A Debian developer had this to say:
Files in the above dir are group mail, and the dir is group mail. However, all binaries in /usr/lib/dovecot are root/root. I have set them all to g+s, and group mail, and now the imap process can lock the INBOX.
imap should be the only one that needs to be setgid mail.
Actually, I've looked at the dovecot source code. There is no way having setgid on the executable will work. The source drops the privledges long before it tries to do a dotlock.
This is an upstream problem.
For now, I've disable dotlock, and use fcntl instead, as that is what exim uses anyways.
Is dotlocking still a work in progress or are we missing something here?
-- Jaldhar H. Vyas <jaldhar@debian.org> La Salle Debain - http://www.braincells.com/debian/