Dear List

Somehow I don't understand the intended work flow to have new mailboxes auto created. On login of a new user with no mailbox, I get

2014-01-09 12:53:06 imap(tester): Error: user tester: Initialization failed: Namespace '': mkdir(/var/mail/tester) failed: Permission denied (euid=1016(tester) egid=1016(tester) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0771)

The imap process runs as the user the login performed and thus it has only the privileges of that user. This is good and desired, when a mailbox already exists. I do not want to allow all users to write to /var/mail, only they should write to their dirs inside /var/mail.

Same story for LMTP, if no mailbox exists yet: 2014-01-09 13:01:47 lmtp(20416, tester): Error: user tester: Initialization failed: Namespace '': mkdir(/var/mail/tester) failed: Permission denied (euid=1016(tester) egid=1016(tester) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0771)

How can I configure the auto create mailbox feature that it works and let run LMTP and IMAP process as user %u and group mail and let create the mailboxes in /var/mail as (example user tester) with the following permissions:

/var/mail:

drwxrwx--x root mail 3072 Dec 18 01:43 . drwx------ tester tester 1024 Jan 09 12:53 tester

...or do I need a different approach?

Thank you for helping me.

Best regards, Adrian.

My setup:

• Exim delivers to LMTP socket as user %u, group mail
• maildir storage in /var/mail

doveconf -n:

# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.3 ext3 auth_cache_negative_ttl = 0 auth_cache_size = 5 M auth_cache_ttl = 4 hours auth_failure_delay = 3 secs auth_mechanisms = plain login digest-md5 cram-md5 apop rpa auth_username_format = %n auth_verbose = yes auth_worker_max_count = 128 first_valid_gid = 1000 first_valid_uid = 1000 last_valid_gid = 60000 last_valid_uid = 60000 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k mail_location = maildir:/var/mail/./%u/:INDEX=MEMORY mail_prefetch_count = 1024 maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vacation-seconds namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = type = private } passdb { args = scheme=SHA512-CRYPT username_format=%u /etc/cram-md5.pwd driver = passwd-file } plugin { sieve = /var/mail/%u/sieve/.dovecot.sieve sieve_before = /var/mail/%u/sieve/vacation.sieve sieve_dir = /var/mail/%u/sieve sieve_extensions = +vacation +vacation-seconds sieve_max_actions = 1024 sieve_vacation_default_period = 12d sieve_vacation_max_period = 0 sieve_vacation_min_period = 1d } postmaster_address = postmaster@XXXX protocols = " imap lmtp sieve pop3" service auth-worker { user = $default_login_user } service auth { group = mail-security unix_listener auth-client { mode = 0660 user = Debian-exim } unix_listener auth-userdb { mode = 0666 } user = $default_internal_user } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 5 } service lmtp { process_min_avail = 10 unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 256 } ssl_cert =