dovecot - Mar 2011 - permission recomendation for dovecot configuration files and binaries

I'm trying to figure out which permissions will be the best to handle most
of
tasks (for use in rpm package) for configuration files.

Basically

/etc/dovecot/ dir
/etc/dovecot/* files
/etc/dovecot/conf.d/ dir
/etc/dovecot/conf.d/files

dovecot binaries, deliver mainly

For example deliver needs to read configuration files and needs to write into 
destination. Doesn't seem to be sane to allow MTA user read dovecot configs 
but that is requires for deliver to work etc.

Are there any sane/tested recommendations that would fit most situations 
(remember, that's going to be rpm package default config) ?
-- 
Arkadiusz Mi?kiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/