Dovecot mail location issue

Question

Issue

Dovecot does not use mail_location as I expect.

I want to provide email service for users in LDAP directory. User accounts are virtual accounts stored in an LDAP and they ARE NOT mapped to local users.

Details

Package versions

OS              Debian GNU/Linux 8.2 (jessie)
dovecot-core    1:2.2.13-12~deb8u1
dovecot-imapd   1:2.2.13-12~deb8u1
dovecot-ldap    1:2.2.13-12~deb8u1
squirrelmail    2:1.4.23~svn20120406-2
postfix         2.11.3-1
apache2         2.4.10-10+deb8u3

Configuration details

I set in /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:/var/mail/vhosts/%d/%n

so I expect to mail location be at /var/mail/vhosts/mydomain.com/myuser for myuser@mydomain.com.

Some dovecot settings, thrown by dovecot -n command, are:

mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
protocols = " imap lmtp sieve"
service auth-worker {
  user = vmail
}
service imap-login {
  inet_listener imap {
    port = 143
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}

Looking in /var/log/mail.log using tail -f command, it throws:

Sep 27 19:10:48 balam dovecot: imap-login: Login: user=<myuser>, method=PLAIN, rip=::1, lip=::1, mpid=24907, secured, session=<7/umVr8gvwAAAAAAAAAAAAAAAAAAAAAB>
Sep 27 19:10:48 balam dovecot: imap(myuser): Error: user myuser: Initialization failed: Namespace '': mkdir(/var/mail/vhosts//myuser) failed: Permission denied (euid=30000(myuser) egid=30002(IT) missing +w perm: /var/mail/vhosts/, dir owned by 5000:5000 mode=0755)
Sep 27 19:10:48 balam dovecot: imap(myuser): Error: Invalid user settings. Refer to server log for more information.

which is attempting to create mail directory at /var/mail/vhosts//myuser, instead of /var/mail/vhosts/mydomain.com/myuser as I want and expect.

If you need more details, please ask me!

Tests

In order to test login I have mounted a SquirrelMail client, which trigger previous events logged in /var/log/mail.log.

Answer 1

You have to set two parameters - mail_uid and mail_gid in the config. Until they are not set deliver perform database lookup to get adressee's UID and GID. If any - they'll be used for filesystem access. While mail storage hierarcy belong to 5000:5000 LDA have no access to write inside /var/mail/vhosts

Just add an explicit declaration of user who can access mail storage:

mail_location = maildir:/var/mail/vhosts/%d/%n
mail_uid = 5000 # or his login name
mail_gid = 5000 # or his group name

and restart dovecot. Then deliver will be invoked with UID/GID=5000. Even more, now you can set mail storage permissions to 700 to prevent anyone except 5000:5000 to access mail storage.