Unable to receive e-mails with Dovecot: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied

Follow

Comments

14 comments

  • Avatar
    Tarct (Edited )

    I'm getting the same Error, but the solution does not work.

     

    My File '/etc/apparmor.d/usr.lib.dovecot.dovecot-auth' looks like the following without the solution. I didn't modify it befor the error occours.

    --------------------------------------------------------------------------

    # ------------------------------------------------------------------
    #
    # Copyright (C) 2009-2013 Canonical Ltd.
    # Copyright (C) 2013 Christian Boltz
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of version 2 of the GNU General Public
    # License published by the Free Software Foundation.
    #
    # ------------------------------------------------------------------
    # vim: ft=apparmor

    #include <tunables/global>

    /usr/lib/dovecot/dovecot-auth flags=(complain) {
    #include <abstractions/authentication>
    #include <abstractions/base>
    #include <abstractions/nameservice>
    #include <abstractions/wutmp>
    #include <abstractions/dovecot-common>

    capability chown,
    capability dac_override,

    @{PROC}/@{pid}/mounts r,
    /usr/lib/dovecot/dovecot-auth mr,
    /{,var/}run/dovecot/** rw,
    # required for postfix+dovecot integration
    /var/spool/postfix/private/dovecot-auth w,

    # Site-specific additions and overrides. See local/README for details.
    #include <local/usr.lib.dovecot.dovecot-auth>
    }

    --------------------------------------------------------------------------

    After adding '/var/run/dovecot/auth-userdb rw,' to the last line AppArmor is not starting anymore.

     

    Update:

    I found a solution:

    i had to modify the file '/etc/apparmor.d/usr.lib.dovecot.dovecot-lda' and add the line '/var/run/dovecot/* rw,' to the end of the block 'profile /usr/sbin/sendmail flags=(complain,attach_disconnected) { ...}'

  • Avatar
    Anton Maslov

     

    @Tarct thank you for sharing this with us - the article was updated accordingly. We also checked that deeply and confirmed as a bug, it was fixed in MU12.

  • Avatar
    Tarct

    @ Anton Maslov

    Thanks for investigating.

    My file '/etc/apparmor.d/usr.lib.dovecot.dovecot-lda' was reset this morning to the nonworking version. After applying Update 12 the problem still existed. I had to add the line again.

     

    The reset seams to be linked to an automatic update proceeded by the Package Update Manager this morning?!?

    The following packages were successfully updated:
    - liblxc1 2.0.6-0ubuntu1~ubuntu16.04.1 from Ubuntu for xenial-updates by Ubuntu repo (previous version: 2.0.5-0ubuntu1~ubuntu16.04.3 from Ubuntu for xenial-security by Ubuntu repo)
    - lxc-common 2.0.6-0ubuntu1~ubuntu16.04.1 from Ubuntu for xenial-updates by Ubuntu repo (previous version: 2.0.5-0ubuntu1~ubuntu16.04.3 from Ubuntu for xenial-security by Ubuntu repo)
    - lxcfs 2.0.5-0ubuntu1~ubuntu16.04.1 from Ubuntu for xenial-updates by Ubuntu repo (previous version: 2.0.4-0ubuntu1~ubuntu16.04.1 from now repo)

     

    To force re-delivery of mails:

    postqueue -f

     

  • Avatar
    Fabian Flasche

    I have this Bug since MU12 on Ubuntu 16.04 + Onyx

  • Avatar
    Dominik

    Hi,

    I wish you a happy new year. I have followed above steps mentioned in KB and after reinstalling plesk-dovecot-imap-driver my Mails were successfully stored to user inbox but after server restart I have the same problem as before.

    The file /etc/apparmor.d/local/usr.lib.dovecot.dovecot-lda contains only following lines on my server:

    /etc/postfix/master.cf r,
    /run/dovecot/auth-userdb rw,

    /var/qmail/mailnames/** rwkl,

    After following above steps the file was recreated but still only with this three lines.

    Version: Plesk 17.0.17 Update 12

    Regards

    Dominik

  • Avatar
    Fabian Flasche

    Yesterday I have the server restarted.
    The error was there again

    The changes in the files were still there.

    After which I have the service restarted went back everything
    service apparmor restart && service dovecot restart

    When is there a fix for the problem?

     

     

  • Avatar
    Tarct (Edited )

    I can confirm, that after a restart the problem stil exists.

     

    My file '/etc/apparmor.d/local/usr.lib.dovecot.dovecot-lda' looks like the following

    Site-specific additions and overrides for usr.lib.dovecot.dovecot-lda.
    # For more details, please see /etc/apparmor.d/local/README.

    /etc/postfix/master.cf r,
    /run/dovecot/auth-userdb rw,

    /var/qmail/mailnames/** rwkl,

     

    I only needed to use the following once after restart:

    apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.dovecot.dovecot-lda

    so i could redeliver all mails with

    postqueue -f

     As a workaround i use the following in a cronjob:

    /sbin/apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.dovecot.dovecot-lda && /usr/sbin/postqueue -f
  • Avatar
    Vito Falco

    Me too.

    With Onyx 17.0.17 I've the same situation :(

    When an official fix?

    The Tarct's workaround works

  • Avatar
    Joe Pesci

    Same here, appeared out of the blue, instructions in article useless.

    Thank you very much Tarct for the solution.

    Running Onyx 17.0.17

  • Avatar
    Andrey Ivanov

    Hello, Vito and Joe. The resolution section was modified accordingly.

  • Avatar
    Fabian Flasche
    After the update to Plesk 17.5.3 the error is again there with Ubuntu 16.04 LTS :(
  • Avatar
    Nikolay Zhmuk

    2Fabian, Check that there are no default/old/saved profiles for /etc/apparmor.d/usr.lib.dovecot.dovecot-lda, AppArmor applies all the profiles in the directory. Move them out if there are any and apply Steps 3,4 

  • Avatar
    João Alves

    Hi,

     

    I'me having this error also:

     

    apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.dovecot.dovecot-lda


    AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.dovecot-lda in /etc/apparmor.d/usr.lib.dovecot.dovecot-lda at line 45: Could not open 'abstractions/postfix-common'

    I'm running:

     

    I get this error while doing the command or when booting the server

     

    "

    AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.dovecot-lda in /etc/apparmor.d/usr.lib.dov
    ecot.dovecot-lda at line 45: Could not open 'abstractions/postfix-common'
    * Starting Docker daemon [ OK ]
    Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
    AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.dovecot-lda in /etc/apparmor.d/usr.lib.dov
    ecot.dovecot-lda at line 45: Could not open 'abstractions/postfix-common'
    Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
    * Starting AppArmor profiles [fail]

    "

    Any clues about this?

     

    Regards

  • Avatar
    Nikolay Zhmuk (Edited )

    @João Alves Check that /etc/apparmor.d/abstractions/postfix-common file exists, has correct permissions and the following content:

    # ls -l /etc/apparmor.d/abstractions/postfix-common
    -rw-r--r-- 1 root root 1105 Mar 16 08:11 /etc/apparmor.d/abstractions/postfix-common

    # cat /etc/apparmor.d/abstractions/postfix-common
    # ------------------------------------------------------------------
    #
    # Copyright (C) 2002-2005 Novell/SUSE
    # Copyright (C) 2015 Canonical, Ltd.
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of version 2 of the GNU General Public
    # License published by the Free Software Foundation.
    #
    # ------------------------------------------------------------------
    # used with postfix/*


    capability setuid,
    capability setgid,
    capability sys_chroot,

    # postfix's master can send us signals
    signal receive peer=/usr/lib/postfix/master,

    unix (send, receive) peer=(label=/usr/lib/postfix/master),

    /etc/mailname r,
    /etc/postfix/*.cf r,
    /etc/postfix/*.db r,
    @{PROC}/net/if_inet6 r,
    /usr/lib/postfix/*.so mr,
    /usr/lib{,32,64}/sasl2/* mr,
    /usr/lib{,32,64}/sasl2/ r,
    /usr/lib/@{multiarch}/sasl2/* mr,
    /usr/lib/@{multiarch}/sasl2/ r,

    /var/spool/postfix/etc/* r,
    /var/spool/postfix/lib/lib*.so* mr,
    /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,

Please sign in to leave a comment.