Dovecot and Postfix - mail permission issue

I have installed Dovecot and Postfix.. I am able to send and receive email.
all works good but for some reason I have to change email persmission to 777 or change ownership to "onecatch" or "twocatch" users.. too be able to access the email with SquirrelMail..
I am running Centos v6.4 and I added two new users.. to be able to login with SquirrelMail

adduser onecatch
adduser twocatch

I have to do this each time I want to check emails
/bin/chown -R onecatch:onecatch /home/virtual/email/onecatch
/bin/chown -R twocatch:twocatch /home/virtual/email/twocatch

protocols = imap pop3 lmtp

dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext

!include conf.d/*.conf

mail_location = maildir:/home/virtual/email/%u/

Open in new window

## These settings differers from the default config ##
myhostname =
mail_owner = postfix
mydomain =
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = localhost, mail.localdomain, localhost.localdomain, localdomain
unknown_local_recipient_reject_code = 550
in_flow_delay = 1s
home_mailbox = Maildir/
mail_spool_directory = /home/virtual/email
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

## The following is added to the config ##
local_transport = virtual
virtual_mailbox_domains = /home/virtual/email/my_domains
virtual_mailbox_base = /home/virtual/email
virtual_mailbox_maps = hash:/home/virtual/email/my_virtual
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions =
        reject_invalid_hostname, reject_non_fqdn_hostname,
        reject_non_fqdn_sender, reject_non_fqdn_recipient,
        reject_unknown_sender_domain, reject_unknown_recipient_domain,
smtpd_data_restrictions = reject_unauth_pipelining, permit

Open in new window


Open in new window

>my_virtual		onecatch/				onecatch/             		twocatch/            			twocatch/

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This doesn't have anything to do with your config files, it is a Linux user permissions problem. Squirrelmail is a set of PHP scripts, which run via Apache. They do not access the server via the filesystem, so Squirellmail is not the problem, it's your mailbox ownership and permissions.

For example, looking at my mailsystem, which is running Ubuntu Server with hundreds of users with virtual mailboxes, postfix is running under the user postfix and the actual imap service (/usr/bin/imapd) is running as the user

The permissions on those mailboxes are 700, which is correct. The owner (vmail) should be able to do whatever they want with them.

This is important to note that postfix itself runs under the user postfix. So, really, not even postfix can access those mailboxes direclty. The user vmail, which runs the IMAP service is the only one with access.

It is quite possible you're experiencing this problem because you are trying to make everything run under one user, which is not correct. Thus, when Squirrelmail tries to connect to the IMAP service over tcp/http, it can't. Probably not because there is a Squirrellmail problem (remember... it doesn't use the file system) but rather because the imap service can't access themailboxes until you change the permissions to 777.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Additionally, you may consider reading this article:

It has step by step instructions on setting up a mail server exactly as you're attempting to get working. While it is for Debian / Ubuntu users, the differences are minimal. Most notably the package manager you use is yum, while Debian / Ubuntu uses apt. And, some files may be in slightly different places, but a google search or two should clarify.

Compare the steps in the article to the steps you have done in your setup to see what's different.
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, I bed to differ... but only a little.

Squirrelmail (and you may find you like their competitor better -- RoundCube) accesses your mail via your IMAP interface. So if you're having trouble reading or sending mail with SquirrelMail (or RoundCube), then you're having trouble with your IMAP service.

This is one of the great strengths of SquirrelMail -- it doesn't require knowledge of your mail server or data storage -- presumably, you have already configured POP & IMAP for your [sendmail|postfix|qmail|exim|other mail server] and so SquirrelMail just has to be taught how to use your IMAP server -- which is pretty basic.... the biggest thing that is likely to screw you up is if your IMAP uses a non-standard root prefix (like courier IMAP wants to put everything inside the Inbox).

I hope this helps! At least to point you in the right direction! (Fix IMAP, check your SquirrelMail config for how to connect, and off you go!)

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

XK8ERAuthor Commented:
maybe I am going with the wrong approach or I am confused..

I do this from the shell..

adduser bob
adduser mike

then I login using SquirrelMail or the beautiful RoundCube thanks it4soho =)

I see new created files from

owned by "bob" or by "mike"
XK8ERAuthor Commented:
maybe there is a different way to add virtual users?

how can i do this the right way of setup i've been trying to figure it out for the past 3 days now..
@Dan - where did you "differ" from me? We seem to be on the exact same page...

@XK8ER -
If you use the guide I gave you, you can then install postfixadmin, which gives you a GUI to add virtual domains, virtual users, the whole nine yards.


Main Page:
XK8ERAuthor Commented:
DrDamnit, I totally understand but that defeats the purpose of learning how to do it from shell.. I think that I finally figure it out..

I deleted the users by doing this

userdel -r bob
userdel -r mike

then added something like this >passwd


now all incoming mail and newly created files and everything stays the same owned by "vmail" instead of bob or mike..

protocols = imap pop3 lmtp

!include conf.d/*.conf

log_path = /home/virtual/email/dovecot.log
info_log_path = /home/virtual/email/dovecot-info.log

# Disable SSL for now.
ssl = no # v1.2+, for older versions use: ssl_disable = yes
disable_plaintext_auth = no

mail_location = maildir:/home/virtual/email/%u/
#mail_location = maildir:~/Maildir

# Authentication configuration:
auth_verbose = yes

auth_mechanisms = plain
passdb {
  driver = passwd-file
  args = /home/virtual/email/passwd
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/home/virtual/email/%u/

Open in new window

I didn't realize doing this manually via the shell was part of the requirements. This isn't a production system?

Also, did you edit /etc/passwd manually? Editing that file manually and storing passwords in plaintext are generally not advised if this system is going to be on the internet sending and receiving mail.

At any rate, do you have it working now?
XK8ERAuthor Commented:
yes its working now but I was reading dovecot and the passwords can be stored as hashed so that would be the only thing left to do instead of plain text..

XK8ERAuthor Commented:
changed to
disable_plaintext_auth = yes

and switched to password data


thats pretty much it.. everything else seems to be up and running nicely!
Glad you got it working. If there's nothing else, don't forget to close the question.
XK8ERAuthor Commented:
thanks a lot guys
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.