permission related issues dovecot postfix

Question

I have the following error message in the dovecot errors & warnings log after I've tried to rebuild my mail server.

Prior to these errors, I updated my aging system to the latest, and lots of things broke. The configuration was confetti, so I attempted to rebuild the mail server. To get this error, I simply login to Roundcube mail. I'm able to login, however I cant see any emails.

I'm seeing two issues in the error, just not sure how to fix it.

Feb 06 18:07:15 imap(brad@nostalgicmail.com)<96785><ZgOYWl3XtMwX/pCT>: Error: chdir(/var/vmail/nostalgicmail.com/brad@nostalgicmail.com/) failed: Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)

Feb 06 18:07:15 imap(brad@nostalgicmail.com)<96785><ZgOYWl3XtMwX/pCT>: Error: stat(/var/vmail/nostalgicmail.com/brad@nostalgicmail.com/subscriptions) failed: Permission denied

Issue 1: chdir(/var/vmail/nostalgicmail.com/brad@nostalgicmail.com/)

This is not the correct directory, it should be /var/vmail/nostalgicmail.com/brad

Issue 2: Permission denied (euid=150() egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)

This might be fixed after Issue 1 is corrected.

I do have other work to do to complete the server, such as making sure all SSL keys are correct, reintegrating sieve & spamassassin, dkim, spf, and so on. For now, I just need the email server to function.

My directory setup looks like so:

zion@hwsrv-890039:~$ sudo ls -Al /var/vmail/
total 16
drwx------  5 vmail vmail 4096 Sep 10 19:06 kingmobiletransport.com
drwx------ 11 vmail vmail 4096 Jan 20 18:49 nostalgicmail.com
drwx------  3 vmail vmail 4096 Aug 15 05:28 sites-by-brad.com
drwx------  2 vmail vmail 4096 Feb  5 20:26 spamassassin
zion@hwsrv-890039:~$ sudo ls -Al /var/vmail/nostalgicmail.com/
total 36
drwx------ 4 vmail vmail 4096 Jan 10 19:47 brad
drwx------ 3 vmail vmail 4096 Jan 10 03:59 chronicle
drwx------ 3 vmail vmail 4096 Jul 22  2021 dirtywill
drwx------ 3 vmail vmail 4096 Jul  6  2021 emerald
drwx------ 3 vmail vmail 4096 Jul  6  2021 mickey
drwx------ 3 vmail vmail 4096 Jul  9  2021 mistyblue
drwx------ 4 vmail vmail 4096 Sep 21 20:54 mquin007
drwx------ 3 vmail vmail 4096 Jan 20 18:49 tribeofriche
drwx------ 3 vmail vmail 4096 Jul 29  2021 weather
zion@hwsrv-890039:~$ sudo ls -Al /var/vmail/nostalgicmail.com/brad/
total 12
lrwxrwxrwx  1 vmail vmail   21 Jul  9  2021 .dovecot.sieve -> sieve/roundcube.sieve
-rw-------  1 vmail vmail  726 Jan 10 19:47 .dovecot.svbin
drwx------ 22 vmail vmail 4096 Feb  5 21:57 Maildir
drwx------  3 vmail vmail 4096 Jan 10 19:35 sieve
zion@hwsrv-890039:~$

Dovecot config looks like so:

zion@hwsrv-890039:~$ sudo doveconf -n > dovecot_config
zion@hwsrv-890039:~$ cat dovecot_config 
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-cloud-amd64 x86_64 Debian 11.2 ext4
# Hostname: hwsrv-890039.nostalgicmail.com
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot_debug.log
first_valid_uid = 100
info_log_path = /var/log/dovecot_info.log
log_path = /var/log/dovecot_error_warnings.log
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%u
mail_privileged_group = mail
mail_uid = vmail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = postmaster@nostalgicmail.com
protocols = " imap lmtp"
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service lmtp {
  unix_listener lmtp {
    group = postfix
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/letsencrypt/live/nostalgicmail.com/cert.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
verbose_ssl = yes
zion@hwsrv-890039:~$ 

Postfix looks like so:

zion@hwsrv-890039:~$ sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = localhost
myhostname = hwsrv-890039.nostalgicmail.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
zion@hwsrv-890039:~$ 

---

@Andrew Richards Thanks! Your reply gave me a lot of information to go on.

(For others facing a similar problem)

I started out by sending grep -rnw '/etc/dovecot' -e 'mail_location' to find all instances of mail_location to make changes there. Restarted dovecot.service

From there, I still had Error: stat(/var/vmail/nostalgicmail.com/brad@nostalgicmail.com) errors. I remember from the documentation that there are SQL queries that use the mailbox locations as well, so I sent grep -rnw '/etc/dovecot' -e '/var/vmail/%d/%u' to find them. Made corrections, and restarted dovecot.service again.

This cleaned up the first part of my errors, but I still had permissions issues.

Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm:

The above line tells me that UID 150 is unknown to my system and dir owned by 2000:2000 mode=0700) tells me who does own the directory. grep -rnw '/etc/dovecot' -e '150' shows that the SQL string I had is setting a UID for me, so I changed 150 to 2000, restarted dovecot, and it works! I still wanted to know what user UID 2000 is, so I used grep -rnw '/etc/dovecot' -e '2000' which happily reported that UID 2000 belongs to user vmail

Answer 1

You state "This is not the correct directory, it should be /var/vmail/nostalgicmail.com/brad". Your (helpfully supplied) config contains,

mail_location = maildir:/var/vmail/%d/%u

Dovecot's mail location variables will render %u as user@domain. Change this to %n, "User part in user@domain" for it to use the path you've mentioned.

You'll may still get the first error though, key part for me,

...Permission denied (euid=150(<unknown>) egid=8(mail) missing +x perm: /var/vmail/nostalgicmail.com, dir owned by 2000:2000 mode=0700)

Assuming the error remains, look up those UIDs in /etc/passwd to see what usernames are involved, then see how that relates to your config, perhaps esp. parts to do with auth. From there you'll likely need to adjust one or more of the Dovecot config, the authentication / mailbox lookup or directory ownership / permissions.