deliver: "couldn't connect to lmtpd: Permission denied"
Patrick Morris
pmorris at wilshire.com
Tue May 20 23:24:14 EDT 2003
The qmail-users facility assigns which account mail will be delivered
as. Users can be set to have mail delivered by the "cyrus" user, which
takes care of the LMTP permissions problem without a setgid "deliver."
A default can be set up using wildcards if all users on a system are to
have mail delivered via Cyrus.
Mark Keasling wrote:
>Hi,
>
>Be very careful about adding users to group mail. This may the correct
>approach; but, it doesn't seem right to me.
>
>A different approach would be changing the deliver permissions to:
>-rwxr-sr-x 1 root mail 973204 May 19 12:48 /usr/cyrus/bin/deliver*
>by:
> chmod 2755 /usr/cyrus/bin/deliver
> chgrp mail /usr/cyrus/bin/deliver
>
>This shouid cause deliver to run as group mail enabling access to
>/var/imap. This may be better than giving users free access to
>everything in the mail group.
>
>The problem with permissions may well be in the qmail configuration
>(about which I know nothing) or the cyrus configuration/setup which
>from what I saw looked reasonable. It could also be that qmail and
>cyrus just don't play well together. Anyone?
>
>On Tue, 20 May 2003 19:05:11 -0700, Jacob <cyrus-list at bitgig.com> wrote...
>
>
>>Hi, thanks for your response. I found the problem:
>>
>># ls -dl /var/imap
>>drwxr-x--- 11 cyrus mail 4096 May 20 18:46 /var/imap/
>>
>>I fixed it by adding the necessary users to group mail.
>>
>>Thanks,
>>Jacob
>>
>>On Wed, May 21, 2003 at 10:45:31AM +0900, Mark Keasling wrote:
>>
>>
>>>Hi,
>>>
>>>According to your ls output, it seems as though any one should be able to
>>>connect to /var/imap/socket/lmtp. If you can list it as the user and it
>>>has those permissions, you should be able to connect to it. At least I
>>>don't know of any reason why you would not be able to do so. What are the
>>>permissions of the directories out of curiosity?
>>> /var
>>> /var/imap
>>> /var/imap/socket
>>>
>>>On Tue, 20 May 2003 14:00:12 -0700, Jacob <cyrus-list at bitgig.com> wrote...
>>>
>>>
>>>>I am trying to deliver to cyrus using qmail (with
>>>>"|/usr/cyrus/bin/deliver username" in each user's .qmail file), but
>>>>deliver fails reporting that it can't connect to lmtpd.
>>>>
>>>>lmtpd is running and I can deliver messages via deliver on the command
>>>>line as root and as cyrus, but not as any other user.
>>>>
>>>>The mailbox to which I am trying to deliver has 'anonymous p' set. I
>>>>have tried starting lmtpd with -a, and have also tried specifying
>>>>"deliver -a anonymous", but without luck.
>>>>
>>>>Am I missing something obvious?
>>>>
>>>>I am using cyrus imap 2.1.13 built from source on red hat 8.0, with
>>>>sasl 2.1.10 installed as an rpm.
>>>>
>>>>Thanks,
>>>>Jacob
>>>>
>>>>$ /usr/cyrus/bin/deliver username < email_file
>>>>couldn't connect to lmtpd: Permission denied
>>>>421 4.3.0 deliver: couldn't connect to lmtpd
>>>>
>>>>$ ls -l /usr/cyrus/bin/deliver
>>>>-rwxr-xr-x 1 root root 973204 May 19 12:48 /usr/cyrus/bin/deliver*
>>>>
>>>># ls -l /var/imap/socket/lmtp
>>>>srwxrwxrwx 1 root root 0 May 19 19:53 /var/imap/socket/lmtp=
>>>>
>>>>$ cat /etc/imapd.conf
>>>>configdirectory: /var/imap
>>>>partition-default: /var/spool/imap
>>>>admins: cyrus root
>>>>sasl_pwcheck_method: auxprop
>>>>sendmail: /usr/sbin/sendmail
>>>>tls_cert_file: /var/imap/server.pem
>>>>tls_key_file: /var/imap/server.pem
>>>>
>>>>$ diff /etc/cyrus.conf /usr/local/src/cyrus-imapd-2.1.13/master/conf/prefork.conf
>>>>16,17c16,17
>>>>< # pop3 cmd="pop3d" listen="pop3" prefork=3
>>>>< # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>>>>---
>>>>
>>>>
>>>>> pop3 cmd="pop3d" listen="pop3" prefork=3
>>>>> pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>>>>>
>>>>>
>>>>$ rpm -qa | grep sasl
>>>>cyrus-sasl-2.1.10-1
>>>>cyrus-sasl-devel-2.1.10-1
>>>>cyrus-sasl-plain-2.1.10-1
>>>>cyrus-sasl-md5-2.1.10-1
>>>>
>>>>from /var/log/imapd.log:
>>>>
>>>>May 20 13:44:06 hostname deliver[1930]: connect(/var/imap/socket/lmtp) failed: Permission denied
>>>>
>>>>
>
>Regards,
>Mark Keasling <mark at air.co.jp>
>
>
>
More information about the Info-cyrus
mailing list