On 22.2.2012, at 9.34, Dag Nygren wrote:
Feb 21 10:02:24 dag dovecot: lda(extuser): Error: user extuser: Initialization failed: Namespace 'MailingLists/': stat(/usr/local/var/mail/MailingLists/mailboxes) failed: Permission denied (euid=2002(extuser) egid=2002(extgroup) missing +x perm: /usr/local/var/mail/MailingLists, euid is not dir owner) Feb 21 10:02:24 dag dovecot: lda(extuser): Fatal: Invalid user settings. Refer to server log for more information.
Right, the mail wasn't delivered, LDA simply exited with tempfail. Actually v2.1.0 is the first release where you can easily configure Dovecot to simply skip the namespace when it doesn't have permission to access it:
+ Added ignore_on_failure setting for namespaces. If namespace
initialization fails with this enabled (e.g. permission denied),
the namespace is silently skipped for the user.
Where is the delivered email?
Have you checked what happens if deliver tempfails (e.g. make procmail call tempfail.sh script that just exits with 75), does procmail also correctly tempfail and tell MTA to retry the delivery later?
No, haven't done that. yet. And I don't think it will pass on the failure code. Procmail settings are all from the HOWTO:s though.
The .forward file looks like this:
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #extuser"
And the applicable rule in .procmailrc: :0 w { :0 | $DELIVERYAGENT -d $LOGNAME -m inbox }
Have to point out that this case wasn't important, but I wouldn't like the system to loose an important mail later.
You should definitely make sure that procmail won't lose any mails if Dovecot LDA returns tempfailure, since they do sometimes happen. You could also get rid of procmail completely by moving to sieve.