[opensuse] lmtp socket - permission denied / Postfix + Cyrus + LDAP.
I'm on opensuse 10.1. I read the mailing list and noticed many people with the same problem. Cyrus and Postfix are on the same machine. Postfix cannot connect to the ltmp socket and deliver mail to Cyrus, so it can then deliver to users: --- host postfix/lmtp[7070]: A8721F25E: to=<xx@xx>, relay=none, delay=17, status=deferred (connect to /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp]: Permission denied) --- srwxrwxrwx 1 root root 0 Jun 25 10:33 /var/lib/imap/socket/lmtp drwxr-x--- 13 cyrus mail 4096 Jun 26 08:03 imap (/var/lib/imap) --- user cyrus is cyrus.mail user postfix is postfix.postfix --- I tried to stop apparmor, but even so it didn't work, with the same message. I went thru the apparmor profiles and there was nothing about the postfix user/group neither the executable or that particular diretory. The apparmor profiles are the same from default install, and all mentioned software are from the 10.1 repositories. When I add the postfix user to the mail group, it works ok. But I don't want to do that, it might cause some misbehavior(?), I would like a different more "correct" approach, say to change apparmor config to let the postfix user or the executable from postfix which tries to use that socket to do so. What do you think would be more appropriated? thanks, lauro --------- imapd.conf sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd sasl_auto_transition: no configdirectory: /var/lib/imap defaultpartition: default partition-default: /var/spool/imap partition-news: /var/spool/imap/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no admins: cyrus allowanonymouslogin: no popminpoll: 1 autocreatequota: 0 umask: 007 sievehomedir: false sievedir: /var/lib/sieve hashimapspool: true allowplainttext: yes lmtpsocket: /var/lib/imap/socket/lmtp idlesocket: /var/lib/imap/socket/idlei notifysocket: /var/lib/imap/socket/notify sendmail: /usr/sbin/sendmail tls_cert_file: /var/lib/imap/server.pem tls_key_file: /var/lib/imap/server.pem tls_ca_file: /var/lib/imap/server.pem tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH servername: xx.xx (masked) postmaster: postmaster reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes --------- cyrus.conf START { recover cmd="ctl_cyrusdb -r" idled cmd="idled" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } --------- main.cf (postfix - just some parts) ... mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mail_spool_directory = /var/mail ... --------- end ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
lauro@npd.ufsc.br wrote:
I'm on opensuse 10.1. I read the mailing list and noticed many people with the same problem. Cyrus and Postfix are on the same machine.
Postfix cannot connect to the ltmp socket and deliver mail to Cyrus, so it can then deliver to users: --- host postfix/lmtp[7070]: A8721F25E: to=<xx@xx>, relay=none, delay=17, status=deferred (connect to /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp]: Permission denied) --- srwxrwxrwx 1 root root 0 Jun 25 10:33 /var/lib/imap/socket/lmtp drwxr-x--- 13 cyrus mail 4096 Jun 26 08:03 imap (/var/lib/imap) --- user cyrus is cyrus.mail user postfix is postfix.postfix ---
the user Postfix does not have permission to access the socket.
I tried to stop apparmor, but even so it didn't work, with the same message. I went thru the apparmor profiles and there was nothing about the postfix user/group neither the executable or that particular diretory. The apparmor profiles are the same from default install, and all mentioned software are from the 10.1 repositories.
When I add the postfix user to the mail group, it works ok. But I don't want to do that, it might cause some misbehavior(?), I would like a
What misbehaviour did you encounter?
different more "correct" approach, say to change apparmor config to let the postfix user or the executable from postfix which tries to use that socket to do so. What do you think would be more appropriated?
It's a rather miserable affair. The Default configuration does not cover the delivery via lmtp. I think they fixed the permissions in 10.2, though I haven't checked it lately. Adding postfix to the mail group was a sufficient solution for me. You could simply tell Cyrus to put the socket in a directory where the user postfix already has access to. Though I am not sure if this will break when you update. It shouldn't break. Another question is if you have other applications that need to access the socket? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Quoting Sandy Drobic <suse-linux-e@japantest.homelinux.com>:
lauro@npd.ufsc.br wrote:
I'm on opensuse 10.1. I read the mailing list and noticed many people with the same problem. Cyrus and Postfix are on the same machine.
Postfix cannot connect to the ltmp socket and deliver mail to Cyrus, so it can then deliver to users: --- host postfix/lmtp[7070]: A8721F25E: to=<xx@xx>, relay=none, delay=17, status=deferred (connect to /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp]: Permission denied) --- srwxrwxrwx 1 root root 0 Jun 25 10:33 /var/lib/imap/socket/lmtp drwxr-x--- 13 cyrus mail 4096 Jun 26 08:03 imap (/var/lib/imap) --- user cyrus is cyrus.mail user postfix is postfix.postfix ---
the user Postfix does not have permission to access the socket.
I tried to stop apparmor, but even so it didn't work, with the same message. I went thru the apparmor profiles and there was nothing about the postfix user/group neither the executable or that particular diretory. The apparmor profiles are the same from default install, and all mentioned software are from the 10.1 repositories.
When I add the postfix user to the mail group, it works ok. But I don't want to do that, it might cause some misbehavior(?), I would like a
What misbehaviour did you encounter?
Sorry, I wasn't clear, I meant, changing the default users/groups permission setup might cause eventual misbehaviors/problems.
different more "correct" approach, say to change apparmor config to let the postfix user or the executable from postfix which tries to use that socket to do so. What do you think would be more appropriated?
It's a rather miserable affair. The Default configuration does not cover the delivery via lmtp. I think they fixed the permissions in 10.2, though I haven't checked it lately. Adding postfix to the mail group was a sufficient solution for me.
Since you (and others, I read some more messages) reported changing permissions with apparently no collateral effects solved the problem, I'll try this. The emails I read were from previous opensuse versions, and since I still have the problem on 10.1, I don't plan to go to 10.2 or 10.3 now, I decided to check the mailing list first.
You could simply tell Cyrus to put the socket in a directory where the user postfix already has access to. Though I am not sure if this will break when you update. It shouldn't break. Another question is if you have other applications that need to access the socket?
Right now just postfix and cyrus. This might change in a near future, I may consider moving the socket elsewhere. thanks, Lauro
-- Sandy
List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Jun 26, 2007 at 08:37:50AM -0300, lauro@npd.ufsc.br wrote:
Postfix cannot connect to the ltmp socket and deliver mail to Cyrus, so it can then deliver to users: --- host postfix/lmtp[7070]: A8721F25E: to=<xx@xx>, relay=none, delay=17, status=deferred (connect to /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp]: Permission denied)
I tried to stop apparmor, but even so it didn't work, with the same message. I went thru the apparmor profiles and there was nothing about
You can determine if AppArmor is involved without stopping it; check /var/log/audit/audit.log (if you're using auditd), or /var/log/messages (if you're not using auditd). The aa-logprof tool will read through these logs and present for your inspection all the messages, so that you can add them to the profile if you wish. Hope this helps (future) problem solving :) Thanks
participants (4)
-
John Andersen -
lauro@npd.ufsc.br -
Sandy Drobic -
Seth Arnold