/username, dir owned by 0:0 mode=0700)

Same with Postfix when I attempt to send an email with the permissions messed up :

Mar 07 12:56:45 sanctuary postfix/virtual[2736]: warning: maildir access problem for UID/GID=8/12: create maildir file /var/spool/mail/username/tmp/1425729405.P2736.sanctuary: Permission denied
Mar 07 12:56:45 sanctuary postfix/virtual[2736]: warning: perhaps you need to create the maildirs in advance
Mar 07 12:56:45 sanctuary postfix/virtual[2736]: E752F186: to=<username@sanctuary>, relay=virtual, delay=0.05, delays=0.03/0.01/0/0.01, dsn=4.2.0, status=deferred (maildir delivery failed: create maildir file /var/spool/mail/username/tmp/1425729405.P2736.sanctuary: Permission denied)
  • As you said I should have "dovecot" or "virtual" logging this errors and from @sebokopter I also get "local" . Well I didn't have any errors from them but that answer my question between you both. Thanks – MikZuit Mar 09 '15 at 11:26
  • Oh hey @André Daniel I have my dovecot like this userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } and my dovecot-sql.conf is something like this https://wiki.archlinux.org/index.php/Virtual_user_mail_system getting from db. and my mail_location = maildir:/home/vmail/%d/%n/Maildir Does it seems ok to you? I know is not the question, already accept this, just like anyone opinion about my configuration – MikZuit Mar 09 '15 at 11:27
  • @MikZuit unless you have many (100+) users I think using a database is totally overkill and a waste of resources. Better use my simple file-based method. –  Mar 09 '15 at 11:58