It must be owned by the user who makes the delivery. Is vmail or
mlmmj a system user?
man forward
...
Permissions on the .forward file are very strict and expansion is
rejected if the file is group or world-writable; if the home
directory is
group writeable; or if the file is not owned by the user.
I've been using mlmmj with this in the .forward file:
|/usr/bin/mlmmj-receive -L /var/vmail/mlmmj/domain/list/
Permissions 0700 and 0600 on /var/vmail/mlmmj and vmail:vmail user/group.
man aliases
...
|command
Pipe the message to command on its standard input. The command
is run under the privileges of the daemon's unprivileged account.
Sounds to me that smtpd needs reading rights. Something like
/var/vmail/mlmmj/domain/listname/.forward 640 vmail:smtpd
You where already pretty close when you got this line though:
warn: smtpd: /var/vmail/mlmmj/domain/listname/.forward: unsecure file
There was probably just wrong write permissions for the group.
