2.3.14: posting to shared mailbox results in 550 Permission denied

Fri May 29 04:12:32 EDT 2009

>>> On Thu, May 28, 2009 at 12:25:10PM +0200, Simon Matter wrote:
>>>> > Hi,
>>>> >
>>>> > I have a server which I upgraded recently from 2.3.13 to 2.3.14.
>>>> > Now I realized that sending mail to shared folders doesn't work
>>>> anymore.
>>>> > I have verified the problem on a test box and it looks like this:
>>>> >
>>>> > May 28 11:01:49 install lmtpunix[15085]: accepted connection
>>>> > May 28 11:01:49 install lmtpunix[15085]: lmtp connection preauth'd
>>>> as
>>>> > postman
>>>> > May 28 11:01:49 install lmtpunix[15085]: verify_user(system) failed:
>>>> > Permission denied
>>>> > May 28 11:01:49 install postfix/lmtp[15077]: 87D6F34018:
>>>> > to=<+system at localhost.corp.invoca.ch>, orig_to=<+system at localhost>,
>>>> > relay=install.corp.invoca.ch[/var/lib/imap/socket/lmtp], delay=0.12,
>>>> > delays=0.09/0.01/0/0.03, dsn=5.7.1, status=bounced (host
>>>> > install.corp.invoca.ch[/var/lib/imap/socket/lmtp] said: 550-You do
>>>> not
>>>> > have permission to post a message to this mailbox. 550-Please
>>>> contact
>>>> the
>>>> > owner of this mailbox in order to submit 550-your message, or
>>>> postmaster
>>>> > if you believe you 550-received this message in error. 550 5.7.1
>>>> > Permission denied (in reply to RCPT TO command))
>>>> >
>>>> > The mailbox has the following permissions:
>>>> >
>>>> > localhost.localdomain> lam system
>>>> > anonymous p
>>>> > anyone lrs
>>>> >
>>>>
>>>> What fails with 2.3.14 is append_check() in verify_user().
>>>
>>> MAIL FROM:<brong at fastmail.fm>
>>> 250 2.1.0 ok
>>> RCPT TO:<bb+shared.foo>
>>> 250 2.1.5 ok
>>>
>>> With:
>>>
>>> postuser: bb
>>>
>>> In imapd.conf.  That seems to be what the docs recommend.  It looks
>>> like
>>> you're just using a naked "+mailbox at domain"?
>>>
>>> I'm a little confused.  Can you show me the config and how it's
>>> supposed
>>> to work?
>>
>> OK, I think the postuser can be empty but how you did it is correct.
>> I have tested with postuser now and it's still the same. I have:
>>
>> [root at client140 ~]# cat /etc/imapd.conf
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> hashimapspool: true
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> postuser: bb
>>
>> localhost.localdomain> lam *
>> system:
>>   anonymous p
>>   anyone lrs
>>
>> And now I do:
>>
>> [simix at somehost simix]$ telnet client140 24
>> Trying 192.168.10.140...
>> Connected to client140.
>> Escape character is '^]'.
>> 220 client140.bi.corp.invoca.ch Cyrus LMTP v2.3.14-Invoca-RPM-2.3.14-4
>> server ready
>> MAIL FROM:<simon.matter at invoca.ch>
>> 250 2.1.0 ok
>> RCPT TO:<bb+system>
>> 550-You do not have permission to post a message to this mailbox.
>> 550-Please contact the owner of this mailbox in order to submit
>> 550-your message, or postmaster if you believe you
>> 550-received this message in error.
>> 550 5.7.1 Permission denied
>>
>> As soon as I give p right to anyone it starts to work. But that was not
>> the case until 2.3.14 and I don't think that's how it should be.
>
> I have installed 2.3.14 on two new boxes running RHEL5. One is i386 and
> one is x86_64.
>
> I can confirm that anonymous posting to a shared folder with 'anonymous p'
> rights works on the 64bit version but not on the 32bit version.
> So there must be a change between 2.3.13 and 2.3.14 which breaks something
> on 32bit systems but not on 64bit.

Is there anybody around who can confirm this?

Simon