dovecot/sme7/dovecot-REDHAT-FAQ.txt

Q. We used to use University of Washington IMAP (UW IMAP), in the Red
   Hat distribution, the rpm was named "imap". We would now like to use
   dovecot and take advantage of its support for Maildir format, but
   we have existing user mail files in the old mbox format we need to
   migrate. How can we do this?

A. Read the documentation in
   /usr/share/doc/dovecot-*/UW-to-Dovecot-Migration. You will also
   find scripts there to help you.

Q. I'm getting errors in /var/log/maillog for dotlock failed,
   permission denied. The actual error probably looks like this with
   user replaced by a user name on your system.

   imap(user): file_lock_dotlock() failed with mbox file /var/spool/mail/user: Permission denied

A. This is occuring because:

   1) The user INBOX is in the system spool directory which is:
      "drwxrwxr-x root mail"

   2) Dovecot is configured to create "dotlock" locking files.

   3) After an imap user logs in the imap process runs as that user
      and the spool directory permissions does not allow that user to
      creat new files (e.g. dot lock files).

   The possible solutions are:

   1) Don't locate the user's INBOX in the system spool directory,
      have mail delivered to another location, for instance his home
      directory (this may not be possible to change for existing
      systems). This is an MTA configuration.

   2) In the dovecot configuration file set the variable
      mail_extra_groups to "mail". This will add the mail group to the
      list of groups that the logged in imap user will have permission
      for. His imap process can then create files in the mail spool
      file. However the user's imap process now has mail group
      privileges, you will have to evaluate the extent of the security
      threat this poses for your site.

   3) Disable the use of dotlocks by setting dovecots config parameter
      mbox_locks to a value that does not include dotlock, for
      example, fcntl. However, note dotlocks are considered robust,
      especially for NFS.
1	slords	1.1	Q. We used to use University of Washington IMAP (UW IMAP), in the Red
2			Hat distribution, the rpm was named "imap". We would now like to use
3			dovecot and take advantage of its support for Maildir format, but
4			we have existing user mail files in the old mbox format we need to
5			migrate. How can we do this?
6
7			A. Read the documentation in
8			/usr/share/doc/dovecot-*/UW-to-Dovecot-Migration. You will also
9			find scripts there to help you.
10
11			Q. I'm getting errors in /var/log/maillog for dotlock failed,
12			permission denied. The actual error probably looks like this with
13			user replaced by a user name on your system.
14
15			imap(user): file_lock_dotlock() failed with mbox file /var/spool/mail/user: Permission denied
16
17			A. This is occuring because:
18
19			1) The user INBOX is in the system spool directory which is:
20			"drwxrwxr-x root mail"
21
22			2) Dovecot is configured to create "dotlock" locking files.
23
24			3) After an imap user logs in the imap process runs as that user
25			and the spool directory permissions does not allow that user to
26			creat new files (e.g. dot lock files).
27
28			The possible solutions are:
29
30			1) Don't locate the user's INBOX in the system spool directory,
31			have mail delivered to another location, for instance his home
32			directory (this may not be possible to change for existing
33			systems). This is an MTA configuration.
34
35			2) In the dovecot configuration file set the variable
36			mail_extra_groups to "mail". This will add the mail group to the
37			list of groups that the logged in imap user will have permission
38			for. His imap process can then create files in the mail spool
39			file. However the user's imap process now has mail group
40			privileges, you will have to evaluate the extent of the security
41			threat this poses for your site.
42
43			3) Disable the use of dotlocks by setting dovecots config parameter
44			mbox_locks to a value that does not include dotlock, for
45			example, fcntl. However, note dotlocks are considered robust,
46			especially for NFS.