Merge #2564

2564: Misc dovecot config changes r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- fix RECIPIENT_DELIMITER (wrong scope, was ignored)
This can be confirmed using: ``$nc imap 2525 ...`` and delivering to a VERP address
- drop privileges of the LMTP daemon

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>

core/dovecot/conf/dovecot.conf

@@ -7,6 +7,10 @@ postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
 hostname = {{ HOSTNAMES.split(",")[0] }}
 submission_host = {{ FRONT_ADDRESS }}
 
+default_internal_user = dovecot
+default_login_user = mail
+default_internal_group = dovecot
+
 ###############
 # Mailboxes
 ###############
@@ -80,18 +84,13 @@ userdb {
 }
 
 service auth {
-  user = dovecot
   unix_listener auth-userdb {
   }
 }
 
 service auth-worker {
   unix_listener auth-worker {
-    user = dovecot
-    group = mail
-    mode = 0660
   }
-  user = mail
 }
 
 ###############
@@ -116,9 +115,9 @@ service imap-login {
 ###############
 # Delivery
 ###############
+recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 protocol lmtp {
   mail_plugins = $mail_plugins sieve
-  recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 }
 
 service lmtp {

core/dovecot/start.py

@@ -5,6 +5,7 @@ import glob
 import multiprocessing
 import logging as log
 import sys
+from pwd import getpwnam
 
 from podop import run_server
 from socrate import system, conf
@@ -12,7 +13,9 @@ from socrate import system, conf
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
 def start_podop():
-    os.setuid(8)
+    id_mail = getpwnam('mail')
+    os.setgid(id_mail.pw_gid)
+    os.setuid(id_mail.pw_uid)
     url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/dovecot/§"
     run_server(0, "dovecot", "/tmp/podop.socket", [
 		("quota", "url", url ),
@@ -35,7 +38,8 @@ for script_file in glob.glob("/conf/*.script"):
     os.chmod(out_file, 0o555)
 
 # Run Podop, then postfix
-multiprocessing.Process(target=start_podop).start()
 os.system("chown mail:mail /mail")
 os.system("chown -R mail:mail /var/lib/dovecot /conf")
+
+multiprocessing.Process(target=start_podop).start()
 os.execv("/usr/sbin/dovecot", ["dovecot", "-c", "/etc/dovecot/dovecot.conf", "-F"])