From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009

Description of problem:
When postfix invokes an external delivery agent, it doesn't call initgroups() to
initialize the supplemental groups.  When using procmail, this can lead readily
lead to permission errors.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Switch to Postfix mta (as root)
   su -c 'echo "mailbox_command = /usr/bin/procmail" >> /etc/postfix/main.cf'
   redhat-switchmail # choose postfix
   
2. Put yourself in a supplementary group
   su -c "usermod -G wheel $LOGNAME" # add yourself to wheel
3. Set up a procmailrc to examine mda credentials
   cat > ~/.procmailrc <<'EOI'
:0 c
| id -a >> $HOME/id.log
EOI
3. Send yourself some empty mail
   mail -s test $LOGNAME </dev/null
4. Examine the contents of id.log
   cat ~/id.log 

Actual Results:  uid=500(rugolsky) gid=501(rugolsky) groups=501(rugolsky)


Expected Results:  uid=500(rugolsky) gid=501(rugolsky)
groups=501(rugolsky),10(wheel)

Additional info:

A workaround is to use an MDA command that invokes initgroups() first,  e.g.,
"sudo -u $LOGNAME /usr/bin/procmail", assuming sudo is set up correctly.