Dovecot: missing +w perm: /var/mail, we're not in group 8(mail)

dovecot

I can't figure out what I am missing. I'm setting up a new mail server and had this erorre every time I receive an email.
The user is inside the group mail 

mail:x:8:dovecot,user.name

The perms directory are here /var/mail

drwxrwsr-x  3 root mail   4096 nov 11 12:20 mail/

This is dovecot configuration

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-47-generic x86_64 Ubuntu 16.04.1 LTS ext4
auth_mechanisms = plain login
mail_location = mbox:/var/mail/%u
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl = no
userdb {
  driver = passwd
}

Do you read this documentation?

You must add

mail_privileged_group = mail

Or make /var/mail world-writable with sticky bit set, allowing anyone to create new files but not overwrite or delete existing files owned by someone else

chmod a+rwxt /var/mail


In my own situation I've found that simply making sure that /var/mail is owned by the mail group and making sure that the user's group is set to mail as well is enough for this to work.

If you're sharing dovecot's authentication system with other services (IE: you're using /etc/passwd & /etc/shadow for user information and authentication instead of /etc/mail/passwd or some such), you'll want to at least make sure that the user has mail as one of its groups, even if it's not practical to make mail its primary group. In a shared authentication system scenario, you'll also want to have the mentioned mail_privileged_group parameter set to mail in dovecot.conf, or in one of its included configuration files like so:

mail_privileged_group = mail

I should also note that 0770 should be the highest privileges you need to give to /var/mail. dovecot will create the user's directory with user only write permissions after its created, so you don't have to worry about the group permissions getting inherited.

Related

Puppet generated systemd unit files?
Using a high end NAS as a vSphere/HyperV Storage
What could cause a 'sense error' when setting LTO encryption?
Does Ansible have to share root key between nodes and Ansible playbook server?
are github`s IP Addresses changed?
HSTS in Nginx: should the Strict-Transport-Security header be added in subdomain server blocks too?
Google compute - SSH - port 22 blocked by ufw
Hetzner's installimage script, RAID1 hard drives + SSD
How to de-obfuscate sssd.conf password?
Swapfile mount (/etc/fstab): "swap swap" or "none swap"
SAS RAID5 Disk failure, replacement enclosure not matching
Do I actually need a DNS service on a remote dedicated server