Centos Postfix/Dovecot - Permission problems after migration upgrade

We are migrating from an old Centos 5.5 system to a new Centos 6.4 server. The postfix version looks the same, but Dovecot has gone up from 1.x to 2.x. It uses MySQL to store the mail account details and its managed with pfadmin.

I have used rsync to copy the /var/vmail folder from old to new server. I have got postfix and dovecot installed, pfadmin is working, as is mysql. But I am having major problems with the permissions for the /var/vmail folder.

from the var/ folder:

drwxrwx---. 34 vmail vmail 4096 May 28 10:03 vmail

from /etc/passwd:

postfix:x:89:89::/var/spool/postfix:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:498:499:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
vmail:x:125:12::/var/vmail:/usr/sbin/nologin

relevant lines in dovecot.conf

first_valid_uid = 125
last_valid_uid = 150
mail_location = maildir:/var/vmail/%d/%u
mail_privileged_group = mail
mbox_write_locks = fcntl

When I telnet onto port 25 and 110 (for PF and Dovecot testing). The smtp session goes ok and the pop3 session crashed out.

maillog has the clues - Here is what Postfix is generating:

warning: maildir access problem for UID/GID=150/12: create maildir
file /var/vmail/thedomain.com/[email protected]/tmp/1369997999.P1913.IS-20698: 
Permission denied

and for Dovecot:

dovecot: pop3([email protected]): Error: file_dotlock_create
(/var/vmail/thedomain.com/[email protected]/dovecot-uidlist) 
failed: Permission denied (euid=125(vmail) egid=125(vmail) missing +w 
perm: /var/vmail/thedomain.com/[email protected], euid is not dir owner)
  • So basically neither process can write to the mail directories.

How do I get all my permissions in-line?


I have juggled uids and gids but the fix in fact was in the /dovecot/conf.d/10-master.conf

Having got postfix/SMTP to deliver incoming emails to the users folder:

I had the user and group set to vmail, whereas it should be set to use the postfix user/group. After all, if postfix can write to the files/directories then it has to work.

service auth {
 unix_listener auth-userdb {
 mode = 0660
 user = postfix
group = postfix
}

Once this was changed and services restarted, everything worked - including POP3, imap, postfixadmin and squirrelmail.