Postfix Troubleshooting – Unable to Deliver to User’s Maildir

emailpostfix

Had a server that was using postfix/dovecot w/ CentOS 6.5/6.6, Every thing has been running well for the past few months, until the raid controller failed. So I installed a new server using CentOS 7. I i created the users using adduser (only a handle full fortunately) and copied the home directory contents including mail and set the owners the user:user and 770 permissions.

In each user's home folder is a Maildir directory that is set as:

drwxrwx--- 9 enduser postfix 4096 Nov 19 22:34 Maildir

All sub directories are 770 and files are 660.

The problem I am having is that Postfix is unable to write to the Maildir:

Nov 21 07:47:16 host postfix/local[12504]: warning: maildir access problem for UID/GID=1002/1002: create maildir file /home/enduser/Maildir/tmp/1416584836.P12504.host.domain.com: Permission denied
Nov 21 07:47:16 host postfix/local[12504]: 59E944726D1: to=<enduser@domain.com>, relay=local, delay=185, delays=185/0.02/0/0.05, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /home/enduser/Maildir/tmp/1416584836.P12504.host.domain.com: Permission denied)

I've tried everything permission combination I can think of short of 777.

Any direction or light would be appreciated,

~ Wran

/home/enduser tree:

   .
    +-- enduser
        +-- Maildir
            +-- cur
            +-- new
            +-- tmp

Best Answer

In order for mail to be delivered, postfix must be able to enter the user's home directory, and that directory must contain a complete Maildir tree containing the subfolders tmp, cur and new, all with the correct permissions.

Since you've already checked that the Maildir exists, has the correct folders, and has the right permissions, what remains is checking whether postfix (and the users themselves) can enter the users' home directory.

In order for that to work, the permissions have to be right every step of the way. So, not only does /home/user need to have the right permissions - so does /home. It must be set either to 750, if it's owned by a group that the users are members of, or 755 if it's not.

You can verify this by simply su'ing to a user and try to enter their home directory.

Related Solutions

Linux – problem running script on receiving emai

Can you get as far as the script with that user? I'm guessing it can't open the user's home directory. Try
sudo -u postfix /home/myuser/mailer.rb to confirm this. To fix it, which distro are you running?

Postfix – How to Auto Create Maildir on Debian Email Server

The answer to this varies depending on how your Postfix system is configured. You mention pam and LDAP, so I assume you have all your domains in $mydestination, or you use only one domain (example.com, for instance)

It may be easier for you to configure virtual_mailbox_domains with LDAP maps instead of mysql/pgsql maps (the logic is exactly the same though).

You create a single system user, without login privileges. I shall assume a username and group of vmail:vmail here, but the specific name is not important.

In LDAP, create your mailbox path relative to $HOME for vmail (so the maildir becomes /home/vmail/user/Maildir/).

Add your domains to virtual_mailbox_domains. Create a virtual_mailbox_maps map which takes in the username as input and returns username/Maildir as output.

Set


virtual_mailbox_domains = example.com
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap_virtual.cf
virtual_uid_maps = static:$uid_of_vmail
virtual_gid_maps = static:$gid_of_vmail
#$uid_of_vmail and $gid_of_vmail are obtained from the output of 
#id vmail

in main.cf.

See http://www.postfix.org/ldap_table.5.html and http://www.postfix.org/VIRTUAL_README.html for more information (and what you need to put in ldap_virtual.cf).

FWIW, Postfix runs the local delivery process as the uid/gid of the system user you are delivering to.

The general permissions for /home are 755 with owner and group both root, but the user can write within ~user. Hence Postfix will happily deliver to ~user/Maildir/, but will not be able to create ~user. Using virtual users will sidestep this issue by granting access to all mailboxes to a single uid/gid, which is then accessed only by your pop3/imap software. Direct access to the mailbox by users will not be possible.

Best Answer

Related Solutions

Linux – problem running script on receiving emai

Postfix – How to Auto Create Maildir on Debian Email Server

Related Topic