|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
Q. We used to use University of Washington IMAP (UW IMAP), in the Red
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
Hat distribution, the rpm was named "imap". We would now like to use
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
dovecot and take advantage of its support for Maildir format, but
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
we have existing user mail files in the old mbox format we need to
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
migrate. How can we do this?
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
A. Read the documentation in
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
/usr/share/doc/dovecot-*/UW-to-Dovecot-Migration. You will also
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
find scripts there to help you.
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
Q. I'm getting errors in /var/log/maillog for dotlock failed,
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
permission denied. The actual error probably looks like this with
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
user replaced by a user name on your system.
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
imap(user): file_lock_dotlock() failed with mbox file /var/spool/mail/user: Permission denied
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
A. This is occuring because:
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
1) The user INBOX is in the system spool directory which is:
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
"drwxrwxr-x root mail"
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
2) Dovecot is configured to create "dotlock" locking files.
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
3) After an imap user logs in the imap process runs as that user
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
and the spool directory permissions does not allow that user to
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
creat new files (e.g. dot lock files).
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
The possible solutions are:
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
1) Don't locate the user's INBOX in the system spool directory,
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
have mail delivered to another location, for instance his home
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
directory (this may not be possible to change for existing
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
systems). This is an MTA configuration.
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
2) In the dovecot configuration file set the variable
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
mail_extra_groups to "mail". This will add the mail group to the
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
list of groups that the logged in imap user will have permission
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
for. His imap process can then create files in the mail spool
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
file. However the user's imap process now has mail group
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
privileges, you will have to evaluate the extent of the security
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
threat this poses for your site.
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
3) Disable the use of dotlocks by setting dovecots config parameter
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
mbox_locks to a value that does not include dotlock, for
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
example, fcntl. However, note dotlocks are considered robust,
|
|
![](https://seccdn.libravatar.org/avatar/2a8383942cc48ebef36e44dd7300ead1d3d45bec27eae3b6391e681bf8b3502a?s=16&d=retro) |
299eec0 |
especially for NFS.
|