Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th August 2011, 11:12
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
Default maildomain-permissions acting strangely & user_insert returns wrong maildirowner

Hi there!

Three strange problems arised from - I don't know from where to be honest...

This is what happens:

- When a new maildomain is created nothing happens until a new mailuser is inserted (intended behavior as far as I know). When a new mailuser is created the following problems arise:

1. The maildomain.name [f.e. test.int] has the permission-set 0755 (owned by vmail) and not 0700 - is that intended behavior?

2. The maildir of the new mailuser is owned by the user root (0700) which obviously leads to trouble during maildelivery.

3. If the mailuser is updated (function user_update in mail_plugin.inc.php) the user is honored by applying the correct owner to his maildir.

I thought that my problem would reside in the mail_plugin.inc.php and I compared it with the "install-version" and only found the changes that I applied - see here.

I've attached my mail_plugin.inc.php as textfile - maybe someone can give me a hint what's going wrong here. (It seems that line 123 is not executed. All changes are marked with "osterhase".)
Attached Files
File Type: txt mail_plugin.inc.php.txt (17.1 KB, 80 views)
Reply With Quote
Sponsored Links
  #2  
Old 17th August 2011, 11:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

Have you changed the mail plugin? The plugin that is delivered with ispconfig 3.0.3.3 works fine, so dont change it and use the code ftom ispconfig 3.0.3.3 without changes. Maildir permission 0700 is ok and works fine, as only the vmail user needs to access it.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 17th August 2011, 12:02
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
Default

But I had to change it to change the sieve-filter location. See this post - I thought the changes would be fine.
Reply With Quote
  #4  
Old 17th August 2011, 12:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

Which excat errors dou you get in your imap client and which errors do you get in the mail.log file?

To your questiosn above:

1) is ok.
2) is ok.
3) the owner is always vmail. It does not matter if the permissions are 700 or 755. So which other user owns the maildir on your setup.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 17th August 2011 at 12:17.
Reply With Quote
  #5  
Old 17th August 2011, 12:17
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
Default

Code:
Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): chdir(/var/vmail/test.de/info2) failed: Permission denied
Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): sieve: failed to stat user's sieve script: stat(/var/vmail/test.int/info2/sieve/dovecot.sieve) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +x perm: /var/vmail/test.int/info2) (using global script path in stead)
Aug 17 10:56:02 flux01 dovecot: deliver(info2@test.int): stat(/var/vmail/test.de/info2/tmp) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +x perm: /var/vmail/test.int/info2)
The reason for this is 2) because the maildir (/var/vmail/test.int/info2) of the newly created user (not updated) is owned by root and not by vmail. So the user vmail is not allowed to access this folder.

1) This seems to be a security issue (0755) for the domain-path (/var/vmail/[Domain] because logged in system users are able to determine the mailadresses of the domain (but does not interferre with functionality - so it's - at the moment - not too important).
Reply With Quote
  #6  
Old 17th August 2011, 12:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

Just tested the plugin from 3.0.3.3 on my server and the user of the maildir is vmail and not root. Also the plugin code is ok.

Maybe the email user is not set to "vmail" in the server settings in ispconfig on your system.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 17th August 2011, 12:36
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
Default

Thanks for testing!

I've checked out the system configuration in the ISPConfig control panel and it's set correctly to vmail (I also saved the settings to overwrite wrong settings). Sadly there was no effect (newly created maildirs are still owned by root).

At the moment I've no further ideas - but I'm thinking hard.
Reply With Quote
  #8  
Old 17th August 2011, 12:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

You can try to enable debugging in ispconfig, then create a new mailbox and check the system log for the debug messages.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 17th August 2011, 12:52
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
Default

Ok - I did some testing and found the reason which causes this behavior (but I don't know where & when this happens):

When a new maildomain is created and the spamfilter is not activated (during maildomain creation) it causes the described behavior. E.g. all newly created mailboxes are owned by the wrong user.

If the spamfilter is activated, the maildomain-directory has the owner "vmail" permission-set 0700 (and not 0755 - which happens when the spamfilter is not activated) and all mailboxes are created within this domain have the correct owner.
Reply With Quote
  #10  
Old 17th August 2011, 12:55
osterhase osterhase is offline
Member
 
Join Date: Jul 2011
Location: Germany
Posts: 63
Thanks: 6
Thanked 7 Times in 5 Posts
 
Default

Addition: If the spamfilter is activated when a new mailbox is created in a maildomain which does not use a spamfilter the owner of the maildir is set correctly as well whereas the owner of the maildomain-directory and permissions do not change.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installation Troubles bswinnerton Installation/Configuration 4 29th July 2007 17:56


All times are GMT +2. The time now is 04:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.