Email errors and file permissions

[rpvw]

v66.0.18

We have been seeing the following in the exim panic logs for the past few days:

2017-09-06 10:40:20 failed to expand condition "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy
recipient=${quote:$local_part}@${quote:$domain}
size=$message_size

}{3s}{
}{SOCKETFAIL}}}{action=5}{true}{false}}}{false}}}{false}}" for virtual_user_overquota router: failed to open /home/username/etc/domain.tld/quota for linear search: Permission denied (euid=47 egid=12)

The peculiar thing is that this only seems to affect 2 domains. I have checked the filesystem and the /quota file permissions are set to 640 - the same that all the other /quota files for all the domains that are not provoking errors.



On an unrelated issue - I was dismayed to see the /username.rcube.db.latest files set to 777 permissions. I do think that there should never be any file with this level of global read/write in a users home directory.

 

[rpvw]

***UPDATE***

I was able to 'fix' the errors being reported in the exim_paniclog very simply:

1. For the user that is reported as having an error, go to their cPanel and edit the quota of any of their email accounts that have a quota set (or set a quota on one that hasn't).
2. Ensure you SAVE the new quota.

(If you want/need to, you can always now repeat the same procedure, and revert to the original quota.)

That's it - the errors went away
I am not sure what was causing them - perhaps there was an extra line or some non-printing character in the file - but editing it and saving it seems to have worked. Now where was that Whiskey ?

 

[cPanelMichael]

I am not sure what was causing them - perhaps there was an extra line or some non-printing character in the file - but editing it and saving it seems to have worked.

Hello,

Did you happen to check the ownership values of those files before updating them through the cPanel email quota modification functionality?

Thank you.

 

[rpvw]

I did check - the /quota files were all :

owner:username
group:mail
permissions 640

 

[rpvw]

***UPDATE***

After checking every single /home/username/etc/domain.tld/quota file, I did find one user whose file was set :
owner:username
group:username
permissions 640

After modifying a quota for one of their email accounts, this users file changed to :
owner:username
group:mail
permissions 640

To be honest, I am now doubting myself as to whether I checked the ownership before or after I changed the email quota for their account in cPanel.

Hope someone can get something useful out of all this

 

[cPanelMichael]

Hello,

The following command is also useful if you want to correct the ownership or permissions of the mail quota files:

/scripts/mailperm --verbose

Thank you.