Skip to content

Exim dovecot и cram-md5

Исходная: Debian 8, Exim 4.84, Dovecot

Имеем ошибку при получении почты:

# exim log
2016-28-04 09:10:34 1brr0w-0003cD-EI == [email protected] R=dovecot_user T=dovecot_delivery defer (0): Child process of dovecot_delivery transport returned 75 (could mean temporary error) from command: /usr/lib/dovecot/deliver
# dovecot debug.log
Apr 28 09:14:21 lda([email protected]): Fatal: setuid(109(dovecot) from userdb lookup) failed with euid=104(Debian-exim): Operation not permitted (This binary should probably be called with process user set to 109(dovecot) instead of 104(Debian-exim))

от вендора: https://wiki.dovecot.org/LDA/Exim

Результат:

Cуть решения в полном соответствии пользователей, от которых запускается процесс LDA и правами файловой системы, которые указываются в мно-о-ожестве файлов конфигурации.

UID GID пользователей

# id dovecot
uid=109(dovecot) gid=8(mail) groups=8(mail)

Dovecot

/etc/dovecot/conf.d/10-mail.conf

mail_uid = 109
mail_gid = 8

/etc/dovecot/conf.d/10-master.conf

.....
service auth {
  unix_listener auth-client {
    mode = 0660
    user = dovecot
    group = mail
  }

  unix_listener auth-userdb {
    mode = 0660
    user = dovecot
    group = mail
 }

  unix_listener auth-master {
    mode = 0660
    user = dovecot
    group = mail
 }   
}
......

/etc/dovecot/dovecot-sql.conf

driver=mysql

connect = host=localhost dbname=exim user=exim password=password

default_pass_scheme = CRAM-MD5

password_query = SELECT `username` as `user`, `password`, \
    concat('*:bytes=', quota) AS userdb_quota_rule \
    FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'

user_query = SELECT `maildir` AS `home`, 109 AS `uid`, 8 AS `gid`, \
    concat('*:bytes=', quota) AS quota_rule \
    FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'

/etc/dovecot/dovecot-sql.conf подключен в /etc/dovecot/conf.d/auth-sql.conf.ext

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

Exim

# ...
begin transports
# .....
dovecot_delivery:
  driver = pipe
  command = /usr/lib/dovecot/dovecot-lda -d $local_part@$domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = dovecot # ВАЖНО! под этим UID будет запускаться LDA (command)
  temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78

Файловая система:

root@host:/# ls -la /usr/lib/dovecot/dovecot-lda
-rwxrwx--- 1 dovecot mail 22552 Jun 20  2015 /usr/lib/dovecot/dovecot-lda