The problem is that as CloudMailin uploads your attachments to AWS S3 it needs to set the ACL permissions on them. AWS offers a couple of ‘canned permissions' for this. The only two that are really of interest to CloudMailin are the following:
bucket-owner-full-control
- this is what you’re currently set to, it grants the bucket owner full control over the uploaded attachment.public-read
- this will grant you full control as the bucket owner but will also set read only privileges for everyone.
If you log into CloudMailin head to your address list and click ‘manage' on the address you need to edit. Then head to ‘Edit Attachment Store’ and select ‘Public Read’ then CloudMailin will set this canned policy as the email attachments are uploaded to S3.