deliver: "couldn't connect to lmtpd: Permission denied"

Jacob cyrus-list at bitgig.com
Wed May 21 14:05:16 EDT 2003 

Thanks for your suggestions.

The qmail-users facility sounds like a great solution. However, I
would also like to have spamassassin check messages on a per-user
basis as they're being delivered (i.e. "| spamc | deliver username" in
.qmail) if possible. In order for spamassassin to consult an
individual user's configuration, it must be invoked as that user, so I
believe delivering as user cyrus won't work in this case.

The combination of qmail/cyrus/spamassassin doesn't seem to be a
common one, and I am willing to give postfix a shot if I'm not able to
get it working without compromising the integrity of any of the
systems involved. Anyone have any experience with such a combination?

Jacob

On Tue, May 20, 2003 at 08:24:14PM -0700, Patrick Morris wrote:
> The qmail-users facility assigns which account mail will be delivered 
> as.  Users can be set to have mail delivered by the "cyrus" user, which 
> takes care of the LMTP permissions problem without a setgid "deliver."
> 
> A default can be set up using wildcards if all users on a system are to 
> have mail delivered via Cyrus.
> 
> Mark Keasling wrote:
> 
> >Hi,
> >
> >Be very careful about adding users to group mail.  This may the correct
> >approach; but, it doesn't seem right to me.
> >
> >A different approach would be changing the deliver permissions to:
> >-rwxr-sr-x  1 root  mail  973204 May 19 12:48 /usr/cyrus/bin/deliver*
> >by:
> > chmod 2755 /usr/cyrus/bin/deliver
> > chgrp mail /usr/cyrus/bin/deliver
> >
> >This shouid cause deliver to run as group mail enabling access to
> >/var/imap.  This may be better than giving users free access to
> >everything in the mail group.
> >
> >The problem with permissions may well be in the qmail configuration
> >(about which I know nothing) or the cyrus configuration/setup which
> >from what I saw looked reasonable.  It could also be that qmail and
> >cyrus just don't play well together.  Anyone?
> >
> >On Tue, 20 May 2003 19:05:11 -0700, Jacob <cyrus-list at bitgig.com> wrote...
> > 
> >
> >>Hi, thanks for your response. I found the problem:
> >>
> >># ls -dl /var/imap
> >>drwxr-x---   11 cyrus    mail         4096 May 20 18:46 /var/imap/
> >>
> >>I fixed it by adding the necessary users to group mail.
> >>
> >>Thanks,
> >>Jacob
> >>
> >>On Wed, May 21, 2003 at 10:45:31AM +0900, Mark Keasling wrote:
> >>   
> >>
> >>>Hi,
> >>>
> >>>According to your ls output, it seems as though any one should be able to
> >>>connect to /var/imap/socket/lmtp.  If you can list it as the user and it
> >>>has those permissions, you should be able to connect to it.  At least I
> >>>don't know of any reason why you would not be able to do so.  What are 
> >>>the
> >>>permissions of the directories out of curiosity?
> >>>   /var
> >>>   /var/imap
> >>>   /var/imap/socket
> >>>
> >>>On Tue, 20 May 2003 14:00:12 -0700, Jacob <cyrus-list at bitgig.com> 
> >>>wrote...
> >>>     
> >>>
> >>>>I am trying to deliver to cyrus using qmail (with
> >>>>"|/usr/cyrus/bin/deliver username" in each user's .qmail file), but
> >>>>deliver fails reporting that it can't connect to lmtpd.
> >>>>
> >>>>lmtpd is running and I can deliver messages via deliver on the command
> >>>>line as root and as cyrus, but not as any other user.
> >>>>
> >>>>The mailbox to which I am trying to deliver has 'anonymous p' set. I
> >>>>have tried starting lmtpd with -a, and have also tried specifying
> >>>>"deliver -a anonymous", but without luck.
> >>>>
> >>>>Am I missing something obvious?
> >>>>
> >>>>I am using cyrus imap 2.1.13 built from source on red hat 8.0, with
> >>>>sasl 2.1.10 installed as an rpm.
> >>>>
> >>>>Thanks,
> >>>>Jacob
> >>>>
> >>>>$ /usr/cyrus/bin/deliver username < email_file
> >>>>couldn't connect to lmtpd: Permission denied
> >>>>421 4.3.0 deliver: couldn't connect to lmtpd
> >>>>
> >>>>$ ls -l /usr/cyrus/bin/deliver 
> >>>>-rwxr-xr-x  1 root  root  973204 May 19 12:48 /usr/cyrus/bin/deliver*
> >>>>
> >>>># ls -l /var/imap/socket/lmtp
> >>>>srwxrwxrwx  1 root  root       0 May 19 19:53 /var/imap/socket/lmtp=
> >>>>
> >>>>$ cat /etc/imapd.conf
> >>>>configdirectory: /var/imap
> >>>>partition-default: /var/spool/imap
> >>>>admins: cyrus root
> >>>>sasl_pwcheck_method: auxprop
> >>>>sendmail: /usr/sbin/sendmail
> >>>>tls_cert_file: /var/imap/server.pem
> >>>>tls_key_file: /var/imap/server.pem
> >>>>
> >>>>$ diff /etc/cyrus.conf 
> >>>>/usr/local/src/cyrus-imapd-2.1.13/master/conf/prefork.conf 16,17c16,17
> >>>>< #  pop3               cmd="pop3d" listen="pop3" prefork=3
> >>>>< #  pop3s              cmd="pop3d -s" listen="pop3s" prefork=1
> >>>>---
> >>>>       
> >>>>
> >>>>> pop3                cmd="pop3d" listen="pop3" prefork=3
> >>>>> pop3s               cmd="pop3d -s" listen="pop3s" prefork=1
> >>>>>         
> >>>>>
> >>>>$ rpm -qa | grep sasl
> >>>>cyrus-sasl-2.1.10-1
> >>>>cyrus-sasl-devel-2.1.10-1
> >>>>cyrus-sasl-plain-2.1.10-1
> >>>>cyrus-sasl-md5-2.1.10-1
> >>>>
> >>>>from /var/log/imapd.log:
> >>>>
> >>>>May 20 13:44:06 hostname deliver[1930]: connect(/var/imap/socket/lmtp) 
> >>>>failed: Permission denied
> >>>>       
> >>>>
> >
> >Regards,
> >Mark Keasling <mark at air.co.jp>
> >
> > 
> >
> 
> 

-- 
http://jacob.hesch.cc/

More information about the Info-cyrus mailing list