(Sorry I read this list in digest form so frequently I'm half a step behind.)
For sake of ?security?, I chose to not allow plaintext communication (being new to this, I think being strict is a good choice). I?ve tried with the openssl option and it successfully logged in.
Yes, you've included some more log entries, which makes the problem clearer, as it usually does.
Oct 13 05:56:28 imap(webuser): Error: open(/var/mail/webuser) failed: Permission denied (euid=1001(webuser) egid=1000(ftpusers) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775) ... I checked, using ls -l /var, and I get this: drwxrwsr-x 2 root mail 4096 Apr 27 11:27 mail so the group looks to be correctly set to 'mail', despite what the log says, right?
No, it's quite explicit. User "webuser" has uid/gid = 1001(webuser)/1000(ftpusers). Your mail spool has permission uid/gid = root(0)/mail(8), neither of which allows webuser to write to this mail spool to creates its own mail folder.
Aki Tuomi aki.tuomi@dovecot.fi replies with several solutions:
In your configuration, dovecot uses whatever user/group returned by PAM. Since the webuser has never logged in, it has no directory under /var/mail. If you want, you can
a) override mail_uid and mail_gid in userdb/passdb b) pre-create /var/mail/webuser and chown it to webuser:ftpusers c) you can let ftpusers write to /var/mail.
Or if you dynamically/frequently onboard mail accounts, and users cannot arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and let dovecot auto-create it (might also want to set "lda_mailbox_autocreate = yes".
Joseph Tam jtam.home@gmail.com