dovecot fail to delvier mail with "lda(xxxxx): Fatal: Mail access for users with GID 2000 not permitted (see first_valid_gid in config file, gid from userdb lookup)

[asemen]

After some radon changes using the lets encrypt script from https://certbot.eff.org/ to create my HTTP secret. It looks like some changes happened also on the email configuration.

I failed to download email via impa and pop3 also Raoundcube fail  to use also imap with a local user.

Now I have this error message that means?

 fail to delvier mail with "lda(xxxxx): Fatal: Mail access for users with GID 2000 not permitted (see first_valid_gid in config file, gid from userdb lookup)

or

Error: Mail access for users with GID 2000 not permitted (see first_valid_gid in config file, gid from userdb lookup).
 

Jul 27 11:57:01 mc dovecot[13534]: imap-login: Login: user=<mail@example.com>, method=PLAIN, rip=::1, lip=::1, mpid=21779, secured, session=<YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com)<21779><YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>: Debug: Loading modules from directory: /usr/lib64/dovecot/modules
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com)<21779><YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>: Debug: Module loaded: /usr/lib64/dovecot/modules/lib10_quota_plugin.so
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com)<21779><YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>: Debug: Module loaded: /usr/lib64/dovecot/modules/lib11_imap_quota_plugin.so
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com)<21779><YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>: Debug: Added userdb setting: mail=maildir:/srv/customers/mail/ase/andrej@semen.de/
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com)<21779><YPJN/HQBrOkAAAAAAAAAAAAAAAAAAAAB>: Debug: Added userdb setting: plugin/quota_rule=*:storage=0M
Jul 27 11:57:01 mc dovecot[13534]: imap(mail@example.com😞 Error: Mail access for users with GID 2000 not permitted (see first_valid_gid in config file, gid from userdb lookup).
Jul 27 11:57:42 mc dovecot[13534]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=xx.225.94.xx, lip=xx.111.252.xx, session=<uNHA/nQBtMlP4V7r>
Jul 27 11:59:04 mc dovecot[13534]: imap-login: Error: net_connect_unix(/var/run/dovecot//stats-writer) failed: Permission denied
Jul 27 11:59:05 mc dovecot[13534]: imap: Error: net_connect_unix(/var/run/dovecot//stats-writer) failed: Permission denied

/etc/dovecot/conf.d # grep first_valid_gid *
10-mail.conf:#first_valid_gid = 1
10-mail.conf:first_valid_gid = 12
10-mail.conf.frx.bak:#first_valid_gid = 1
 

I checked all the files configuration in /etc/dovecot/conf.d looks fine

BTW; I ca send email out to an extern email. Postfix does the jon. If I try to send ir local it fails in the part of dovecot to save it down into the right foleser /ser/customers/mail folder .

the owner and group of the mail folder and subfolder are owned by vmail:vamail  user and gid = 2000

ll /srv/customers/mail/ -d
drwx--x--x 5 vmail vmail 4096  4. Aug 2014  /srv/customers/mail/

grep vmail /etc/passwd 
vmail:x:2000:2000:maildirs chef:/srv/customers/mail:/bin/false
mc:/etc/dovecot # grep vmail /etc/group
vmail:x:2000:dovecot
 

Has anyone an idea how to get the email with Forxlor working again.

[d00p]

1 minute ago, asemen said:

After some radon changes using the lets encrypt script from https://certbot.eff.org/ to create my HTTP secret. It looks like some changes happened also on the email configuration.

No idea what one has to do with the other...

What OS / Distribution is that? Did you recently upgrade from older versions of that? Are you sure the services are configured correctly and completely?

And what do you mean by "if i try to send local"? From one account on the server to another? Or what exactly is it you're doing there?

[asemen]

Sorry I forgot to mention that the os is OpenSUSE Leap 15.5. 
My local I mean sending email that ar hosted on that server and outside means sending email to an mailbox that is not part of this server like gmx.de or web.de

 

[asemen]

What does that error messages mean "Mail access for users with GID 2000 not permitted (see first_valid_gid in config file, gid from userdb lookup)"?

And how to fix it? What value has to be set for first_valid_gid ?

[d00p]

8 minutes ago, asemen said:

Sorry I forgot to mention that the os is OpenSUSE Leap 15.5. 

There are no official configuration templates for openSuse, try to adjust the configs according to other distributions templates, but be aware that there might be differences

[asemen]

Maybe as a stupid question but config files with the .ext on the end are ignored right?
like in /etc/dovecot dovecot-sql.conf and dovecot-sql.conf.ext

[d00p]

./conf.d/10-auth.conf:!include auth-sql.conf.ext

They get included