Almost 4 months later, but I finally got around to doing something about this. :)
On Thu, 2006-11-30 at 16:25 +0100, Magnus Holmgren wrote:
Now, correct me if I'm wrong, but IIUC some corrections, improvements, and comments could be made on http://wiki.dovecot.org/LDA.
I split the page up and cleaned it up a bit.
In the "Site-wide setup" section (and in dovecot.conf) it's suggested that access be restricted to the master socket somehow.
I just figured out that it's not actually all that important. If allows only looking up userdb information for a given username. Updated the wiki and dovecot-example.conf
Oh wait, without -d the auth socket isn't used at all, only the HOME environment variable and default_mail_env are. Well, it shouldn't matter much if you're running a standard pam/passwd setup, but with a more complicated non-virtual setup I see only four solutions: Make deliver setuid root, remove root from the compiled-in FIXED_NEVER_USERS list, run deliver as a user/group that has write access to all mailboxes, or make the master socket world-writable.
Added a note about running deliver as setuid-root. I also changed the per-user/site-wide to system/virtual user sections instead.