Dear list members,
In our setup we have various mailboxes that have to be read (and edited)
by groups of people. All these groups are defined in LDAP, as are the
members (everything uses PAM, so all these accounts are on the system as
well). The email is accessed by Dovecot, binding with the LDAP server as
the user owning the mail. This means that all the mail for a certain
user has to be accessible to that user on the system, otherwise Dovecot
cannot read it. We use public namespaces in Dovecot to achieve this.
Our problem is that postfix gives permissions 700 to all messages
(overriding default ACL's). The messages may be owned by the correct
group for a user, and be in the right folder, but still cannot be read
by Dovecot (and our users). Hopefully, there is a more elegant solution
then monitoring the filesystem for edits and changing the permissions
when a mail folder is edited.
Kind regards,
Kasper Loopstra.
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Mail/
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 0
mydestination = chemische-binding.nl, chloroform.chemische-binding.nl,
localhost.chemische-binding.nl, localhost
myhostname = chloroform.chemische-binding.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
