Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Postfix barfing on dovecot LDA transport

457 views
Skip to first unread message

Corey Chandler

unread,
Jul 16, 2010, 6:28:07 PM7/16/10
to
I've been running dovecot + postfix with a MySQL backend for a while now,
and been happy with it.

Now that I want to implement Sieve filtering, I discovered that I'm using
postfix's virtual transport instead of Dovecot's LDA.

Adding virtual_transport = dovecot to the main.cf file and
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d
${recipient}

to the master.cf file results in this:
Jul 16 14:52:13 Leavenworth postfix/pipe[31344]: fatal: user=
command-line attribute specifies mail system vmail group id 1008

That is the correct user + UID that owns the mail spool, and has been
handling the virtual transport. Postconf -n is below; anyone have any
suggestions as to how to troubleshoot this further?

alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
hash_queue_depth = 2
hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix
inet_protocols = ipv4, ipv6
mailbox_size_limit = 0
mailbox_transport = virtual
message_size_limit = 150000000
mydestination = leavenworth.sequestered.net
mydomain = sequestered.net
myhostname = leavenworth.sequestered.net
mynetworks = 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf
sample_directory = /etc/postfix
setgid_group = vmail
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions = ${stress?reject_unknown_client_hostname} check_client_access cidr:/etc/postfix/cidr_access
smtpd_data_restrictions = reject_multi_recipient_bounce reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unlisted_recipient check_client_access cidr:/etc/postfix/whitelisted_senders check_recipient_access hash:/etc/postfix/access check_sender_access hash:/etc/postfix/undesirable_senders check_sender_access regexp:/etc/postfix/dynamic reject_non_fqdn_hostname reject_unknown_reverse_client_hostname reject_rbl_client psbl.surriel.com reject_rbl_client zen.spamhaus.org reject_rbl_client dnsbl.ahbl.org reject_rbl_client bl.spamcop.net reject_rhsbl_sender rhsbl.ahbl.org warn_if_reject reject_rbl_client dnsbl.sorbs.net permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_timeout = 120
smtpd_tls_CAfile = /etc/postfix/mail.pem
smtpd_tls_cert_file = /etc/postfix/mail.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1008
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5120000000000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_uid_maps = static:1008

Corey Chandler

unread,
Jul 16, 2010, 6:42:19 PM7/16/10
to
On Fri, Jul 16, 2010 at 03:28:07PM -0700, Corey Chandler wrote:
> I've been running dovecot + postfix with a MySQL backend for a while now,
> and been happy with it.
>
> Now that I want to implement Sieve filtering, I discovered that I'm using
> postfix's virtual transport instead of Dovecot's LDA.
>
> Adding virtual_transport = dovecot to the main.cf file and
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d
> ${recipient}
>
> to the master.cf file results in this:
> Jul 16 14:52:13 Leavenworth postfix/pipe[31344]: fatal: user=
> command-line attribute specifies mail system vmail group id 1008

Found the problem. setgid_group = vmail is bad, that should equal
postdrop.

Ran postfix set-permissions, and the problem went away. \o/

-- Corey / KB1JWQ

Wietse Venema

unread,
Jul 16, 2010, 7:00:33 PM7/16/10
to
Corey Chandler:

> Jul 16 14:52:13 Leavenworth postfix/pipe[31344]: fatal: user=
> command-line attribute specifies mail system vmail group id 1008

As the error message says, you MUST NOT run non-Postfix programs
with Postfix user or group privileges.

Wietse

0 new messages