You are not logged in  
    home   contact us   about us   docs   webmail  
November 19th 2008

Courier maildrop virtual mailbox permissions structure

If you are getting one of the following errors:

Command output: /usr/bin/maildrop: Invalid home directory permissions - world writable.

Command output: /usr/bin/maildrop: Unable to change to home directory.

Command output: /usr/bin/maildrop: Cannot set my user or group id.
Then this document is for you.

When setting up postfix to deliver mail to virtual mailboxes, most people want to be able to send that mail through an intelligent filtering program like procmail or maildrop. During my search to figure out how to do this with procmail I found out about maildrop, which is what you should be using to do this. The virtual transport that comes with postfix does not support running programs and the like.

There are plenty of documents out there on how to configure Postfix + MySQL + Courier IMAP + maildrop + virtual mailboxes. But a lot of those documents leave out a few important parts.

Let's assume that you have Postfix + MySQL + Maildrop setup for virtual mailbox delivery as specified in this document. The section of this document titled "Virtual Mail Directory" explains how to setup the vmail user's directory and the actually mailbox directory, but it isn't explicit enough in specifying all the directories. Here is a diagram of what directory or file has what set of permissions.

[domain] is the domain part of the virtual address
[virtualaccountdir] is the home directory for the virtual mailbox
[user] is the user account that "owns" the virtual account.

/home  (root:root  mode = 755)
   |
   +- vmail  (vmail:vmail  mode = 755)
         |
         +- [domain]  (vmail:vmail  mode = 755)
                  |
                  +- [virtualaccountdir]  ([user]:[user]  mode = 700)
                                     |
                                     |- Maildir   ([user]:[user]   mode = 700)
                                     |       |
                                     |       +- cur,tmp,new ([user]:[user]  mode = 700)
                                     |
                                     +- .mailfilter ([user]:[user]  mode = 600)

Also, it is important to note that the homedir and maildir values that are stored in your MySQL database are concatenated together to figure out the full path to the maildir. So you need to set them to something like this:

homedir = "/home/vmail/[domain]/[virtualaccountdir]"
maildir = "Maildir/"

If you are using permissions other than vmail:vmail for owning the virtual account's home directory and Maildir directory, then you'll need to set the /usr/bin/maildrop program to have root suid ownership, like this

-r-sr-x---  1 root vmail 308876 Nov 16 14:22 /usr/bin/maildrop

And you'll want to restrict those who can run this program by using the following compilation options when you compile maildrop: 

--enable-trusted-users='root mail vmail postfix daemon postmaster' --enable-restrict-trusted=1

<-- Return to the suso.org Open Source Community Docs Page

If you have any questions about this document, please direct them to mark@suso.org.



Home
Linux/Open Source
Business Support
Personal Support
Course Listing
Prebuilt Systems
Linux Users Group


  User login:
  username:
 
  password:
 

 

http://suso.org/opensource/docs/courier/maildrop_virtual_permissions.php
© 1997-2008 Suso Technology Services Inc.
101 W. Kirkwood Ave., Bloomington, Indiana
(812) 336-7876(SUSO)