how to set postfix vmail mailbox permissions to group readable?

Question

Postfix is delivering mail to ~vmail/user/new directories with owner vmail:vmail but permissions masked to 700 (i.e. not group readable.) I need the mailfiles to be created group readable so that other apps in the vmail group can read the mailbox directly. How can I configure these permissions?

Answer 1

The permissions are not configurable, I'm afraid. They're hardcoded in Postfix.

Answer 2

Firstly, it is a good idea to restate the already existing answer. Postfix does not allow setting mailbox permissions. They are hard coded.

The correct solution is always likely do delegate the delivery to some other software. Supposedly LMTP to dovecot is one possible choice. In case you are already abusing what is possible with postfix to the degree where replacing the delivery agent is not feasible, you might still hack up a configuration which works good enough. It is not advisable, so please do not follow this route unless really, really needed and never prior to reflecting over this post.

As noted on multiple-transports-in-postfix, it is possible to perform arbitrary actions on email reception by setting always_bcc. Doing so in combination with a pipe transport not actually delivering anything but instead recursively running chmod or setfacl on the relevant mail folders might help achieving more accessible file permissions. There is no guarantee that the real transport completes delivery before the fake transport sets the permissions, so be careful.

Configuration examples deliberately not provided, because delegating delivery to some other software is always the desired choice for anyone hoping to copy'n'paste.

Answer 3

I was able to solve my use case simply by setting the owner of the maildirs to app:vmail rather than adding the apps to the vmail group. Thanks everyone for the workarounds.