I've just tried out Dovecot LDA. The reason I didn't want to use it before was that I found it unnecessary together with Exim, plus I wanted to use Exim's filtering. But now I wanted to see if can notice any improvement when the indexes are updated on delivery, and I saw that it's possible to use Exim filters and pass the resulting folder with -m.

Now, correct me if I'm wrong, but IIUC some corrections, improvements, and comments could be made on http://wiki.dovecot.org/LDA.

In the "Site-wide setup" section (and in dovecot.conf) it's suggested that access be restricted to the master socket somehow. The first Exim example ("System-users"), however, requires a world-writable socket. Uncomment "group = mail" and deliver will complain that setgid() fails. In this situation, the "-d $local_part@$domain" is unnecessary because then deliver will use the name of the user it's running as (it should probably have been just "-d $local_part" anyway). However, if deliver is run by root (which is by default impossible under Exim) or setuid root, then a destination user is mandatory.

Oh wait, without -d the auth socket isn't used at all, only the HOME environment variable and default_mail_env are. Well, it shouldn't matter much if you're running a standard pam/passwd setup, but with a more complicated non-virtual setup I see only four solutions: Make deliver setuid root, remove root from the compiled-in FIXED_NEVER_USERS list, run deliver as a user/group that has write access to all mailboxes, or make the master socket world-writable.

-- Magnus Holmgren holmgren@lysator.liu.se (No Cc of list mail needed, thanks)