Debian mail dotlocking issues
I'm running Sarge and have run into some mail locking issues. It appears
that there is a history of issues with mail locking in Debian, and I'm
wondering if anyone has a suggested "best practice" now.
In a previous incarnation of my mail server, /var/mail was g+s and
sticky. This allowed mutt_dotlock to create dotlock files without having
to run setguid for mutt users; and for dovecot to create dotlocks when
invoked through procmail, where it doesn't load the configuration file
which might tell it to use fcntl or flock.
It seemed like a bad idea, though, to have /var/mail be setgid and
sticky. So in a new incarnation, I tried to find another way to do it.
I found a solution with dovecot, which was to create a wrapper in
/usr/bin/imapd which set the environment prior to running
/usr/lib/dovecot/imap so dovecot would use flock or fcntl.
I realize mutt is supposed to do fcntl as well as dotlock, but I have the
impression it isn't locking properly because I'm finding random
spamassassin headers in the middle of message bodies. Running
mutt_dotlock with the -p option allows it to create dotlock files in
/var/mail as setgid mail, and I suppose I could change systemwide Muttrc
to sett dotlock_program='mutt_dotlock -p'.
But then I wonder if this solves everyone's problems: for example, pine
seems to have a totally different way of locking by putting a dotlock
file in /tmp, which presumably no one else is looking at.
Basically, what's the best way to make sure postfix, dovecot, mutt, pine,
etc., all share locks properly without otherwising comprimising system
security? (Other than switching to maildir style boxes, which I'm not
quite ready to do).