1

Topic: Temporary Failure error

================ Required information ====
- iRedMail version: How to check current version?
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS 6.4
- Related log if you're reporting an issue:
====

Hi,

We are having issues with some accounts. Getting error like:

Postfix log:

 Jan  6 14:27:52 mail postfix/pipe[12060]: E99C1C1A05: to=<user@domain.tld>, relay=dovecot, delay=1174, delays=1174/0.09/0/0.16, dsn=4.3.0, status=deferred (temporary failure) 

Dovecot log:

 Jan 06 10:49:14 imap(user@domain.tld): Error: open(/var/vmail/vmail1/domain.tld/user-2013.12.17.23.17.03//Maildir/dovecot.index.cache) failed: Permission denied (euid=2000(vmail) egid=2000(vmail) missing +w perm: /var/vmail/vmail1/domain.tld/user-2013.12.17.23.17.03//Maildir/dovecot.index.cache, UNIX perms appear ok (ACL/MAC wrong?))

Jan 06 14:13:11 imap(postmaster@domain.tld: Error: Corrupted index cache file /var/vmail/vmail1/domain.tld/p/o/s/postmaster-2013.06.15.13.05.09//Maildir/dovecot.index.cache: invalid record size 

Sieve Log:

 Jan 06 14:17:52 lda(user@domain.tld): Error: fcntl(write-lock) locking failed for file /var/vmail/vmail1/domain.tld/user-2013.12.25.10.42.03//Maildir/dovecot.index.log: Bad file descriptor
Jan 06 14:17:52 lda(user@domain.tld): Error: mail_index_wait_lock_fd() failed with file /var/vmail/vmail1/domain.tld/user-2013.12.25.10.42.03//Maildir/dovecot.index.log: Bad file descriptor
Jan 06 14:24:41 lda(user@domain.tld): Error: open(/var/vmail/vmail1/domain.tld/user-2013.12.13.11.41.19//Maildir/dovecot-uidlist) failed: Permission denied
Jan 06 14:24:41 lda(user@domain.tld): Error: open(/var/vmail/vmail1/domain.tld/user-2013.12.13.11.41.19//Maildir/dovecot-uidlist) failed: Permission denied 

I checked the permission of the files inside the Maildir:

drwx------ 2 vmail vmail   20480 Dec 26 11:10 cur
-rw------- 1 vmail vmail    7960 Jan  1 17:06 dovecot.index
-rw------- 1 vmail vmail 1332224 Jan  1 19:06 dovecot.index.cache
-rw-rw-r-- 1 root  root    29564 Jan  1 19:05 dovecot.index.log
-rw------- 1 vmail vmail     120 Dec 25 10:51 dovecot.mailbox.log
-rw------- 1 vmail vmail   41443 Jan  1 19:06 dovecot-uidlist
-rw------- 1 vmail vmail       8 Dec 25 10:51 dovecot-uidvalidity
-r--r--r-- 1 vmail vmail       0 Dec 25 10:51 dovecot-uidvalidity.52bab8b9
drwx------ 2 vmail vmail   49152 Jan  1 19:22 new
-rw------- 1 vmail vmail      29 Dec 25 10:51 subscriptions
drwx------ 2 vmail vmail    4096 Jan  6 14:27 tmp

Another user's Maildir has permission like:

drwx------ 2 vmail vmail  4096 Dec 28 12:46 cur
-rw------- 1 vmail vmail   528 Dec 28 12:46 dovecot.index
-rw------- 1 vmail vmail 21504 Jan  5 22:47 dovecot.index.cache
-rw------- 1 vmail vmail  2120 Dec 28 12:46 dovecot.index.log
-rw------- 1 vmail vmail    13 Dec 25 12:51 dovecot-keywords
-rw------- 1 vmail vmail   120 Dec 16 20:25 dovecot.mailbox.log
-rw-rw-r-- 1 root  root    582 Dec 28 12:45 dovecot-uidlist
-rw------- 1 vmail vmail     8 Dec 16 20:25 dovecot-uidvalidity
-r--r--r-- 1 vmail vmail     0 Dec 16 20:25 dovecot-uidvalidity.52af61cb
drwx------ 2 vmail vmail  4096 Dec 28 12:43 new
-rw------- 1 vmail vmail    29 Dec 16 20:25 subscriptions
drwx------ 2 vmail vmail  4096 Jan  6 14:24 tmp

Postconf:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = domain.tld
myhostname = mail.domain.tld
mynetworks = 127.0.0.0/8 10.100.0.0/24
mynetworks_style = subnet
myorigin = mail.domain.tld
newaliases_path = /usr/bin/newaliases.postfix
postscreen_upstream_proxy_protocol = haproxy
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_relay_restrictions =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/httpd/domain.tld/gd_bundle.crt
smtpd_tls_cert_file = /etc/httpd/domain.tld/domain.tld.crt
smtpd_tls_key_file = /etc/httpd/domain.tld/domain.tld.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

Any idea why some files are creating with root.root ownership instead of vmail.vmail? We have another iredmail installation which running for last two years without much problems. This problem new to us.

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Temporary Failure error

All files under /var/vmail/vmail1 must be owned by user 'vmail', group 'vmail', and permission 0700.

3

Re: Temporary Failure error

ZhangHuangbin wrote:

All files under /var/vmail/vmail1 must be owned by user 'vmail', group 'vmail', and permission 0700.

That's right. And those files were not created manually. For some reason some files are automatically creating as root.root privilege. I'm wondering why it's creating file with as root user?

4

Re: Temporary Failure error

moyorakkhi wrote:

I'm wondering why it's creating file with as root user?

No idea at all. iRedMail doesn't have program or cron job to access files under /var/vmail/.

5

Re: Temporary Failure error

Hello,

I have also encountered this issue. It just came up for 1 domain and when I check the file permissions, they are assigned to root

[root@mail ~]# ls -l /var/vmail/vmail1/sahi.net/
total 28
drwx------  4 vmail vmail 4096 Sep 15 11:58 a
drwxr-xr-x  3 root  root  4096 Sep 15 11:58 c
drwxr-xr-x  3 root  root  4096 Sep 15 11:58 d
drwxr-xr-x  3 root  root  4096 Sep 15 11:59 k
drwx------  3 root  root  4096 Feb 25  2013 n
drwx------. 4 vmail vmail 4096 Sep 15 11:52 p
drwx------  3 vmail vmail 4096 Sep 15 11:58 r
[root@mail ~]#


Could this be because we copied backup Maildir files back to the server as I was doing a migration.

Please advise if manually changing the file permissions will apply even for new files and subdirectories

6

Re: Temporary Failure error

You should change filer owner and permissions manually after migrateion. Mailboxes must be owned by user 'vmail', group 'vmail', permission '0700'.