Home / server / Questions / 814398
Accepted
Kreker
Asked: 2016-11-12 04:39:05 +0800 CST

Dovecot: missing +w perm: /var/mail, we're not in group 8(mail)

  • 772

I can't figure out what I am missing. I'm setting up a new mail server and had this erorre every time I receive an email.
The user is inside the group mail 

mail:x:8:dovecot,user.name

The perms directory are here /var/mail

drwxrwsr-x  3 root mail   4096 nov 11 12:20 mail/

This is dovecot configuration

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-47-generic x86_64 Ubuntu 16.04.1 LTS ext4
auth_mechanisms = plain login
mail_location = mbox:/var/mail/%u
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl = no
userdb {
  driver = passwd
}
dovecot

2 Answers

  1. Best Answer

    Do you read this documentation?

    You must add

    mail_privileged_group = mail

    Or make /var/mail world-writable with sticky bit set, allowing anyone to create new files but not overwrite or delete existing files owned by someone else

    chmod a+rwxt /var/mail

    • 8

  2. In my own situation I've found that simply making sure that /var/mail is owned by the mail group and making sure that the user's group is set to mail as well is enough for this to work.

    If you're sharing dovecot's authentication system with other services (IE: you're using /etc/passwd & /etc/shadow for user information and authentication instead of /etc/mail/passwd or some such), you'll want to at least make sure that the user has mail as one of its groups, even if it's not practical to make mail its primary group. In a shared authentication system scenario, you'll also want to have the mentioned mail_privileged_group parameter set to mail in dovecot.conf, or in one of its included configuration files like so:

    mail_privileged_group = mail

    I should also note that 0770 should be the highest privileges you need to give to /var/mail. dovecot will create the user's directory with user only write permissions after its created, so you don't have to worry about the group permissions getting inherited.

    • 4