Package: dovecot-core
Version: 1:2.3.4.1-5+deb10u1
Severity: normal
File: /usr/lib/dovecot/dovecot-lda
Hello,
Some background:
I have my machine configured to run fetchmail via cron, which retrieves my
emails from various different services. My .forward then sends all mail through
procmail, for filtering, sorting into folders, etc... Procmail then calls the
dovecot-lda program to actually deliver the mail using the .procmailrc config
line DELIVER="/usr/lib/dovecot/deliver -d $LOGNAME". I can then access my mail
via dovecot using a standard IMAP client.
The problem:
I recently upgrade my machine from stretch to buster, bringing with it a new
version of dovecot. Now, the fetchmail cron job is throwing errors like the
following:
lda($USER,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
Permission denied
I see that the stats-writer socket is owned by root:dovecot with 0660
permissions. Should the dovecot-lda program be set as setgid dovecot to allow
it to write to the socket? How is this socket really used? Are there any
security considerations I should be aware of prior to doing this?
Thanks,
--Joe
-- Package-specific info:
dovecot configuration
---------------------
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-9-686-pae i686 Debian 10.4 ext4
auth_mechanisms = plain login
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:/srv/mail/%n:INBOX=/srv/mail/%n/Inbox:LAYOUT=fs
mail_privileged_group = mail
protocols = " imap lmtp sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_min_protocol = TLSv1.2
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = " quota sieve"
}
-- System Information:
Debian Release: 10.4
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'oldstable-debug'), (500, 'stable'),
(500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-9-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages dovecot-core depends on:
ii adduser 3.118
ii libapparmor1 2.13.2-10
ii libbz2-1.0 1.0.6-9.2~deb10u1
ii libc6 2.28-10
ii libexttextcat-2.0-0 3.4.5-1
ii libicu63 63.1-6+deb10u1
ii liblua5.3-0 5.3.3-1.1
ii liblz4-1 1.8.3-1
ii liblzma5 5.2.4-1
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libsodium23 1.0.17-1
ii libssl1.1 1.1.1d-0+deb10u3
ii libstemmer0d 0+svn585-1+b2
ii libwrap0 7.6.q-28
ii lsb-base 10.2019051400
ii openssl 1.1.1d-0+deb10u3
ii ssl-cert 1.0.39
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests:
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.3.4.1-5+deb10u1
pn dovecot-ldap <none>
ii dovecot-lmtpd 1:2.3.4.1-5+deb10u1
pn dovecot-lucene <none>
ii dovecot-managesieved 1:2.3.4.1-5+deb10u1
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
pn dovecot-pop3d <none>
ii dovecot-sieve 1:2.3.4.1-5+deb10u1
pn dovecot-solr <none>
pn dovecot-sqlite <none>
pn dovecot-submissiond <none>
ii ntp 1:4.2.8p12+dfsg-4
Versions of packages dovecot-core is related to:
ii dovecot-core [dovecot-common] 1:2.3.4.1-5+deb10u1
pn dovecot-dev <none>
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.3.4.1-5+deb10u1
pn dovecot-ldap <none>
ii dovecot-lmtpd 1:2.3.4.1-5+deb10u1
ii dovecot-managesieved 1:2.3.4.1-5+deb10u1
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
pn dovecot-pop3d <none>
ii dovecot-sieve 1:2.3.4.1-5+deb10u1
pn dovecot-sqlite <none>
-- debconf information excluded
