Postfix/Dovecot – Setting Permissions on New Files in Mailbox

dovecotpostfix

When creating new files inside a mailbox, Dovecot copies the
read/write permissions from the mailbox's directory.

I'm not seeing this. Here is what I'm seeing:

andrewsav@hroon-precis:~$ dovecot --version
2.0.19
andrewsav@hroon-precis:~$ sudo ls -al /var/mail/vhosts/myhost.com/andrews
total 76
d-wxrws--- 6 vmail vmail  4096 May 15 19:53 .
drwxrwsr-x 4 vmail vmail  4096 Mar  8 07:27 ..
drwxrws--- 2 vmail vmail  4096 May 15 19:53 cur
-rw-rwS--- 1 vmail vmail   288 May 12 20:49 dovecot.index
-rw-rwS--- 1 vmail vmail 31316 May 15 19:53 dovecot.index.log
-rw-rwS--- 1 vmail vmail    24 Dec 13 14:27 dovecot.mailbox.log
-rw-rw---- 1 vmail vmail    54 May 15 19:53 dovecot-uidlist
-rw-rwS--- 1 vmail vmail     8 Dec 13 14:32 dovecot-uidvalidity
-r--rwSr-- 1 vmail vmail     0 Dec 12 22:34 dovecot-uidvalidity.50c84fbc
drwxrws--- 2 vmail vmail  4096 May 15 21:15 new
-rw-rwS--- 1 vmail vmail     6 Dec 13 14:27 subscriptions
drwxrws--- 2 vmail vmail  4096 May 15 21:15 tmp
drwxrws--- 5 vmail vmail  4096 Dec 13 14:32 .Trash
andrewsav@hroon-precis:~$ sudo ls -al /var/mail/vhosts/myhost.com/andrews/new
total 24
drwxrws--- 2 vmail vmail 4096 May 15 21:15 .
d-wxrws--- 6 vmail vmail 4096 May 15 19:53 ..
-rw------- 1 vmail vmail 3435 May 15 19:54 1368604473.Vca02I500e0M443155.hroon-precis
-rw------- 1 vmail vmail 4028 May 15 20:42 1368607343.Vca02I500e1M96785.hroon-precis
-rw------- 1 vmail vmail 4623 May 15 21:15 1368609338.Vca02I500fcM737208.hroon-precis
andrewsav@hroon-precis:~$

The mail directory has rw for the group and the individual files in the new directory for some reason do NOT have rw. Because of this they can't be accessed by people/processes they are desired to be accessed. What am I missing?

I'm running ubuntu 12.04LTS

Update 1

To give a bit of background: I've been running postfix+dovecot for quite some time now. It was installed with small deviations according to this document. Normally mailboxes are not accessed locally, the I accessed via POP/IMAP by remote client.

However I find it useful to run mutt occasionally on the server. I can do it alright if I run it as

sudo mutt -f /var/mail/vhosts/myhost.com/andrews

however I wanted to be able to run it without sudo, and that's where the trouble started. I added myslef into vmail group and I added the following lines into .muttrc:

set spoolfile = '/var/mail/vhosts/myhost.com/andrews/'
alternates myhost.com
set reverse_name = yes
set from = 'andrews@myhost.com'

But this does not work unless I explicitly do chmod g+rw on new and cur. And it works only until new mail arrived, because the new mail does not have that rw.

Is there anyway I can solve this?

Update 2

After discussing this issue with NickW in chat, we came to the conclusion that it's actually Postfix that are writing these files, and not Dovecot. The LDA is most likely Postfix virtual. Here is Postfix configuration.

main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/apache2/ssl/my.crt
smtpd_tls_key_file=/etc/apache2/ssl/my.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = myhost.myhost.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = myhost.com, hroon-precis, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_tls_wrappermode=yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_auth_only = no
#smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_tls_security_level=may

virtual_mailbox_domains = myhost.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
mydomain = myhost.com

transport_maps = hash:/etc/postfix/transport

master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

transport:

info@myhost.com discard:
sales@myhost.com discard:
webmaster@myhost.com discard:

vmailbox:

user1@myhost.com myhost.com/user1/
user2@myhost.com myhost.com/user2/
... etc
andrews@myhost.com myhost.com/andrews/
@myhost.com myhost.com/andrews/

I searched Postfix documentation and I was not able to find a way to specify permissions to Postfix for newly created mail message files inside a mailbox.

My thinking is that it could be impossible, and then there must be another way of setting up mutt so that it can access the maildirs without need to do sudo/be root.

Any hints are appreciated.

Best Answer

I'm answering here instead commenting , so I can format properly.
Since you have dovecot, you should already have lda installed (its in dovecot-core ). Add this to /etc/postfix/master.cf:

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

Add this to /etc/postfix/main.cf:

virtual_transport               = dovecot
dovecot_destination_recipient_limit = 1

Change /etc/dovecot/conf.d/15-lda.conf:

protocol lda {
  postmaster_address = postmaster@example.com
  log_path = /var/log/dovecot-deliver
  info_log_path = /var/log/dovecot-deliver
}

(though pretty much optional that 3 line between {} )
postmaster_address is the from address for the bounced mail

Change /etc/dovecot/conf.d/10-master.conf:

service auth {
...
    unix_listener auth-userdb {
    mode = 0666
    user = vmail
    group = vmail
    }
...
}

Add all users from /etc/postfix/vmailbox to /etc/postfix/virtual like this:

user1@myhost.com user1@myhost.com 
user2@myhost.com user2@myhost.com 
... etc

Move the catch-all to /etc/postfix/virtual:

@myhost.com andrews@myhost.com

Change /etc/dovecot/conf.d/15-lda.conf:

lda_mailbox_autocreate = yes

This will auto-create maiboxes that are absent

To keep the discard rules, Add to main.cf :

mydestination=localhost.localdomain

Add to /etc/postfix/virtual:

info@myhost.com devnull@localhost.localdomain
sales@myhost.com devnull@localhost.localdomain
webmaster@myhost.com devnull@localhost.localdomain

Then to /etc/aliases :

devnull: /dev/null

These lines from /etc/postfix/main.cf are no longer needed and can be removed:

#virtual_mailbox_base = /var/mail/vhosts
#virtual_minimum_uid = 100
#virtual_uid_maps = static:5000
#virtual_gid_maps = static:5000
#transport_maps = hash:/etc/postfix/transport

Run

newaliases
postmap /etc/postfix/virtual
service postfix restart
service dovecot restart

and lets hope it works.

Best Answer

Related Solutions

Linux – How to close an open relay in Postfix

Issue with sending mails from thunderbird via postfix

Related Topic