postfix+dovecot 系統無法收信

kojiunjau

各位好
我的郵件主機收不了信
跟版內同學一樣也是權限問題,但是我就是搞不懂,系統到哪要我的UID跟GID,明明都指定vmail(UID 2000:GID 2000)了
是哪邊有了缺漏嗎?

1. root@iredmail01:/etc# dovecot -n
   
2. # 2.2.9: /etc/dovecot/dovecot.conf
   
3. # OS: Linux 3.13.0-24-generic x86_64 Ubuntu 14.04 LTS
   
4. auth_master_user_separator = *
   
5. auth_mechanisms = PLAIN LOGIN
   
6. dict {
   
7.   acl = PH_DOVECOT_SHARE_FOLDER_SQLTYPE:PH_DOVECOT_SHARE_FOLDER_CONF
   
8.   quotadict = pgsql:/etc/dovecot/dovecot-used-quota.conf
   
9. }
   
10. first_valid_uid = 2000
    
11. last_valid_uid = 2000
    
12. listen = *
    
13. log_path = /var/log/dovecot.log
    
14. mail_gid = 2000
    
15. mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/:UTF-8
    
16. mail_plugins = quota
    
17. mail_uid = 2000
    
18. managesieve_notify_capability = mailto
    
19. managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
    
20. namespace {
    
21.   inbox = yes
    
22.   location =
    
23.   mailbox Drafts {
    
24.     auto = subscribe
    
25.     special_use = \Drafts
    
26.   }
    
27.   mailbox Junk {
    
28.     auto = subscribe
    
29.     special_use = \Junk
    
30.   }
    
31.   mailbox Sent {
    
32.     auto = subscribe
    
33.     special_use = \Sent
    
34.   }
    
35.   mailbox "Sent Messages" {
    
36.     auto = no
    
37.     special_use = \Sent
    
38.   }
    
39.   mailbox Spam {
    
40.     auto = no
    
41.     special_use = \Junk
    
42.   }
    
43.   mailbox Trash {
    
44.     auto = subscribe
    
45.     special_use = \Trash
    
46.   }
    
47.   prefix =
    
48.   separator = /
    
49.   type = private
    
50. }
    
51. namespace {
    
52.   list = children
    
53.   location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
    
54.   prefix = Shared/%%u/
    
55.   separator = /
    
56.   subscriptions = yes
    
57.   type = shared
    
58. }
    
59. passdb {
    
60.   args = /etc/dovecot/dovecot-pgsql.conf
    
61.   driver = sql
    
62. }
    
63. passdb {
    
64.   args = /etc/dovecot/dovecot-master-users-password
    
65.   driver = passwd-file
    
66.   master = yes
    
67. }
    
68. plugin {
    
69.   acl = vfile
    
70.   acl_shared_dict = proxy::acl
    
71.   auth_socket_path = /var/run/dovecot/auth-master
    
72.   quota = dict:user::proxy::quotadict
    
73.   quota_rule = *:storage=1G
    
74.   quota_warning = storage=85%% quota-warning 85 %u
    
75.   quota_warning2 = storage=90%% quota-warning 90 %u
    
76.   quota_warning3 = storage=95%% quota-warning 95 %u
    
77.   sieve = /%Lh/sieve/dovecot.sieve
    
78.   sieve_default = /var/vmail/sieve/dovecot.sieve
    
79.   sieve_dir = /%Lh/sieve
    
80.   sieve_global_dir = /var/vmail/sieve
    
81. }
    
82. protocols = imap sieve lmtp
    
83. service auth {
    
84.   unix_listener /var/spool/postfix/private/dovecot-auth {
    
85.     group = postfix
    
86.     mode = 0666
    
87.     user = postfix
    
88.   }
    
89.   unix_listener auth-master {
    
90.     group = vmail
    
91.     mode = 0666
    
92.     user = vmail
    
93.   }
    
94.   unix_listener auth-userdb {
    
95.     group = vmail
    
96.     mode = 0660
    
97.     user = vmail
    
98.   }
    
99. }
    
100. service dict {
     
101.   unix_listener dict {
     
102.     group = vmail
     
103.     mode = 0660
     
104.     user = vmail
     
105.   }
     
106. }
     
107. service imap-login {
     
108.   process_limit = 500
     
109.   service_count = 1
     
110. }
     
111. service lmtp {
     
112.   executable = lmtp -L
     
113.   inet_listener lmtp {
     
114.     port = 24
     
115.   }
     
116.   process_min_avail = 5
     
117.   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     
118.     group = postfix
     
119.     mode = 0600
     
120.     user = postfix
     
121.   }
     
122.   user = vmail
     
123. }
     
124. service pop3-login {
     
125.   service_count = 1
     
126. }
     
127. service quota-warning {
     
128.   executable = script /usr/local/bin/dovecot-quota-warning.sh
     
129.   unix_listener quota-warning {
     
130.     group = vmail
     
131.     mode = 0660
     
132.     user = vmail
     
133.   }
     
134. }
     
135. ssl = no
     
136. ssl_cert = </etc/ssl/certs/iRedMail_CA.pem
     
137. ssl_key = </etc/ssl/private/iRedMail.key
     
138. userdb {
     
139.   args = /etc/dovecot/dovecot-pgsql.conf
     
140.   driver = sql
     
141. }
     
142. protocol lda {
     
143.   auth_socket_path = /var/run/dovecot/auth-master
     
144.   lda_mailbox_autocreate = yes
     
145.   log_path = /var/log/dovecot-sieve.log
     
146.   mail_plugins = quota sieve
     
147.   postmaster_address = root
     
148. }
     
149. protocol lmtp {
     
150.   info_log_path = /var/log/dovecot-lmtp.log
     
151.   lmtp_save_to_detail_mailbox = yes
     
152.   mail_plugins = quota sieve
     
153.   postmaster_address = postmaster
     
154.   recipient_delimiter = +
     
155. }
     
156. protocol imap {
     
157.   imap_client_workarounds = tb-extra-mailbox-sep
     
158.   mail_plugins = quota imap_quota
     
159. }
     
160. protocol pop3 {
     
161.   mail_plugins = quota
     
162.   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
     
163.   pop3_uidl_format = %08Xu%08Xv
     
164. }
     

复制代码

1. root@iredmail01:/etc/postfix# more main.cf
   
2. # See /usr/share/postfix/main.cf.dist for a commented, more complete version
   
3. 
   
4. 
   
5. # Debian specific:  Specifying a file name will cause the first
   
6. # line of that file to be used as the name.  The Debian default
   
7. # is /etc/mailname.
   
8. #myorigin = /etc/mailname
   
9. 
   
10. smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    
11. biff = no
    
12. 
    
13. # appending .domain is the MUA's job.
    
14. append_dot_mydomain = no
    
15. 
    
16. # Uncomment the next line to generate "delayed mail" warnings
    
17. #delay_warning_time = 4h
    
18. 
    
19. readme_directory = no
    
20. 
    
21. # TLS parameters
    
22. smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
    
23. smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
    
24. smtpd_use_tls=yes
    
25. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    
26. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
27. 
    
28. # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    
29. # information on enabling SSL in the smtp client.
    
30. 
    
31. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    
32. myhostname = iredmail01.example.com
    
33. alias_maps = hash:/etc/postfix/aliases
    
34. alias_database = hash:/etc/postfix/aliases
    
35. myorigin = iredmail01.example.com
    
36. mydestination = $myhostname, localhost.$mydomain, localhost, iredmail.$mydomain
    
37. relayhost = 192.168.111.1
    
38. mynetworks = 127.0.0.1 192.168.111.0/24 192.168.11.0/24 192.168.1.0/24
    
39. mailbox_size_limit = 0
    
40. recipient_delimiter =
    
41. inet_interfaces = all
    
42. inet_protocols = ipv4
    
43. virtual_alias_domains =
    
44. allow_percent_hack = no
    
45. swap_bangpath = no
    
46. mydomain = example.com
    
47. mynetworks_style = subnet
    
48. smtpd_data_restrictions = reject_unauth_pipelining
    
49. smtpd_reject_unlisted_recipient = yes
    
50. smtpd_reject_unlisted_sender = yes
    
51. smtp_tls_security_level = may
    
52. smtp_tls_CAfile = $smtpd_tls_CAfile
    
53. smtp_tls_loglevel = 0
    
54. smtp_tls_note_starttls_offer = yes
    
55. smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
    
56. delay_warning_time = 0h
    
57. maximal_queue_lifetime = 4h
    
58. bounce_queue_lifetime = 4h
    
59. proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonic
    
60. al_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_
    
61. maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
    
62. smtp_data_init_timeout = 240s
    
63. smtp_data_xfer_timeout = 600s
    
64. smtpd_helo_required = yes
    
65. smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_h
    
66. elo_access pcre:/etc/postfix/helo_access.pcre
    
67. queue_run_delay = 300s
    
68. minimal_backoff_time = 300s
    
69. maximal_backoff_time = 4000s
    
70. enable_original_recipient = no
    
71. disable_vrfy_command = yes
    
72. home_mailbox = Maildir/
    
73. allow_min_user = no
    
74. message_size_limit = 15728640
    
75. virtual_minimum_uid = 2000
    
76. virtual_uid_maps = static:2000
    
77. virtual_gid_maps = static:2000
    
78. virtual_mailbox_base = /var/vmail
    
79. transport_maps = regexp:/etc/postfix/transport, proxy:pgsql:/etc/postfix/pgsql/transport_maps_user.cf, proxy:pgsql:/etc/postfix/pgsql/transp
    
80. ort_maps_domain.cf
    
81. virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
    
82. virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
    
83. virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf, proxy:pgsql:/etc/postfix/pgsql/domain_alias_maps.cf, proxy:pgsql:
    
84. /etc/postfix/pgsql/catchall_maps.cf, proxy:pgsql:/etc/postfix/pgsql/domain_alias_catchall_maps.cf
    
85. sender_bcc_maps = proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_user.cf, proxy:pgsql:/etc/postfix/pgsql/sender_bcc_maps_domain.cf
    
86. recipient_bcc_maps = proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_user.cf, proxy:pgsql:/etc/postfix/pgsql/recipient_bcc_maps_domain.cf
    
87. relay_domains = $mydestination, proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf
    
88. smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/pgsql/sender_login_maps.cf
    
89. smtpd_sasl_auth_enable = no
    
90. smtpd_sasl_local_domain =
    
91. broken_sasl_auth_clients = no
    
92. smtpd_sasl_security_options = noanonymous
    
93. smtpd_tls_auth_only = yes
    
94. smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    
95. smtpd_tls_security_level = may
    
96. smtpd_tls_loglevel = 0
    
97. smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
    
98. tls_random_source = dev:/dev/urandom
    
99. mailbox_command = /usr/lib/dovecot/deliver
    
100. virtual_transport = dovecot
     
101. dovecot_destination_recipient_limit = 1
     
102. smtpd_sasl_type = dovecot
     
103. smtpd_sasl_path = private/dovecot-auth
     

复制代码

tail -f /var/log/mail.log
Aug  7 15:33:45 iredmail01 postfix/qmgr[8374]: 1694C480DF9: from=<kec@hqdc041.example.com>, size=825, nrcpt=1 (queue active)
Aug  7 15:33:45 iredmail01 postfix/qmgr[8374]: 46C5848854A: from=<kec@hqdc041.example.com>, size=834, nrcpt=1 (queue active)
Aug  7 15:33:45 iredmail01 postfix/local[8696]: 46C5848854A: to=<grosse@iredmail.example.com>, relay=local, delay=2205, delays=2205/0.02/0/0.05, dsn=4.3.0, status=deferred (temporary failure)
Aug  7 15:33:45 iredmail01 postfix/local[8694]: 1694C480DF9: to=<kec@iredmail.example.com>, relay=local, delay=1180, delays=1179/0.08/0/0.07, dsn=4.3.0, status=deferred (temporary failure)

tail -f /var/log/dovecot-sieve.log
Aug 07 15:33:45 lda(kec): Fatal: setgid(2000(vmail) from mail_gid setting) failed with euid=60011(kec), gid=50500(em), egid=50500(em): Operation not permitted (This binary should probably be called with process group set to 2000(vmail) instead of 50500(em))
Aug 07 15:33:45 lda(grosse): Fatal: setgid(2000(vmail) from mail_gid setting) failed with euid=519(grosse), gid=50500(em), egid=50500(em): Operation not permitted (This binary should probably be called with process group set to 2000(vmail) instead of 50500(em))