[Dovecot] Questions about mail process chroots

[Brett Smith]

Greetings,

I am configuring a new Dovecot installation, and the way the
valid_chroot_dirs and mail_chroot variables affect the mail processes are a
bit unclear to me.  I was wondering if anyone could provide me with more
specific details than the comments in the configuration file do, or maybe
even recommend some values given my configuration.

We have a Debian GNU/Linux system and a mix of users with shell accounts
and users with disabled logins.  Both these groups should be handled the
same way by Dovecot: auth_userdb is passwd and auth_passdb is pam.  The
dovecot PAM service will use pam_mysql.so, if that matters.

Mail is in mbox format (we have too many sticklers who are set in their
ways, unfortunately); I'm thinking default_mail_env should be
mbox:~/Mail/:INBOX=/var/mail/%u.

So, if I understand correctly, (a) I should set chroots on the mail
processes, since some of our users don't have real shell accounts, and (b)
those processes will need access to /var/mail and home directories under
/home.

So my best guess is that I should set the chroot variables like this:

valid_chroot_dirs = /var/mail:/home
mail_chroot = /var/mail

I'm not sure about this though, for a number of reasons.

Do I need to even chroot at all, or do I misunderstand the comments?

If I do need to chroot, the comments about valid_chroot_dirs warn very
strongly that the chroot dirs should not be writeable by users.  /home
itself isn't writeable by users, but obviously their home directories are.
Is listing /home also vulnerable to exploits?  If it is, what would a good
solution be?

What's the meaning of /./ in mail_chroot?  The comments about it,
unfortunately, make no sense at all to me.  It says that /home/./user is
the same as /home, but if that's completely true, why wouldn't I just say
mail_chroot = /home?  I even looked into the source and it still wasn't
really clear to me.

Thanks in advance for any help you can offer,

-- 
-- Brett Smith