dovecot/sme7/dovecot-REDHAT-FAQ.txt

Q. We used to use University of Washington IMAP (UW IMAP), in the Red
   Hat distribution, the rpm was named "imap". We would now like to use
   dovecot and take advantage of its support for Maildir format, but
   we have existing user mail files in the old mbox format we need to
   migrate. How can we do this?

A. Read the documentation in
   /usr/share/doc/dovecot-*/UW-to-Dovecot-Migration. You will also
   find scripts there to help you.

Q. I'm getting errors in /var/log/maillog for dotlock failed,
   permission denied. The actual error probably looks like this with
   user replaced by a user name on your system.

   imap(user): file_lock_dotlock() failed with mbox file /var/spool/mail/user: Permission denied

A. This is occuring because:

   1) The user INBOX is in the system spool directory which is:
      "drwxrwxr-x root mail"

   2) Dovecot is configured to create "dotlock" locking files.

   3) After an imap user logs in the imap process runs as that user
      and the spool directory permissions does not allow that user to
      creat new files (e.g. dot lock files).

   The possible solutions are:

   1) Don't locate the user's INBOX in the system spool directory,
      have mail delivered to another location, for instance his home
      directory (this may not be possible to change for existing
      systems). This is an MTA configuration.

   2) In the dovecot configuration file set the variable
      mail_extra_groups to "mail". This will add the mail group to the
      list of groups that the logged in imap user will have permission
      for. His imap process can then create files in the mail spool
      file. However the user's imap process now has mail group
      privileges, you will have to evaluate the extent of the security
      threat this poses for your site.

   3) Disable the use of dotlocks by setting dovecots config parameter
      mbox_locks to a value that does not include dotlock, for
      example, fcntl. However, note dotlocks are considered robust,
      especially for NFS.
1	Q. We used to use University of Washington IMAP (UW IMAP), in the Red
2	Hat distribution, the rpm was named "imap". We would now like to use
3	dovecot and take advantage of its support for Maildir format, but
4	we have existing user mail files in the old mbox format we need to
5	migrate. How can we do this?
6
7	A. Read the documentation in
8	/usr/share/doc/dovecot-*/UW-to-Dovecot-Migration. You will also
9	find scripts there to help you.
10
11	Q. I'm getting errors in /var/log/maillog for dotlock failed,
12	permission denied. The actual error probably looks like this with
13	user replaced by a user name on your system.
14
15	imap(user): file_lock_dotlock() failed with mbox file /var/spool/mail/user: Permission denied
16
17	A. This is occuring because:
18
19	1) The user INBOX is in the system spool directory which is:
20	"drwxrwxr-x root mail"
21
22	2) Dovecot is configured to create "dotlock" locking files.
23
24	3) After an imap user logs in the imap process runs as that user
25	and the spool directory permissions does not allow that user to
26	creat new files (e.g. dot lock files).
27
28	The possible solutions are:
29
30	1) Don't locate the user's INBOX in the system spool directory,
31	have mail delivered to another location, for instance his home
32	directory (this may not be possible to change for existing
33	systems). This is an MTA configuration.
34
35	2) In the dovecot configuration file set the variable
36	mail_extra_groups to "mail". This will add the mail group to the
37	list of groups that the logged in imap user will have permission
38	for. His imap process can then create files in the mail spool
39	file. However the user's imap process now has mail group
40	privileges, you will have to evaluate the extent of the security
41	threat this poses for your site.
42
43	3) Disable the use of dotlocks by setting dovecots config parameter
44	mbox_locks to a value that does not include dotlock, for
45	example, fcntl. However, note dotlocks are considered robust,
46	especially for NFS.