search

r-raymond / nixos-mailserver

A complete and Simple Nixos Mailserver
GNU General Public License v3.0
181 stars 27 forks source link

switching to the new configuration removes user then tries to chown with that user #86

Closed phdoerfler closed 6 years ago

phdoerfler commented 6 years ago

I pulled the new master but when invoking nixos-rebuild switch I got the following error:

updating GRUB 2 menu...
stopping the following units: dovecot2.service, postfix.service
activating the configuration...
removing user ‘myuser@example.com’
setting up /etc...
removing obsolete symlink ‘/etc/pam.d/dovecot2’...
setting up tmpfiles
reloading the following units: dbus.service
starting the following units: dovecot2.service, postfix.service
warning: the following units failed: activate-virtual-mail-users.service

● activate-virtual-mail-users.service
   Loaded: loaded (/nix/store/aap7y02gl2cm1f4pk5jmlbmi7q9rm25a-unit-activate-virtual-mail-users.service/activate-virtual-mail-users.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2018-02-22 21:42:19 UTC; 2s ago
  Process: 22846 ExecStart=/nix/store/3wrhfxrqnyi554j43pdbv9mqm22axqr1-activate-virtual-mail-users (code=exited, status=1/FAILURE)
 Main PID: 22846 (code=exited, status=1/FAILURE)

Feb 22 21:42:18 turtle systemd[1]: Started activate-virtual-mail-users.service.
Feb 22 21:42:19 turtle 3wrhfxrqnyi554j43pdbv9mqm22axqr1-activate-virtual-mail-users[22846]: chown: invalid user: ‘myuser@example.com:virtualMail’
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Main process exited, code=exited, status=1/FAILURE
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Unit entered failed state.
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Failed with result 'exit-code'.
warning: error(s) occurred while switching to the new configuration

Why does my user myuser@example.com get removed in the first place?

r-raymond commented 6 years ago

The new release v2.1 uses virtual users instead of system users. It is documented in the new release mail. Is the activate-virtual-mail-users something specific to your configuration?

phdoerfler commented 6 years ago

This reminds me that I meant to subscribe to that mailing list. My bad!

r-raymond commented 6 years ago

Nvm, the problem is the sieve folders,

mail-server/users.nix:          chown "${name}:${vmailGroupName}" "/var/sieve/${name}"
mail-server/users.nix:        chown "${name}:${vmailGroupName}" "/var/sieve/${name}/default.sieve"

does it work if you change the lines to chown "${vmailUserName}:${vmailGroupName}" ...?

phdoerfler commented 6 years ago

Changing those two ${name} into ${vmailUserName} results in this:

$ nixos-rebuild switch
building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/za3g159x9qps2kd5zfgrf1slmj85h2pz-activate-virtual-mail-users.drv
  /nix/store/95wca2v9973q8mhlcyl98av2xh25xv43-unit-activate-virtual-mail-users.service.drv
  /nix/store/6sb9vbsj7wck0pf9wy90x5ypljjdccsk-system-units.drv
  /nix/store/3ciarygy6d0zzsbm8x54b0b654bn1qis-etc.drv
  /nix/store/nqa8bw16k6jal9dz3zr5ijml36862n42-nixos-system-turtle-17.09.3036.bbcd0efcb63.drv
building path(s) ‘/nix/store/nw41y00443p3a2fvzjls74zgqh5wv2r2-activate-virtual-mail-users’
building path(s) ‘/nix/store/m6pa1frnlazb9f4mqv9d9a7mg5jr853k-unit-activate-virtual-mail-users.service’
building path(s) ‘/nix/store/6s52wclg5x1945c9ffqylcsksm2aq98d-system-units’
building path(s) ‘/nix/store/9azkki8fbr867ihmawmbzk9njjyykm6m-etc’
building path(s) ‘/nix/store/rhj9bnk2fmdglic9f5a68npcrcdpay11-nixos-system-turtle-17.09.3036.bbcd0efcb63’
updating GRUB 2 menu...
activating the configuration...
setting up /etc...
setting up tmpfiles

Looking good to me. Is this what you'd expect?

r-raymond commented 6 years ago

Depends on if the sieve scripts still work :) Unfortunately we don't have any sieve tests in our test suite, so it slipped through the CI.

phdoerfler commented 6 years ago

While testing if the sieve scripts would work (and chowning my vmail directory of course) I ran into this which appeared in the logs the moment I sent a test email to myself from a different account:

Feb 22 22:28:09 turtle postfix/smtpd[30556]: fatal: host/service mailstore.example.com/12340 not found: Name or service not known

Is this related?

The mail was not delivered.

Edit:

This seems to be the offending line in postfix.nix:

        # quota
        smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340

I am a bit puzzled as to why the tests run OK indicating mail gets delivered - yet it doesn't. At least on my server and this line looks awfully fishy to me.

Edit 2:

From https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html via https://wiki2.dovecot.org/Quota:

In this example the frontend server's very last test in smtpd_recipient_restrictions instructs Postfix to contact the Dovecot policy-server at mailstore.example.com on port 12340.

phdoerfler commented 6 years ago

Having removed the offending line in postfix.nix my test mail got delivered to the sub folder as instructed by the sieve script. I'd say it works.

jbboehr commented 6 years ago

Not sure if related, but after upgrading my /var/vmail was still owned by the previous user id 1000. After running sudo chown -Rf virtualMail /var/vmail/ it seems to be working again. I did try to upgrade to 2.1.1 earlier.