[Dovecot] deliver LDA issue with setuid-root

Daminto Lie dlie76 at yahoo.com.au
Wed Sep 28 09:37:32 EEST 2011 

Hi,

I am getting the following error message when trying to implement LDA Dovecot 1.2.9 with virtual users:


Sep 28 15:59:33 server1 postfix/pipe[3041]: 28BEC2400A1: to=<msmith at example.com>, relay=dovecot, delay=2361, delays=2361/0.01/0/0.03, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/lib/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids )

I do not know if I need to change the group to secmail. Currently, I have as follows

-rwsr-xr-x   1 root root 933796 2011-06-10 05:36 deliver


Can I change it to any other group apart from secmail? and what does it mean by world-executable? Sorry if I ask a silly question here but keen to learn more about linux.

Here is my dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap
listen: *:143
ssl: no
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 106
last_valid_uid: 200
mail_privileged_group: mail
mail_location: maildir:/home/vmail/%u/Maildir
mbox_write_locks: fcntl dotlock
mail_plugins: quota imap_quota
imap_client_workarounds: outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
  postmaster_address: postmaster at example.com
  mail_plugins: quota
  sendmail_path: /usr/lib/sendmail
  rejection_reason: Your message to <%t> was automatically rejected:%n%r
auth default:
  mechanisms: plain login
  username_format: %Lu
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: pam
  passdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  userdb:
    driver: prefetch
  userdb:
    driver: passwd
  userdb:
    driver: static
    args: uid=106 gid=1010 home=/home/vmail/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: mail
    master:
      path: /var/run/dovecot-auth-master
      mode: 432
      user: vmail
      group: vmail
plugin:
  quota: maildir
  quota_rule: *:storage=3GB
  quota_rule2: Trash:storage=20%%
  quota_rule3: Spam:storage=10%%
  quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95
  quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80

Here is my master.cf
# delivery through dovecot
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

Any help would be greatly appreciated.

Thank you

More information about the dovecot mailing list