User's mailbox created with adduser has rw permissions for primary group.
vulners.com/securityvulns/securityvulns:doc:4113