Hello, list !
Dovecot version is 2.2.27, running on Centos 6.7.
Postfix is receiving mail and putting it into mailboxes. Dovecot just
serves IMAP/POP3 connections to mailboxes.
Virtual users are stored in DB.
The problem is in directory mode (and thus file mode) for new mailboxes
upon it's creation.
If I create new record for new mailbox in DB and send mail to it,
Postfix will create mailbox properly: Mode is 660, owner is imap:mail in
my setup.
If I create new record in DB and log in via IMAP for the first time,
Dovecot creates mailbox and mode is 600, owner is imap:mail.
Postfix cant put mails in tmp or new dirs in mailboxes created by
dovecot with mode 600. I need dovecot to create new mailboxes (and files
in it) within 660 mode.
I tried to play around with "mail_access_groups" and
"mail_privileged_group" wih no positive effect.
I tried to change value for every "mode=" parameter in dovecot.conf to
660, but no luck.
According to the documentation "Dovecot copies the permissions from the
mailbox root directory".
My mail_location is maildir:/var/mail/%u
Rights for /var/mail/ (the root mail dir) are:
[root at unknown-external-domain ~]# ls -lha /var/mail/
total 24K
drwxrwx--- 5 postfix mail 4,0K ??? 23 14:27 .
drwxrwxr-x 6 root root 4,0K ??? 29 12:18 ..
drwx------ 6 imap mail 4,0K ??? 23 14:28 Administrator
But, as you can see, Administrator's box was created by dovecot with 600
permissions.
I am unable to enforce dovecot to create mailboxes with 660 permissions.
Output of dovecot -n is in the attachment.
Please tell me what's the right way to control mailbox permissions ?
--
? ?????????,
????? ?????,
??????? ?????? ??????????? ?????????,
???????? ????????
--
????????: +7 (495) 987-32-70; +7 (495) 662-87-34 (???. ?????????); +7 (343)
220-77-55; ????: +7 (343) 220-77-85
??????????? ?????:
??????? ?? ????????????: sales at ideco.ru
??????????? ???????: support at ideco.ru
????: http://ideco.ru
?????: http://forum.ideco.ru
-------------- next part --------------
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = yes
listen = 169.254.252.252
mail_debug = yes
mail_location = maildir:/var/mail/%u
maildir_very_dirty_syncs = yes
namespace {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
separator = .
}
passdb {
args = /usr/bin/dovecot-firebird-auth-handler.sh
driver = checkpassword
}
protocols = imap pop3
service auth {
group =
user =
}
service imap-login {
inet_listener imap-roundcube-ext {
address = 127.0.0.1
port = 145
}
inet_listener imap-roundcube-loc {
address = 127.0.0.1
port = 144
}
inet_listener imap {
address = 0.0.0.0
port = 143
}
inet_listener imaps {
port = 0
}
}
service pop3-login {
inet_listener pop3 {
address = 0.0.0.0
port = 110
}
inet_listener pop3s {
address = 0.0.0.0
port = 995
}
}
ssl_cert = </tmp/dovecot_loc_cert.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = uid=imap gid=mail
driver = static
}
* vadim <vadim at ideco.ru> 2017.08.23 16:04:> I am unable to enforce dovecot to create mailboxes with 660 permissions. > Output of dovecot -n is in the attachment. > > Please tell me what's the right way to control mailbox permissions ?Hi Vadmin, inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP Regards Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20170824/a8a5b9c6/attachment.sig>
I can't do it right now. We have plugins and patches for postfix to check the mail before putting it in maildir. Now I need just replace Courier mail with Dovecot. Lately I'll remove self-written patches with sieve plugin for dovecot + LMTP. But there is no possibility to make it right now, atomically. On 24.08.2017 13:06, Thomas Leuxner wrote:> * vadim <vadim at ideco.ru> 2017.08.23 16:04: > >> I am unable to enforce dovecot to create mailboxes with 660 permissions. >> Output of dovecot -n is in the attachment. >> >> Please tell me what's the right way to control mailbox permissions ? > Hi Vadmin, > > inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: > > https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > Regards > Thomas-- ? ?????????, ????? ?????, ??????? ?????? ??????????? ?????????, ???????? ???????? -- ????????: +7 (495) 987-32-70; +7 (495) 662-87-34 (???. ?????????); +7 (343) 220-77-55; ????: +7 (343) 220-77-85 ??????????? ?????: ??????? ?? ????????????: sales at ideco.ru ??????????? ???????: support at ideco.ru ????: http://ideco.ru ?????: http://forum.ideco.ru
And. as I said, postfix create maildirs with right permissions. Dovecot make wrong permissions. Deliver mail to mailboxes via Dovecot LMTP will probably cause this wrong permission problem too. We have to support legacy installations at our customers' servers and need a certain permissions: 660, imap:mail. How can I do it with Dovecot ? On 24.08.2017 13:06, Thomas Leuxner wrote:> * vadim <vadim at ideco.ru> 2017.08.23 16:04: > >> I am unable to enforce dovecot to create mailboxes with 660 permissions. >> Output of dovecot -n is in the attachment. >> >> Please tell me what's the right way to control mailbox permissions ? > Hi Vadmin, > > inject the mails per LMTP rather than having Postfix save them directly and let Dovecot worry about the permissions: > > https://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP > > Regards > Thomas-- ? ?????????, ????? ?????, ??????? ?????? ??????????? ?????????, ???????? ???????? -- ????????: +7 (495) 987-32-70; +7 (495) 662-87-34 (???. ?????????); +7 (343) 220-77-55; ????: +7 (343) 220-77-85 ??????????? ?????: ??????? ?? ????????????: sales at ideco.ru ??????????? ???????: support at ideco.ru ????: http://ideco.ru ?????: http://forum.ideco.ru
Reasonably Related Threads
- maildir boxes directory mode upon creation
- dovecot umask for mail boxes
- Dovecot LDA/LMTP vs postfix virtual delivery agent and the x-original-to header
- can't get quota working. I use static userdb driver.
- Dovecot 2.0.beta3: mdbox mailbox crashes upon login