Dict Proxy Process ================== Dict server is used for providing [Dictionary.txt] access via server processes instead of doing it directly from whichever process wants to access the dictionary. This is useful for some backends with relatively high connection cost (e.g. SQL), but not necessarily for others (e.g. Redis). When a mail process uses the dict proxy, it needs to have access the dict UNIX socket. By default only the "dovecot" user has access to the dict socket, which doesn't typically work in any installation. However, giving too wide permissions by default might allow untrusted users to access the dict and cause problems. If all users share a single UNIX UID (e.g. "vmail"), you could make the dict socket accessible only to it: ---%<------------------------------------------------------------------------- service dict { unix_listener dict { mode = 0600 user = vmail } } ---%<------------------------------------------------------------------------- If you use multiple UNIX UIDs, you can add an extra group for all Dovecot mail processes. This works even if you have untrusted system users who have shell access to the server: ---%<------------------------------------------------------------------------- mail_access_groups = dovecot service dict { unix_listener dict { mode = 0660 group = dovecot } } ---%<------------------------------------------------------------------------- However, it works with only if it's started as root. If this isn't possible, look into using instead. (This file was created from the wiki on 2017-10-10 04:42)