[Dovecot] From Sendmail to Dovecot mdbox, what is missing.

Torpey List list at torpey.org
Tue Jan 1 16:44:02 EET 2013

-----Original Message----- 
From: Ben Morrow 
Sent: Monday, December 31, 2012 8:52 PM 
To: Dovecot Mailing List 
Subject: Re: [Dovecot] From Sendmail to Dovecot mdbox, what is missing. 

At  5PM -0600 on 31/12/12 you (Torpey List) wrote:
>> Sendmail 8.14.4
>> dovecot 2.0.9
>> I have sendmail working and it is sending mail to /var/mail/%u.
>> I have dovecot working in that I can move emails into IMAP folders and
>> I can send email through IMAP. I have set up dovecot to use mdbox
>> based on the following:
>> mail_location = mdbox:~/mail
>> However, I seem to be lacking a key piece of information.
>> Sendmail is sending the mail to /var/mail/%u as a mbox (single file
>> for all emails) format.
>> Dovecot wants to read the mail in mdbox (Multiple messages per file,
>> but unlike mbox multiple files per mailbox.) So the two programs are
>> not working together.
>> So, I cannot get dovecot to read new emails at /var/mail/%u.
>> So I tried changing to the following:
>> mail_location = mdbox:~/mail:INBOX=/var/mail/%u
>> However, dovecot complains that it is NOT a directory. That is
>> because sendmail is sending as mbox format.
>> I have tried two lines of “mail_location” but that did not work.
>> example
>> mail_location = mdbox:~/mail ----> for dovecot
>> mail_location = mbox:INBOX=/var/mail/%u -----> for sendmail
>No, that doesn't work: in fact, the second line will completely override
>the first. If you run 'doveconf -n' or 'doveconf mail_location' you will
>see that the first line doesn't have any effect.

I did not expect it to work, but I was trying all that I could before posting a question.

>If you want to keep INBOX delivery to mboxes in /var/mail, you can do
>this using two namespaces. One points to mdbox:~/mail, and holds the
>users' ordinary IMAP folders in mdbox format, and the other has
>INBOX=/var/mail/%u and just holds the INBOX. There is an example in
>http://wiki2.dovecot.org/Namespaces of doing this with Maildir and mbox;
>adjusting it for mdbox shouldn't be hard.
>You will find you need a directory for each user to hold the other
>folders in the INBOX namespace, since Dovecot doesn't know there won't
>ever be any. This directory is also used to store Dovecot's index files
>for that namespace, and it should *not* be the same as the mdbox
>directory. According to http://wiki2.dovecot.org/MailLocation/mbox , you
>can skip this if you use
>   location = mbox:/var/empty:INBOX=/var/mail/%u:INDEX=MEMORY
>(assuming /var/empty is a readonly root-owned empty directory), but
>since this tells Dovecot not to store index files on disk it may make
>INBOX access less efficient. If you use a real directory rather than
>/var/empty you may want to consider enabling the acl plugin and setting
>up a global ACL which prevents users from creating additional folders in
>the INBOX namespace.
>It's probably also a good idea to set mail_location = mdbox:~/mail and
>omit the location parameter from the mdbox namespace, since IIRC
>otherwise commands like 'doveadm purge' won't work correctly.

I am going to try an option below.

>> I have tried LMTP and dovecot-lda.
>If you want to deliver mail into the mdbox INBOX, and forget about
>/var/mail altogether, you will need to get one of these two working
>since Sendmail doesn't understand mdbox. This is probably the best
>option in the long run, unless you have other software which relies on
>mail being in /var/mail. If you pick this option you need to remove all
>references to /var/mail from dovecot.conf; with the two lines you had
>above Dovecot will simply carry on delivering into /var/mail just as
>Sendmail had been.

I would like to deliver new mail into the mdbox INBOX and forget about /var/mail but I did not see how to do this.  I think that was the piece of information that I am missing.

>> LMTP – I could not see any difference with this added or not.
>If you had configured Dovecot to deliver into /var/mail, that's hardly
>surprising. Otherwise, are you sure you were delivering mail to the LMTP
>server? If you were you should have seen entries in Dovecot's log file,
>and the delivered mail should have ended up with a Received header from
>the LMTP server.

I have used egrep and there is no line that has /var/mail that is uncommented in any of the config files.

Based on your comment, then no I do not believe the new mail was going through LMTP.

>> Dovecot-lda – I have had issues getting it configured.
>What issues? If you were trying to get the LDA to deliver to /var/mail,
>it's possible you were running into permissions problems. The best
>solution is to deliver into the mdbox instead, or just leave Sendmail to
>deliver to /var/mail.
>> Sendmail changes
>> FEATURE(`local_procmail',
>> `/usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda
>> -d $u')
>> MAILER(procmail)dnl
>I know nothing at all about Sendmail configuration, but going by the
>Dovecot wiki that looks correct. Are you sure mail for the appropriate
>users was actually getting routed through that mailer? What did you see
>in the logs (you need to check both Dovecot's and Sendmail's logs,
>wherever they may be).

Thanks for the information.
The email is not being delivered by LTMP because there are no logs.

The most documentation that I have found is using dovecot-lda, but as you said there are permissions issues.  The wiki implied that LTMP is the best solution but I am not understanding enough to get it set up.

Therefore, I am attempting to stick with dovecot-lda *using sudo* from the dovecot-lda wiki page.  The wiki said to put /usr/bin/sudo in front of path/dovecot-lda but did not say which one or both.  I could not get it to work.

The option that has gone the furthest is *Making dovecot-lda setuid-root*.
However, I have errors.  Here are the permissions.

           -rwxr-xr-x. 1 root secmail 26512 Aug 18  2011 /usr/libexec/dovecot/dovecot-lda
           srw-------. 1 mail root 0 Jan  1 08:39 /var/run/dovecot/auth-userdb

==> /var/log/maillog <==
Jan  1 08:24:02 nala sendmail[20154]: r01EO2qc020154: from=<user at yahoo.com>, size=5723, class=0, nrcpts=1, msgid=<1357050226.83142.YahooMailNeo at web120205.mail.ne1.yahoo.com>, proto=ESMTP, daemon=MTA, relay=mail.example.com []
Jan 01 08:24:02 lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=0(root) egid=0(root) missing +r perm: /var/run/dovecot/auth-userdb, euid is dir owner)
Jan 01 08:24:02 lda: Fatal: Internal error occurred. Refer to server log for more information.
Jan  1 08:24:02 nala sendmail[20155]: r01EO2qc020154: to=user at example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=35889, dsn=4.0.0, stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda) exited with EX_TEMPFAIL

==> /var/log/messages <==
Jan  1 08:24:02 nala kernel: type=1400 audit(1357050242.947:42): avc:  denied  { dac_override } for  pid=20156 comm="dovecot-lda" capability=1  scontext=unconfined_u:system_r:dovecot_deliver_t:s0 tcontext=unconfined_u:system_r:dovecot_deliver_t:s0 tclass=capability
Jan  1 08:24:02 nala kernel: type=1400 audit(1357050242.947:43): avc:  denied  { dac_override } for  pid=20156 comm="dovecot-lda" capability=1  scontext=unconfined_u:system_r:dovecot_deliver_t:s0 tcontext=unconfined_u:system_r:dovecot_deliver_t:s0 tclass=capability
Jan  1 08:24:02 nala kernel: type=1400 audit(1357050242.947:44): avc:  denied  { dac_read_search } for  pid=20156 comm="dovecot-lda" capability=2  scontext=unconfined_u:system_r:dovecot_deliver_t:s0 tcontext=unconfined_u:system_r:dovecot_deliver_t:s0 tclass=capability

So, the error appears to be related to /var/run/dovecot/auth-userdb.  I have made various permission and owner changes; however, restarting dovecot always returns it to the permissions above.  So, even if I find a combination that works, dovecot is going to put it back.

Thanks for any help,

More information about the dovecot mailing list