Mail access for users with UID 503 not permitted

How to reproduce the bug:

  • Go to Virtualmin -> server.example.com -> Edit user -> Add a user to this server.
  • Fill out required files.
  • Click on [ + Create].
  • Test it with telnet and see the error message (Internal error occured).
[root@server home]# telnet server.example.com 110
Trying 173.212.203.159...
Connected to server.example.com.
Escape character is '^]'.
+OK Dovecot ready.
USER user.server.example.com
PASS password
+OK

-ERR [SYS/TEMP] Internal error occurred. Refer to server log for more information.
Connection closed by foreign host.
[root@server home]#

From logs:

  Mar 19 20:15:23 server dovecot: pop3: Error: user user.server.example.com: Mail access for users with UID 503 not permitted (see first_valid_uid in config file, uid from userdb lookup).

Workaround:

# usermod -u 1503 user.server.example.com
# find /home/ -user 503 -exec chown -h user.server.example.com {} \;
# find /var/ -user 503 -exec chown -h user.server.example.com {} \;

What is expected: Virtualmin should create such users with UID > first_valid_uid.

In this configuration, when I go to Webmin -> Servers -> Dovecot IMAP/POP3 Server -> Users and Login Options there is:

Minimum valid UID ( ) Default (*) [ 1000 ]

I don't suggest decreasing this variable to 500, because there are some users with ID below 1000 and above 500.

Here are other users with their UID:

root 0
bin 1
daemon 2
adm 3
lp 4
sync 5
shutdown 6
halt 7
mail 8
operator 11
games 12
ftp 14
nobody 99
systemd-bus-proxy 999
systemd-network 192
dbus 81
polkitd 998
tss 59
sshd 74
postfix 89
chrony 997
rpc 32
apache 48
mailman 41
webalizer 67
mysql 27
dovecot 97
dovenull 996
postgres 26
named 25
saslauth 995
clamupdate 994
clamscan 993
nginx 992
opendkim 500

Operating system CentOS Linux 7.3.1611 Webmin version 1.831 Virtualmin version 5.07

Status: 
Active

Comments

The next release of Webmin will address this by changing the default low UID for new users to 1000.

Until then, you can either edit the Dovecot config, or edit /etc/webmin/useradmin/config and change the base_uid and base_gid options.

I changed base_uid and base_gid to 1000 and tested it, the new user have UID 1000.

Sounds like this is fixed then..

I am a new user who is having exactly this problem as described. I am wondering, did I do something wrong or uncommon in order to reproduce this bug??? It seems to me like this is a huge bug, I can't login to IMAP with a default installation on RHEL 7

Mar 25 09:46:59 hostname dovecot: imap: Error: user username: Mail access for users with UID 500 not permitted (see first_valid_uid in config file, uid from userdb lookup).

This is a webmin bug - the default UID for new users is to low. It will be fixed (for new installs) once the next release of webmin comes out, or you can fix it as documented in comment #2.

I had this problem for many months and was able to finally fix it with the instructions provided. for anyone who has this problem, don't forget to re-create the user

Thanks.

I've just moved a site over to a new server, which usually goes pretty well but I've been pulling my hair out over this one... mail clients not receiving mail but the mail is sitting there on the server. Finally isolated it to this UID issue. ci83rtda, you said "don't forget to re-create the user". What do I do if these are already existing users with mail already existing on the server? Any ideas how I would fix this?

Another fix is just to edit the Dovecot config to allow UIDs below 1000.

I went to Webmin | Servers | Dovecot IMAP/POP3 Server | User and Login Options and checked the Minimum valid UID. It was set to 1000. I set it to 500 and the mail started being retrieved from clients again.