HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   maildomain-permissions acting strangely & user_insert returns wrong maildirowner (http://www.howtoforge.com/forums/showthread.php?t=53804)

osterhase 17th August 2011 11:12

maildomain-permissions acting strangely & user_insert returns wrong maildirowner
 
1 Attachment(s)
Hi there!

Three strange problems arised from - I don't know from where to be honest... :confused:

This is what happens:

- When a new maildomain is created nothing happens until a new mailuser is inserted (intended behavior as far as I know). When a new mailuser is created the following problems arise:

1. The maildomain.name [f.e. test.int] has the permission-set 0755 (owned by vmail) and not 0700 - is that intended behavior?

2. The maildir of the new mailuser is owned by the user root (0700) which obviously leads to trouble during maildelivery.

3. If the mailuser is updated (function user_update in mail_plugin.inc.php) the user is honored by applying the correct owner to his maildir.

I thought that my problem would reside in the mail_plugin.inc.php and I compared it with the "install-version" and only found the changes that I applied - see here.

I've attached my mail_plugin.inc.php as textfile - maybe someone can give me a hint what's going wrong here. (It seems that line 123 is not executed. All changes are marked with "osterhase".)

till 17th August 2011 11:58

Have you changed the mail plugin? The plugin that is delivered with ispconfig 3.0.3.3 works fine, so dont change it and use the code ftom ispconfig 3.0.3.3 without changes. Maildir permission 0700 is ok and works fine, as only the vmail user needs to access it.

osterhase 17th August 2011 12:02

But I had to change it to change the sieve-filter location. See this post - I thought the changes would be fine.

till 17th August 2011 12:10

Which excat errors dou you get in your imap client and which errors do you get in the mail.log file?

To your questiosn above:

1) is ok.
2) is ok.
3) the owner is always vmail. It does not matter if the permissions are 700 or 755. So which other user owns the maildir on your setup.

osterhase 17th August 2011 12:17

Code:

Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): chdir(/var/vmail/test.de/info2) failed: Permission denied
Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): sieve: failed to stat user's sieve script: stat(/var/vmail/test.int/info2/sieve/dovecot.sieve) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +x perm: /var/vmail/test.int/info2) (using global script path in stead)
Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): stat(/var/vmail/test.de/info2/tmp) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +x perm: /var/vmail/test.int/info2)

The reason for this is 2) because the maildir (/var/vmail/test.int/info2) of the newly created user (not updated) is owned by root and not by vmail. So the user vmail is not allowed to access this folder.

1) This seems to be a security issue (0755) for the domain-path (/var/vmail/[Domain] because logged in system users are able to determine the mailadresses of the domain (but does not interferre with functionality - so it's - at the moment - not too important).

till 17th August 2011 12:25

Just tested the plugin from 3.0.3.3 on my server and the user of the maildir is vmail and not root. Also the plugin code is ok.

Maybe the email user is not set to "vmail" in the server settings in ispconfig on your system.

osterhase 17th August 2011 12:36

Thanks for testing!

I've checked out the system configuration in the ISPConfig control panel and it's set correctly to vmail (I also saved the settings to overwrite wrong settings). Sadly there was no effect (newly created maildirs are still owned by root).

At the moment I've no further ideas - but I'm thinking hard. ;)

till 17th August 2011 12:51

You can try to enable debugging in ispconfig, then create a new mailbox and check the system log for the debug messages.

osterhase 17th August 2011 12:52

Ok - I did some testing and found the reason which causes this behavior (but I don't know where & when this happens):

When a new maildomain is created and the spamfilter is not activated (during maildomain creation) it causes the described behavior. E.g. all newly created mailboxes are owned by the wrong user.

If the spamfilter is activated, the maildomain-directory has the owner "vmail" permission-set 0700 (and not 0755 - which happens when the spamfilter is not activated) and all mailboxes are created within this domain have the correct owner.

osterhase 17th August 2011 12:55

Addition: If the spamfilter is activated when a new mailbox is created in a maildomain which does not use a spamfilter the owner of the maildir is set correctly as well whereas the owner of the maildomain-directory and permissions do not change.


All times are GMT +2. The time now is 00:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.