[Dovecot] Maildir permissions, shared folders & postfix
Hi there,
It's my understanding that shared folders can be implemented in the
Dovecot IMAP server by simply symlinking one maildir to another, eg:
$ ls -lan /home/DOMAIN/ned/.maildir/
total 40
drwx------ 9 10012 10000 440 Jan 9 04:23 .
drwxr-xr-x 3 10012 10000 160 Jan 6 06:32 ..
drwx------ 5 10012 10000 264 Jan 9 04:21 .Deleted Items
drwx------ 5 10012 10000 232 Jan 6 06:32 .Drafts
drwx------ 5 10012 10000 232 Jan 6 06:39 .Junk E-mail
drwx------ 5 10012 10000 264 Jan 9 04:33 .Sent
lrwxrwxrwx 1 10012 0 24 Jan 6 07:36 .Stroller -> /home/ stroller/.maildir/ drwx------ 2 10012 10000 336 Jan 9 04:23 cur -rw------- 1 10012 10000 268 Jan 9 04:23 dovecot-uidlist -rw------- 1 10012 10000 192 Jan 9 04:23 dovecot.index -rw------- 1 10012 10000 21504 Jan 9 04:23 dovecot.index.cache -rw------- 1 10012 10000 1908 Jan 9 04:23 dovecot.index.log drwx------ 2 10012 10000 48 Jan 9 04:23 new -rw------- 1 10012 10000 47 Jan 6 07:45 subscriptions drwx------ 2 10012 10000 48 Jan 9 04:23 tmp
In the above configuration the user Ned has a mailbox "Stroller", in
which he can read messages & stuff - I can log in as ned and drag &
drop messages into this mailbox quite happily.
I thought all was well with this type of shared configuration until I
actually started to try setting it up for the info@ourdomain.com
mailbox, and tried delivering messages to it.
It seems that Postfix doesn't respect the permissions of the parent
folder when delivering mail into it:
# ls -ldn /home/info/.maildir/
drwxrwx--- 5 10021 10000 120 Jan 9 04:26 /home/info/.maildir/
# ls -ln /home/info/.maildir/
total 0
drwxrwx--- 2 10021 10000 48 Jan 9 04:26 cur
drwxrwx--- 2 10021 10000 48 Jan 9 04:33 new
drwxrwx--- 2 10021 10000 48 Jan 9 04:31 tmp
# ls -ln /home/info/.maildir/new
total 0
# cat HungUp.txt | sendmail info
# sudo ls -l /home/info/.maildir/new
total 4
# sudo ls -ln /home/info/.maildir/new
total 4
-rw------- 1 10021 10000 1806 Jan 9 04:39 1136781544.V4804I3606cM633316.mail.domain.local
How inconsiderate of Postfix to set secure permissions on the message
it delivered!! I need the message to have 660 permissions so that
others in the group can read it! At present this causes Squirrelmail
to squeal & give nasty messages whenever a shared mailbox is accesses.
Can anyone advise me how to resolve this, please?
Stroller.
PS: should you consider suggesting using Dovecot's "namespaces" type
of shared mailbox, I'd be grateful if you could answer this first:
http://dovecot.org/pipermail/dovecot/2005-December/010459.html
Stroller wrote:
Hi there,
It seems that Postfix doesn't respect the permissions of the parent folder when delivering mail into it:
How inconsiderate of Postfix to set secure permissions on the message it delivered!! I need the message to have 660 permissions so that others in the group can read it! At present this causes Squirrelmail to squeal & give nasty messages whenever a shared mailbox is accesses.
Can anyone advise me how to resolve this, please?
Well, my original reply got eaten since I hadn't subscribed. Ah well... let me try to recall it all:
Idea #1: Switch to postfix virtual users. This way all email is handled/owned by own uid/gid. Works great unless you let people log into your machine.
Idea #2: Use procmail and a recipe+script to chmod incoming mail as it arrives.
Idea #3: Use a postfix alias piped to a script to do idea #2 without procmail. Only issue I have is not knowing the rules for Maildir file naming, therefor I'd rely on procmail as I already use it.
Idea #4: Use a postfix alias to 2 locations, the real one and the script. Stick a delay in the script to wait for real delivery. The script does the chmod. Messy, since it relies on things happening elsewhere in a timely manner and this doesn't always happen.
Leeman
participants (2)
-
Leeman Strout
-
Stroller