On Fri, 2011-08-26 at 13:10 -0400, Simon Brereton wrote: > mail:~# ls /var/spool/mail/virtual/domain.net/simon/new/ > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:33 > 1314326000.V801I1666018M803015.mail.net,S=2461:2, > -rwxrwx--- 1 postfix mailsystem 2.5K Aug 26 03:36 > 1314326209.V801I1666019M447273.mail.net,S=2460:2, > -rw-rw---- 1 postfix mailsystem 2.5K Aug 26 04:00 > 1314327630.V801I166601aM308173.mail.net,S=2477:2, > -rw------- 1 postfix mailsystem 2.5K Aug 26 04:22 > 1314328966.V801I166601bM756462.mail.net,S=2461:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:28 > 1314372534.V801I166601cM615258.mail.net,S=1097:2, > -rw------- 1 postfix mailsystem 1.1K Aug 26 16:31 > 1314372685.V801I166601dM264242.mail.net,S=1097:2, > > Mails are being delivered with 0600 permissions and not 0660 (the mails from > courier seem to have all been 0770 as you can see). If I manually change the > permission (to 0660) then I can see the mail in the MUA.
If /var/spool/mail/virtual/domain.net/simon has 0770 permissions, the new mails should be delivered with 0660 permissions. (I don't remember if having g+s makes any difference in the directory like you have in the domain dir.) In any case, it would be better if mails were delivered as mailsystem:mailsystem 0600 since that's what you're reading them as. Unless you have some other good reason for requiring mailsystem group to be able to read them.
