At 4AM +0000 on 9/05/13 you (Earles, Jill) wrote:
Wow, that is a lot of detail. Thank you very much. I appreciate the Unix security perspective - that's something I'm trying to learn more about and be more in tune with as a new systems administrator.
We are not using dotlocks, and the adduser command does create all the mailbox files with the correct ownership automatically.
I don't know what MTA or MDA are.
These are standard mail jargon, so you'll probably come across them again. MTA is Mail Transfer Agent, that is, the program which receives incoming mail (usually by SMTP) and decides what to do with it. Traditionally on Unix this was Sendmail; nowadays it might be Postfix or Exim or something instead.
MDA is Mail Delivery Agent, and it's the program the MTA hands a mail to when it decides to deliver it to a local user. (You may also see LDA, Local Delivery Agent, used for the same thing.) Traditionally this was often mail(1) or something equally unsuitable; nowadays it might be procmail or maildrop or something else. Dovecot provides an MDA called 'deliver' or 'dovecot-lda' (they're the same program) which it's often worth using if you haven't got a good reason not to.
Other terms are: MUA, Mail User Agent, which is a program users use to read mail; and MSA, Mail Submission Agent, which is the program users use to submit new mail for delivery; traditionally this was sendmail(8), but now it's more usual to have a special-purpose SMTP server, often running on port 587. (Users should not submit mail directly to MX SMTP servers, because generally mail needs to be cleaned up before being sent off-site.)
From the point-of-view of the mail system, a POP/IMAP server like Dovecot is considered part of the MUA, the other part being the user's actual client; this arrangement, and the corresponding actual- client/submission-server split for outgoing mail, is often called 'split-client'.
Ben