Author Topic: Dovecot failed: Permission denied  (Read 1432 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Dovecot failed: Permission denied
« on: September 22, 2020, 05:25:45 PM »
Hello people,

I'm getting this error Error: net_connect_unix (/var/run/dovecot/stats-writer) failed: Permission denied)

This happens in all emails with status = bounced.

Does anyone know how to solve?


Code: [Select]
Sep 22 13:34:31 mail postfix/pipe[905333]: 2AC3B641018C: to=<contato+bounce_5f6a268d8a7af102347526@tisystem.net.br>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: lda(contato+bounce_5f6a268d8a7af102347526@tisystem.net.br): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied )
Sep 22 13:39:40 mail postfix/pipe[906365]: 727C5641018C: to=<contato+bounce_5f6a268f0765a789283302@tisystem.net.br>, relay=dovecot, delay=0.05, delays=0.01/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown. Command output: lda(contato+bounce_5f6a268f0765a789283302@tisystem.net.br): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied )
Sep 22 13:39:47 mail postfix/pipe[906365]: 73B136410188: to=<contato+bounce_5f6a268e6c1de787980394@tisystem.net.br>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output: lda(contato+bounce_5f6a268e6c1de787980394@tisystem.net.br): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied )

Offline
*
Re: Dovecot failed: Permission denied
« Reply #1 on: December 07, 2020, 11:10:23 AM »
Check you config dovecot.conf
Find out under which user stats is running (here it's divecot/wheel):

Code: [Select]
service stats {
  unix_listener stats-reader {
    user = dovecot
    group = wheel
    mode = 0660
  }
  unix_listener stats-writer {
    user = dovecot
    group = wheel
    mode = 0660
  }
}
Root cause:

The user who start doveadm is not a member of the group under the service stats is running. That's why when you or some service try to access stats-writer which you run under dovecot:wheel you receive this error.

If you change the service to run under group where this user is member it will have access to the stats. So some process (imap maybe) is trying to access the stats-writer and this process is running under another user and that's why you get this access denied message.

Solution:
You can allow all users to have access to stats-writer by changing the mode to 0666 (which is not good) or change the group under the stats-writer is running to "mail" (change to real group name you use) and add all services that need to have access to the stats to that group.

Actually for me the working config is:
Code: [Select]
service stats {
   unix_listener stats {
     mode = 0662
   }
}
but it may not work for you as I'm using root.

So you better to adjust to the real group of the stats-writer.