2.3.14: posting to shared mailbox results in 550 Permission denied

Thu May 28 16:35:29 EDT 2009

>> On Thu, May 28, 2009 at 12:25:10PM +0200, Simon Matter wrote:
>>> > Hi,
>>> >
>>> > I have a server which I upgraded recently from 2.3.13 to 2.3.14.
>>> > Now I realized that sending mail to shared folders doesn't work
>>> anymore.
>>> > I have verified the problem on a test box and it looks like this:
>>> >
>>> > May 28 11:01:49 install lmtpunix[15085]: accepted connection
>>> > May 28 11:01:49 install lmtpunix[15085]: lmtp connection preauth'd as
>>> > postman
>>> > May 28 11:01:49 install lmtpunix[15085]: verify_user(system) failed:
>>> > Permission denied
>>> > May 28 11:01:49 install postfix/lmtp[15077]: 87D6F34018:
>>> > to=<+system at localhost.corp.invoca.ch>, orig_to=<+system at localhost>,
>>> > relay=install.corp.invoca.ch[/var/lib/imap/socket/lmtp], delay=0.12,
>>> > delays=0.09/0.01/0/0.03, dsn=5.7.1, status=bounced (host
>>> > install.corp.invoca.ch[/var/lib/imap/socket/lmtp] said: 550-You do
>>> not
>>> > have permission to post a message to this mailbox. 550-Please contact
>>> the
>>> > owner of this mailbox in order to submit 550-your message, or
>>> postmaster
>>> > if you believe you 550-received this message in error. 550 5.7.1
>>> > Permission denied (in reply to RCPT TO command))
>>> >
>>> > The mailbox has the following permissions:
>>> >
>>> > localhost.localdomain> lam system
>>> > anonymous p
>>> > anyone lrs
>>> >
>>>
>>> What fails with 2.3.14 is append_check() in verify_user().
>>
>> MAIL FROM:<brong at fastmail.fm>
>> 250 2.1.0 ok
>> RCPT TO:<bb+shared.foo>
>> 250 2.1.5 ok
>>
>> With:
>>
>> postuser: bb
>>
>> In imapd.conf.  That seems to be what the docs recommend.  It looks like
>> you're just using a naked "+mailbox at domain"?
>>
>> I'm a little confused.  Can you show me the config and how it's supposed
>> to work?
>
> OK, I think the postuser can be empty but how you did it is correct.
> I have tested with postuser now and it's still the same. I have:
>
> [root at client140 ~]# cat /etc/imapd.conf
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> postuser: bb
>
> localhost.localdomain> lam *
> system:
>   anonymous p
>   anyone lrs
>
> And now I do:
>
> [simix at somehost simix]$ telnet client140 24
> Trying 192.168.10.140...
> Connected to client140.
> Escape character is '^]'.
> 220 client140.bi.corp.invoca.ch Cyrus LMTP v2.3.14-Invoca-RPM-2.3.14-4
> server ready
> MAIL FROM:<simon.matter at invoca.ch>
> 250 2.1.0 ok
> RCPT TO:<bb+system>
> 550-You do not have permission to post a message to this mailbox.
> 550-Please contact the owner of this mailbox in order to submit
> 550-your message, or postmaster if you believe you
> 550-received this message in error.
> 550 5.7.1 Permission denied
>
> As soon as I give p right to anyone it starts to work. But that was not
> the case until 2.3.14 and I don't think that's how it should be.

I have installed 2.3.14 on two new boxes running RHEL5. One is i386 and
one is x86_64.

I can confirm that anonymous posting to a shared folder with 'anonymous p'
rights works on the 64bit version but not on the 32bit version.
So there must be a change between 2.3.13 and 2.3.14 which breaks something
on 32bit systems but not on 64bit.

Thanks,
Simon