How important is to have all the directory tree owned by the same user group (virtualmail:virtualmail) ?
My understanding (which could be wrong) is that it's pretty important.
First, as a rule of thumb, nothing should be owned by root that doesn't
have to be owned by root. When Dovecot is writing mail to a directory,
it assumes the user ID of the recipient. In your virtual setup you
probably don't have local users, so Dovecot will change to the user id
returned from your database/ldap query, or, if using LDAP and you want
to, to the user specified in user_global_uid setting. In either case,
that user should be the user who owns the directory tree (virtualmail)
and not root. Your setup can work, of course, if you give the
directory read/write permissions for group and world, but why would you
want to?
- Pete