Friday, October 9, 2009

Upgrade to net-mail/courier-imap-4.5.0

After upgrading this package and running dispatch-conf I had to update /etc/courier-imap/imapd. While doing so, I merged in the following new block:
##NAME: IMAP_MAILBOX_SANITY_CHECK:0
#
# Sanity check -- make sure home directory and maildir's ownership matches
# the IMAP server's effective uid and gid

IMAP_MAILBOX_SANITY_CHECK=1
I was a little concerned, and sure enough after restarting courier and trying to check my mail, I couldn't get any messages. I checked the mail log and saw the following:
Oct  9 07:42:39 erma imapd-ssl: Connection, ip=[xxx.xxx.xxx.xxx]
Oct 9 07:42:40 erma imapd-ssl: xxxx: Account's mailbox directory is not owned by the correct uid or gid
Rather than just disable the feature (I figured a "sanity check" is a good thing). I searched around a bit and saw some discussion about people having issues when the group membership of the maildir wasn't the user's primary group. So I checked the permissions on my maildir:
drwx------ 29 dstutz root   486 2009-10-08 07:13 .
I tried chgrp -R users .maildir and tried to check my mail again:
Oct  9 07:53:33 erma imapd-ssl: Connection, ip=[xxx.xxx.xxx.xxx]
Oct 9 07:53:33 erma imapd-ssl: LOGIN, user=xxxx, ip=[xxx.xxx.xxx.xxx], port=[19177], protocol=IMAP
Yay! So I did a preemptive chgrp for all the other users on my system and hopefully all will be well going forward. I find it interesting that it even cares about the group membership since the maildir has 700 permissions.