# Dovecot IMAP needs /var/spool/mail chmod 777 [SoLVeD]

## nyk

For some reason my dovecot server needs /var/spool/mail chmod 777, or else (chmod 775) I get this in the logs "open(/var/mail/nyk.lock) failed: Permission denied". 

Why does this not work?

Dovecot runs as dovecot user, which is in the mail group.

/etc/passwd:

dovecot:x:97:97:added by portage for dovecot:/dev/null:/bin/false

/etc/group:

mail:x:12:dovecot,root,postfix

dovecot:x:97:dovecot

Permissions of /var/spool/mail:

drwxrwxrwx   2 root mail 968 Feb 21 01:41 mail

/etc/dovecot.conf:

```

base_dir = /var/run/dovecot/

protocols = imap imaps pop3 pop3s

ssl_cert_file = /etc/ssl/certs/dovecot.pem

ssl_key_file = /etc/ssl/private/dovecot.pem

ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat

login = imap

login_user = dovecot

login = pop3

auth = default

auth_user = root

auth_userdb = passwd

auth_passdb = pam *

```

Output of "ps aux" dovecot processes:

```

dovecot   7939  0.0  0.1   3132  1656 ?        S    Feb20   0:00 imap-login

dovecot   8087  0.0  0.1   3128  1656 ?        S    Feb20   0:00 imap-login

root       472  0.0  0.0   2984   784 ?        Ss   01:17   0:00 /usr/sbin/dovecot

root       477  0.0  0.1   4928  1288 ?        S    01:17   0:00 dovecot-auth

dovecot    478  0.0  0.1   2980  1432 ?        S    01:17   0:00 imap-login

dovecot    479  0.0  0.1   2984  1436 ?        S    01:17   0:00 imap-login

dovecot    480  0.0  0.1   2984  1436 ?        S    01:17   0:00 imap-login

dovecot    481  0.0  0.1   2972  1428 ?        S    01:17   0:00 pop3-login

dovecot    482  0.0  0.1   2972  1428 ?        S    01:17   0:00 pop3-login

dovecot    483  0.0  0.1   2972  1428 ?        S    01:17   0:00 pop3-login

root       486  0.0  0.0   1528   504 pts/0    S+   01:18   0:00 grep dove

532      31821  0.0  0.1   2408   980 ?        S    Feb20   0:00 imap

532      32098  0.0  0.0   2004   884 ?        S    Feb20   0:00 imap

```

Another question: How can I generate an SSL certificate that's not just given to imaps.examle.com?Last edited by nyk on Wed Feb 22, 2006 11:37 pm; edited 1 time in total

----------

## magic919

Have you taken a look at ownership of /var/mail ?  It's only a symlink on mine but has different ownership to /var/spool/mail that it references.  Make that root:mail and Dovecot will be able to put lock files there.

Sorry I don't understand another question.

----------

## nyk

Doen't work, I channged to ownership of the symlink and still get the same error every time I want to receive a new message with dovecot.

----------

## magic919

Hmm.  Not sure I understand that.  I'm thinking now you must be doing some funky stuff as my Dovecot/Postfix combos all work fine.

I take it you are using MBOX rather than maildir.

Are these virtual users?  I notice the mail is not in the $HOME.

----------

## nyk

Yes, I use mbox and these are local users defined in /etc/passwd. I actually copied over the entries of the users of my old fedora core 4 server in /etc/passwd, /etc/shadow and /etc/group.

I think the problem is, that those dovecot processes that want to access /var/mail are running as the user fetching the mail, and those users aren't in the mail group and don't have access. Would be nice if all dovecot processes were running as dovecot user. Can it be done?

I also tried "mail_extra_groups = mail", to give the users access to mail group, but it didn't work...

----------

## magic919

I can now understand why it all looks a bit non-Gentoo.  Can I suggest you move the MBOX files into the $HOME directories.

----------

## nyk

Just move every users file by hand from /var/mail/$user to /home/$user/$user ?

Will dovecot find it there by it detecting heuristics? Won't the existence of that file there confure the users, could it be better to make it invisible? Would dovecot still find it there?

----------

## magic919

You'd generally set the default_mail_environment in the dovecot.conf file.  Make the MBOX a dotfile $HOME to stop users seeing it - that's what we do with the maildirs under Gentoo.

----------

## nyk

I tried having the mbox in the users home, but it somehow never worked for dovecot to write in there (dotlock). I tried all possibly imaginable ownerships, permission and config options. (-> ~/.mbox/$u: No such file or directory, for example)

Then I just set "mbox_locks = fcntl" in /etc/dovecot.conf and then it worked with having the mbox in /var/spool/mail set to 775 ! 

So I think this is solved, unless something goes wrong due to that option now. But it sound like the better option, just makes me anxious that it's not default...

----------

## magic919

The Gentoo approach favours the maildir.  One of the advantages is you don't have to keep locking files.  I'm sure your method will work though.

----------

## nyk

I just tried the upgrade to 1.0_beta3, but had to go back to 0.99, as the config param "mbox_locks", that saved me yesterday doesn't exist anymore. And I got it from the docs of the webpage. Very sad coincidence...  :Sad: 

----------

## magic919

Maybe it's time to look at migrating to maildir.

----------

## UberLord

beta3 is being made stable as we speak, so you had better resolve your issue as earlier versions will likely be punted from portage soon.

BTW, the parameter you are looking for maybe mbox_read_locks, mbox_write_locks, lock_method

I can't help much more as I don't use mbox myself, preferring the maildir storage method.

----------

## nyk

Thanks for the advise! It wasn't too hard to switch to the new version after all, I was just exhausted from configuring the old version last night and the users called me not to turn IMAP off in the afternoon. But later it worked very quickly with the new config file and setting lock_method to fcntl. Even later someone called me to tell POP3 isn't working anymore, I didn't notice because I only tested IMAPS. The log file was quite specific about the nature of the problem with POP3, it wanted "pop3_uidl_format = %08Xu%08Xv" to be set in the POP3 section. I don't actually know what it means and why it isn't default (yet), but now I hope everything is working!  :Smile: 

magic919: Maybe I'll migrate someday, but it's a bit too much pressure to make all these changes while mails stream in all the time and wants the be read... But if mbox is working, I leave it that way.

----------

