[Dovecot] deliver is ignoring mail_access_groups
Peter Borg (General)
general at peter-b.org
Tue Nov 17 01:01:42 EET 2009
> bounces+dovecot=peter-b.org at dovecot.org] On Behalf Of Timo Sirainen
>
> > It's being called by postfix with -d through mailbox_command - I'm
> digging through postfix config now, if there's a way I can do this
> without making deliver setuid I'd be much happier....
>
> I don't think Postfix allows running it as root. But since you're using
> mailbox_command, Postfix already looks up the user's groups from
> somewhere. Perhaps there's something you can do to make Postfix add
> access to the wanted extra group?
>
> I suppose the long term solution for this will be to use Dovecot's LMTP
> server.
Postfix does do group lookup, but not group set. Regardless I wouldn't want the user's group set to include maildir under normal circumstances.
This is where Dovecot works well for me because I can get the dovecot process to add the specified group to the user's authentication which means that they can only get at their mail through dovecot and not through the file system.
Postfix doesn't have the ability to add groups to the user's context so no joy there.
LMTP will be great once it's done, I'm sure, but for now I'm stuck with whatever MTA I can get going... looks like setuid root deliver is going to be the only solution.
Peter.
More information about the dovecot
mailing list