dovecot - Jun 2013 - Permissions for mail_temp_dir directory

I recently upgraded from 2.1.16 to 2.2.2 and started to receive the 
following errors:
imap(henrik at example.com): Error: 
stat(/var/db/dovecot/dovecot.imap.mail.example.com.16128.3209d13f842955c2) 
failed: Permission denied
imap(henrik at example.com): Error: Temp file creation to 
/var/db/dovecot/dovecot.imap.mail.example.com.16128. failed: Permission 
denied
imap(henrik at example.com): Error: 
stat(/var/db/dovecot/dovecot.imap.mail.example.com.16501.0ddff1dc93cdbe6a) 
failed: Permission denied
imap(henrik at example.com): Error: Temp file creation to 
/var/db/dovecot/dovecot.imap.mail.example.com.16501. failed: Permission 
denied

I didn't have these before the upgrade. The current permissions for the 
/var/db/dovecot directory is root:wheel 755.

What would be the correct permissions for the mail_temp_dir directory?

doveconf -n output
--cut--
# 2.2.2: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 8.3-RELEASE-p3 amd64
auth_mechanisms = plain login digest-md5 cram-md5
first_valid_uid = 125
hostname = mail.example.com
listen = *
log_path = /var/log/dovecot
mail_plugins = zlib
mail_privileged_group = postfix
mail_temp_dir = /var/db/dovecot
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave
namespace {
   inbox = yes
   location    prefix    separator = .
   type = private
}
namespace {
   hidden = yes
   inbox = no
   list = no
   location    prefix = INBOX.
   separator = .
   type = private
}
passdb {
   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   fts = squat
   fts_squat = partial=4 full=10
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
}
postmaster_address = postmaster at example.com
protocols = imap pop3 lmtp sieve
service auth-worker {
   user = $default_internal_user
}
service auth {
   unix_listener /home/mail/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service lmtp {
   executable = lmtp -L
   unix_listener /home/mail/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0660
     user = postfix
   }
}
ssl_cert = </etc/ssl/mail.example.com-chained.crt
ssl_key = </etc/ssl/mail.example.com.key
userdb {
   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
protocol lmtp {
   log_path = /var/log/dovecot-deliver
   mail_plugins = zlib sieve
}
protocol lda {
   mail_plugins = zlib sieve
}
protocol imap {
   mail_plugins = zlib imap_zlib
}
--cut--

Best regards
Henrik Larsson

On Thu, 2013-06-06 at 08:06 +0200, Henrik Larsson wrote:
> I recently upgraded from 2.1.16 to 2.2.2 and started to receive the 
> following errors:
> imap(henrik at example.com): Error: 
> stat(/var/db/dovecot/dovecot.imap.mail.example.com.16128.3209d13f842955c2) 
> failed: Permission denied
> imap(henrik at example.com): Error: Temp file creation to 
> /var/db/dovecot/dovecot.imap.mail.example.com.16128. failed: Permission 
> denied
> imap(henrik at example.com): Error: 
> stat(/var/db/dovecot/dovecot.imap.mail.example.com.16501.0ddff1dc93cdbe6a) 
> failed: Permission denied
> imap(henrik at example.com): Error: Temp file creation to 
> /var/db/dovecot/dovecot.imap.mail.example.com.16501. failed: Permission 
> denied
> 
> I didn't have these before the upgrade. The current permissions for the
> /var/db/dovecot directory is root:wheel 755.
> 
> What would be the correct permissions for the mail_temp_dir directory?
Mail processes (imap, pop3, lda, etc.) need to be able to write to
mail_temp_dir.
> first_valid_uid = 125
..
> userdb {
>    args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>    driver = sql
> }
If all of your mail users use UID 125, then 125 can own the directory.
If you use multiple UIDs, it needs to have the same permissions are
your /tmp.