LMTP with unix socket (core 8.7.8, Debian 9.6)



  • Hi.
    I’m testing the latest core 8.7.8 (community) in virtual/test environment. I’d prefer the LMTP to use unix socket instead of TCP. (The manual also recommends it.)
    I updated lmtp_listen parameter (dagent.cfg) and virtual_transport in Postfix’es main.cf to /var/spool/kopano/dagent.sock and restarted the services (dagent & postfix). The file is there (was created just after restart of the services):

    root@srv3:/var/log/kopano# ls -al /var/spool/kopano/
    total 8
    drwx------ 2 kopano kopano 4096 Nov 29 19:44 .
    drwxr-xr-x 6 root   root   4096 Nov 29 19:09 ..
    srw-rw-rw- 1 root   root      0 Nov 29 19:44 dagent.sock
    

    but Postfix complains:

    Nov 29 19:47:52 srv3 postfix/lmtp[1974]: A3C86A1F10: to=<test@srv3.test.loc>, relay=none, delay=555, delays=555/0.01/0/0, dsn=4.4.1, status=deferred (connect to srv3.test.loc[/var/spool/kopano/dagent.sock]: No such file or directory)
    
    

    Mail is not delivered if i use unix sokets, however LMTP over TCP works just fine.
    What am i doing wrong?


  • Kopano



  • Yes. Every step.

    I created dir:
    mkdir -p /var/spool/kopano

    then fixed acls:
    chown kopano:kopano /var/spool/kopano
    chmod go= /var/spool/kopano
    setfacl -m u:postfix:rwx /var/spool/kopano

    Edited config files for dagent and postfix:

    My dagent.cfg:
    #lmtp_listen = *:2003
    lmtp_listen = unix:/var/spool/kopano/dagent.sock

    My postfix main.cf:
    #virtual_transport = lmtp:127.0.0.1:2003
    virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock

    Then restarted dagent & postfix:
    service kopano-dagent restart
    service postfix restart

    Dagent.sock is created, but somehow Postfix can’t access it:
    postfix/lmtp[2345]: […] status=deferred (connect to srv3.test.loc[/var/spool/kopano/dagent.sock]: No such file or directory)

    Well… I’ll just stay with TCP sockets for now. But if anyone has a working unix socket implementation, i could use some help. Like the manual says:
    “Starting with the 8.7 release of Kopano Groupware Core it is possible to deliver messages not only via a tcp LMTP connection, but also through a linux socket. While for backwards compatibility the default value will continue to use the tcp socket, we recommend to use the unix socket for new installations.”



  • The directory appears to be still unreadable by postfix: there is no “+” shown for the ACL that was supposedly set.

    root@srv3:/var/log/kopano# ls -al /var/spool/kopano/
    total 8
    drwx------ 2 kopano kopano 4096 Nov 29 19:44 .
    drwxr-xr-x 6 root   root   4096 Nov 29 19:09 ..
    srw-rw-rw- 1 root   root      0 Nov 29 19:44 dagent.sock
    

    The other idea is that, because postfix reports “No such file or directory”, that it might be running in some kind of mount namespace. You can use nsenter -r -m -w -t P with the postfix pid P to get into a shell that shows what postfix sees.



  • Thank you for your help.
    Ok, I fixed ACLs (my fault). But still no luck. :(
    Directory has full access (777) now (for testing):

    root@srv3:/var/spool/kopano# ls -al
    total 8
    drwxrwxrwx+ 2 kopano kopano 4096 Nov 30 21:56 .
    drwxr-xr-x  6 root   root   4096 Nov 30 21:37 ..
    srwxrwxrwx  1 root   root      0 Nov 30 21:56 dagent.sock
    
    

    Tried also with nsenter - spawned shell from postfix PID and directory is accessibile & readable under postfix PID.
    Will try to play around with this over the weekend.



  • For my part, I ran the commands as listed in the documentation on Ubuntu 18.x, and the socket file NEVER gets created. I had to revert to *:2003 config style.

    Whether using “run_as” kopano or root, the socket file never gets created.

    Any details on how to make that happen?



  • Why not…

    dpkg-statoverride --add kopano postfix 770 /var/spool/kopano
    and you on Debian with systemd.

    see: systemctl cat kopano-dagent

    fix it with : systemctl edit kopano-dagent

    add:

    [Unit]
    # optional, but helps is the start up process. 
    After=kopano-server.service
    Wants=kopano-server.service
    
    [Service]
    LimitNOFILE=8192:16384
    User=kopano
    Group=kopano
    

    and try again



  • I have the same problem as mapo.

    Dec 30 20:32:07 servername postfix/error[11706]: DB1844C1F50: to=<max@mustermann.de>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to servername.server.de[/var/spool/kopano/dagent.sock]: No such file or directory)
    

    The problem is not fixed after the suggested doings from thctlo.



  • Ubuntu may be using AppArmor.



  • @jengelh and what do you want to tell me with this information?
    I’am using Debian 9 as mapo.



  • Well, that the LSM may interfere? Investigation needs shells, since no one has crystal balls (and won’t for the—ha—foreseeable future!)



  • Hi,

    similar problem on ubuntu 18.04

    The postfix/lmtp process runs chrooted in /var/spool/postfix and can therefore not access the socket in /var/spool/kopano.

    my solution:
    create the kopano spooldir in /var/spool/postfix instead of /var/spool (same chown, chmod and setfacl as in original instructions apply)

    in dagent.conf:

    lmtp_listen = unix:/var/spool/postfix/kopano/dagent.sock
    

    In postfix/main.cf:

    virtual_transport = lmtp:unix:/kopano/dagent.sock
    

    worked for me…



  • similar problem on ubuntu 18.04
    The postfix/lmtp process runs chrooted in /var/spool/postfix and can therefore not access the socket in /var/spool/kopano.

    Yep. Just as I postulated on 2018-11-30:

    The other idea is that, because postfix reports “No such file or directory”, that it might be running in some kind of mount namespace.



  • @pks57 said in LMTP with unix socket (core 8.7.8, Debian 9.6):

    /var/spool/postfix/kopano/dagent.sock

    I have the same problem with a fresh install on Ubuntu 18.

    connect to kopano[/var/spool/kopano/dagent.sock]: No such file or directory
    

    So as suggested, I created: /var/spool/postfix/kopano/

    And set permissions and facl, and updated main.cf and dagent.cfg etc etc and rebooted.

    The dagent.sock file is never created and postfix now errors with:

    connect to kopano[/var/spool/postfix/kopano/dagent.sock]: No such file or directory
    

    Any suggestions ??



  • Look at the dagent log and see what it says about dagent.sock.


Log in to reply