Cyrus - can't create user mailbox

Jorey Bump list at joreybump.com
Tue Jun 10 08:30:12 EDT 2008 

Stephen Liu wrote, at 06/10/2008 07:42 AM:
> --- Jorey Bump <list at joreybump.com> wrote:
> 
>> Stephen Liu wrote, at 06/09/2008 09:55 PM:
>>
>>> Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215:
>>> to=<satimiscyrus at satimis.com>, relay=none, delay=0, status=deferred
>>> (connect to
>>> /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission
>>> denied)

Postfix can't access your socket.

>>> $ sudo ls -l /var/run/cyrus/socket
>>> total 0
>>> srwxrwxrwx 1 root root 0 2008-06-10 06:55 lmtp
>>> $ sudo ls -ld /var/run/cyrus/socket
>>> drwxr-x--- 2 cyrus mail 80 2008-06-10 09:09 /var/run/cyrus/socket

Only the cyrus user and members of the mail group can access your socket.

>>> $ id postfix
>>> uid=107(postfix) gid=111(postfix) groups=111(postfix)
>> Now just add the user postfix to the mail group.

Currently, the postfix user only belongs to the postfix group. Users can 
belong to multiple groups. Add the postfix user to the mail group, so it 
can access your socket.

> Sorry I'm not very clear.  Whether follow the guy's suggestion running;
> 
> $ sudo adduser postfix lmtp
> 
> ???  Thanks

I see no lmtp group in your configuration, so I don't expect this to 
have any effect.

> On 
> http://unixadmintalk.com/f11/postfix-cyrus21-89421/

Don't blindly follow howtos without understanding the underlying concepts.

> His output is;
> 
> $ id postfix
> uid=101(postfix) gid=103(postfix)
> groups=103(postfix),45(sasl),1001(lmtp)

He is apparently creating specialized groups that presumably have 
differing needs, which is fine, but you don't need to add this 
complexity at this stage. You can revisit this once you have a working 
solution and understand the reasoning behind it, but I wouldn't bother 
unless your platform imposes this on you.

> The output here is;
> $ id postfix
> uid=107(postfix) gid=111(postfix) groups=111(postfix)

Yes. Now add the postfix user to the mail group, and the permissions 
error should disappear.

> How about sasl?

Concentrate on fixing one error at a time. I don't use a special sasl 
group on my system. You might not need one, either.

More information about the Info-cyrus mailing list