Chris Hoogendyk writes:
So, looking at my other system that has been running dovecot for over a year, I see that the entries are mostly 0600, but there are a few 0660. The system I was just implementing has mostly 0660, but some 0600. We had seen occasional similar errors on the other system.
Been there, done that. Timo already gave an explanation of why 0600 gets rid of the problem. I'll add a reminder that you'll need to track down the reason why mailboxes are created user:mail/0660 in the first place. It's usually done by the LDA when creating a brand new mailbox (for example, Solaris's mail.local).
If you've replaced your LDA with Dovecot's deliver, then this won't be a problem anymore.
You may also have to scour your userbase's personal mail collection for mailboxes that has 1) mode 0660, and 2) group membership the user is not a part of, and fix up the permissions. Such a thing could happen if you've reassigned a user's GID.
Joseph Tam <jtam.home@gmail.com>