Trying to run "docker exec" on email received by postfix

General
1

Hello,

I’m trying to run a script in a docker container when the server receives an email, but I get a permission denied error. This is what I see in my /var/log/mail.log:

Jan 29 15:56:40 hostname postfix/local[13971]: 2CEF9121A16: to=myuser@mysubdomain, orig_to=adf56a3a50@mydomain, relay=local, delay=0.27, delays=0.21/0.01/0/0.06, dsn=5.3.0, status=bounced (Command died with status 1: “[the-docker-exec-comman]”. Command output: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/[container_name]/json: dial unix /var/run/docker.sock: connect: permission denied )

I have tried adding “myuser” and “postfix” to docker group, but the error persist.
My configuration is:
Debian 9
Postfix: Version: 3.1.8-0+deb9u1
Docker:

Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:59 2019
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false

Postfix is configured with virtual map, all mails to @mysubdomain are sent to [myuser]@localhost
I’m trying to execute the command in the .forward file of [myuser]

Any guess?

2

Did you restart the postfix service after you added the postfix user to the docker group?

3

i guess you defined this script in master.cf ?
What user did you define for this script? - this user is the one who needs to be in the docker group.

4

Hi yes, I’ve tried to restart postfix, but it didn’t fix the issue

5

Actually the script is called in the .forward file of the user, not in master.cf.
I have tried with a “whoami” in the script and it seems that the script is running as the user tho whom the mail is directed. I’ve added this user to the docker group, but it still quits with a permission denied error.
Please note that if I “su -” into the user account I’m able to call “docker exec”