Dovecot does not use mail_location as I expect.
I want to provide email service for users in LDAP directory. User accounts are virtual accounts stored in an LDAP and they ARE NOT mapped to local users.
OS Debian GNU/Linux 8.2 (jessie)
dovecot-core 1:2.2.13-12~deb8u1
dovecot-imapd 1:2.2.13-12~deb8u1
dovecot-ldap 1:2.2.13-12~deb8u1
squirrelmail 2:1.4.23~svn20120406-2
postfix 2.11.3-1
apache2 2.4.10-10+deb8u3
I set in /etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:/var/mail/vhosts/%d/%n
so I expect to mail location be at /var/mail/vhosts/mydomain.com/myuser for myuser@mydomain.com.
Some dovecot settings, thrown by dovecot -n command, are:
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
protocols = " imap lmtp sieve"
service auth-worker {
user = vmail
}
service imap-login {
inet_listener imap {
port = 143
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
Looking in /var/log/mail.log using tail -f command, it throws:
Sep 27 19:10:48 balam dovecot: imap-login: Login: user=<myuser>, method=PLAIN, rip=::1, lip=::1, mpid=24907, secured, session=<7/umVr8gvwAAAAAAAAAAAAAAAAAAAAAB>
Sep 27 19:10:48 balam dovecot: imap(myuser): Error: user myuser: Initialization failed: Namespace '': mkdir(/var/mail/vhosts//myuser) failed: Permission denied (euid=30000(myuser) egid=30002(IT) missing +w perm: /var/mail/vhosts/, dir owned by 5000:5000 mode=0755)
Sep 27 19:10:48 balam dovecot: imap(myuser): Error: Invalid user settings. Refer to server log for more information.
which is attempting to create mail directory at /var/mail/vhosts//myuser, instead of /var/mail/vhosts/mydomain.com/myuser as I want and expect.
If you need more details, please ask me!
In order to test login I have mounted a SquirrelMail client, which trigger previous events logged in /var/log/mail.log.
You have to set two parameters - mail_uid and mail_gid in the config. Until they are not set deliver perform database lookup to get adressee's UID and GID. If any - they'll be used for filesystem access. While mail storage hierarcy belong to 5000:5000 LDA have no access to write inside /var/mail/vhosts
Just add an explicit declaration of user who can access mail storage:
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_uid = 5000 # or his login name
mail_gid = 5000 # or his group name
and restart dovecot. Then deliver will be invoked with UID/GID=5000. Even more, now you can set mail storage permissions to 700 to prevent anyone except 5000:5000 to access mail storage.