I am getting the "Invalid home directory permissions - world writable." complaint, and I think I understand what needs to be done, but I just want to make sure. I have checked all directories from the home directory down to /, and none are world writable.

My setup is postfix->maildrop. All users are virtual using mysql. All of the mailstopr structure is owned byt postfix:postdrop. Permissions on the home directory are postfix:maildrop rwxrwx--- and the home directory is static. The maildir directory is different for each user (standard virtual setup), but all owned by postfix:postdrop with 770 permissions.

Postfix is running as postfix:postdrop and is is piping mail to maildrop using:

maildrop unix - n n - - pipe flags=DRhu user=maildrop:postdrop argv=/usr/bin/maildrop -d ${recipient}

So, I think the solution is to compile maildrop with

--enable-trusted-users='maildrop' --enable-trusted-groups='postdrop' --enable-restrict-trusted=1

and install it sued as maildrop.

Is this correct? Are there any security considerations that this setup presents besides any user that is a member of postdrop can run -d? Is there something else I am missing?

Thanks, Rob