Maildir permissions for courier

I'm having difficulty with maildir permissions for **Courier** , an IMAP server I've installed on a box running Debian Wheezy. The mail directory I use is /var/mail/users, with the following permissions: drwxr-sr-x 3 mail mail 4.0K Oct 14 08:09 users This directory has chmod 750 permissions. The individual *user* directories inside /var/mail/users have the following permissions: drwx------ 6 johnsmith johnsmith 4.0K Oct 14 08:13 johnsmith Note that the individual user directories are owned by the user, and have permissions of 700. The problem is that this causes courier to fail when it tries to access the user directories. (The error message courier gives is vague, but I'm certain it's a permissions issue): # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information. 0 LOGIN johnsmith@myhost.com mypassword 0 OK LOGIN Ok. 0 STATUS INBOX (MESSAGES UNSEEN) 0 NO [ALERT] STATUS failed Note that the STATUS command fails. Courier doesn't say why and there's nothing in /var/log/mail.log, but I'm 99% sure it's a permissions issue, because if I change the permissions on /var/mail/users/johnsmith to 777, courier has no problem with the STATUS command and reports success. But of course, I don't want to set permissions to 777. I thought perhaps the problem is that the /var/mail/users/johnsmith directory should be owned by mail instead of johnsmith. So I tried doing that, but then courier fails on the LOGIN command: 0 LOGIN johnsmith@myhost.com mypassword * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the correct uid or gid: So what are the safest correct permissions I should set for the maildir (and maildir sub directories) so that courier can successfully login and access each dir?