dovecot - Jan 2006 - Maildir permissions, shared folders & postfix

Hi there,

It's my understanding that shared folders can be implemented in the  
Dovecot IMAP server by simply symlinking one maildir to another, eg:

	$ ls -lan /home/DOMAIN/ned/.maildir/
	total 40
	drwx------  9 10012 10000   440 Jan  9 04:23 .
	drwxr-xr-x  3 10012 10000   160 Jan  6 06:32 ..
	drwx------  5 10012 10000   264 Jan  9 04:21 .Deleted Items
	drwx------  5 10012 10000   232 Jan  6 06:32 .Drafts
	drwx------  5 10012 10000   232 Jan  6 06:39 .Junk E-mail
	drwx------  5 10012 10000   264 Jan  9 04:33 .Sent
	lrwxrwxrwx  1 10012     0    24 Jan  6 07:36 .Stroller -> /home/ 
stroller/.maildir/
	drwx------  2 10012 10000   336 Jan  9 04:23 cur
	-rw-------  1 10012 10000   268 Jan  9 04:23 dovecot-uidlist
	-rw-------  1 10012 10000   192 Jan  9 04:23 dovecot.index
	-rw-------  1 10012 10000 21504 Jan  9 04:23 dovecot.index.cache
	-rw-------  1 10012 10000  1908 Jan  9 04:23 dovecot.index.log
	drwx------  2 10012 10000    48 Jan  9 04:23 new
	-rw-------  1 10012 10000    47 Jan  6 07:45 subscriptions
	drwx------  2 10012 10000    48 Jan  9 04:23 tmp

In the above configuration the user Ned has a mailbox "Stroller", in  
which he can read messages & stuff - I can log in as ned and drag &  
drop messages into this mailbox quite happily.

I thought all was well with this type of shared configuration until I  
actually started to try setting it up for the info at ourdomain.com  
mailbox, and tried delivering messages to it.

It seems that Postfix doesn't respect the permissions of the parent  
folder when delivering mail into it:

	# ls -ldn /home/info/.maildir/
	drwxrwx---  5 10021 10000 120 Jan  9 04:26 /home/info/.maildir/
	# ls -ln /home/info/.maildir/
	total 0
	drwxrwx---  2 10021 10000 48 Jan  9 04:26 cur
	drwxrwx---  2 10021 10000 48 Jan  9 04:33 new
	drwxrwx---  2 10021 10000 48 Jan  9 04:31 tmp
	# ls -ln /home/info/.maildir/new
	total 0
	# cat HungUp.txt | sendmail info
	# sudo ls -l /home/info/.maildir/new
	total 4
	# sudo ls -ln /home/info/.maildir/new
	total 4
	-rw-------  1 10021 10000 1806 Jan  9 04:39  
1136781544.V4804I3606cM633316.mail.domain.local

How inconsiderate of Postfix to set secure permissions on the message  
it delivered!! I need the message to have 660 permissions so that  
others in the group can read it! At present this causes Squirrelmail  
to squeal & give nasty messages whenever a shared mailbox is accesses.

Can anyone advise me how to resolve this, please?

Stroller.


PS: should you consider suggesting using Dovecot's "namespaces"
type
of shared mailbox, I'd be grateful if you could answer this first:  
http://dovecot.org/pipermail/dovecot/2005-December/010459.html

Stroller wrote:
> Hi there,
> 
> It seems that Postfix doesn't respect the permissions of the parent 
> folder when delivering mail into it:
> 
> How inconsiderate of Postfix to set secure permissions on the message it 
> delivered!! I need the message to have 660 permissions so that others in 
> the group can read it! At present this causes Squirrelmail to squeal & 
> give nasty messages whenever a shared mailbox is accesses.
> 
> Can anyone advise me how to resolve this, please?
> 
Well, my original reply got eaten since I hadn't subscribed. Ah well... 
let me try to recall it all:

Idea #1:  Switch to postfix virtual users.  This way all email is 
handled/owned by own uid/gid.  Works great unless you let people log 
into your machine.

Idea #2:  Use procmail and a recipe+script to chmod incoming mail as it 
arrives.

Idea #3:  Use a postfix alias piped to a script to do idea #2 without 
procmail.  Only issue I have is not knowing the rules for Maildir file 
naming, therefor I'd rely on procmail as I already use it.

Idea #4:  Use a postfix alias to 2 locations, the real one and the 
script.  Stick a delay in the script to wait for real delivery.  The 
script does the chmod.  Messy, since it relies on things happening 
elsewhere in a timely manner and this doesn't always happen.


Leeman