[Dovecot] keep users from deleting email
I looked on the dovecot website, but didn't find an answer. With dovecot 1.0, is there a way to keep users from deleting their email? So that when they click the delete button on their email client, nothing happens/dovecot refuses to delete email, etc?
Re: [Dovecot] keep users from deleting email
On 4/14/2008 9:42 AM, Adam Williams wrote: I looked on the dovecot website, but didn't find an answer. With dovecot 1.0, is there a way to keep users from deleting their email? So that when they click the delete button on their email client, nothing happens/dovecot refuses to delete email, etc? I was thinking about a possible plugin - call it maybe 'fake-delete or something - that would move all messages that a user deletes to a hidden folder in their maildir, for admin purposes... you could also use the expire plugin to keep this from growing indefinitely. But to prevent them from deleting them altogether? Why? If you just want a read-only maildir, just do that - so only admins can delete messages from protected accounts... -- Best regards, Charles
Re: [Dovecot] keep users from deleting email
Charles Marcus wrote: I was thinking about a possible plugin - call it maybe 'fake-delete or something - that would move all messages that a user deletes to a hidden folder in their maildir, for admin purposes... you could also use the expire plugin to keep this from growing indefinitely. But to prevent them from deleting them altogether? Why? If you just want a read-only maildir, just do that - so only admins can delete messages from protected accounts... Management wants the users to be able to use the email like normal (to read as normal, to file into mailboxes, etc) but not be able to delete any email, ever, for archival/legal purposes. Also, I'm using the wu-imap mbox format and not the Maildir format for keeping email, because a year ago I migrated away from wu-imap to dovecot.
[Dovecot] dovecot-deliver auth-master error
Hi all, I'm trying to get the sieve plugin to work, but with little result. I'm following http://wiki.dovecot.org/LDA, http://wiki.dovecot.org/LDA/Postfix and http://wiki.dovecot.org/LDA/Sieve but it won't work. As I have virtual users from several virtual domains, I added the virtual users - with lookup section from http://wiki.dovecot.org/LDA, but now dovecot fails to start. My dovecot.conf is as follows: # 1.0.13: /etc/dovecot.conf login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: maildir:/data/mail/mydomain/%Ln maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): outlook-idle pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: username_format: %Lu debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: static args: uid=5000 gid=5000 home=/var/mail/vmail socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve: /home/virtual/%u/sieve The problem seems to be in the auth-master path, for /var/log/maillog shows: Apr 14 16:14:44 termserv dovecot: Dovecot v1.0.13 starting up Apr 14 16:14:44 termserv dovecot: auth(default): unlink(/var/run/dovecot/auth-master) failed: Is a directory Apr 14 16:14:44 termserv dovecot: Auth process died too early - shutting down Apr 14 16:14:44 termserv dovecot: child 12385 (auth) returned error 89 Can anyone point me in the right direction? TIA, Wouter
[Dovecot] Expire plugin isn't working
Hello all, I followed the wiki to configured the expire plugin on dovecot-1.1rc4 and it isn't working. No error messages on logs or on the execution of dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool. mailserver02:~ # dovecot -n # 1.1.rc4: /etc/dovecot//dovecot.conf syslog_facility: local1 protocols: imap pop3 ssl_disable: yes disable_plaintext_auth: no shutdown_clients: no login_dir: /usr//var/run/dovecot/login login_executable(default): /usr//libexec/dovecot/imap-login login_executable(imap): /usr//libexec/dovecot/imap-login login_executable(pop3): /usr//libexec/dovecot/pop3-login login_process_per_connection: no login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no login_process_size: 128 login_processes_count: 30 login_max_processes_count: 1024 login_max_connections: 512 max_mail_processes: 10240 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 mail_uid: 1033 mail_gid: 1033 mail_location: maildir:%h/Maildir mail_executable(default): /usr//libexec/dovecot/imap mail_executable(imap): /usr//libexec/dovecot/imap mail_executable(pop3): /usr//libexec/dovecot/pop3 mail_plugins(default): expire quota imap_quota autocreate mail_plugins(imap): expire quota imap_quota autocreate mail_plugins(pop3): quota mail_plugin_dir(default): /usr//lib/dovecot/imap mail_plugin_dir(imap): /usr//lib/dovecot/imap mail_plugin_dir(pop3): /usr//lib/dovecot/pop3 pop3_no_flag_updates(default): no pop3_no_flag_updates(imap): no pop3_no_flag_updates(pop3): yes pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %f pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls namespace: type: private prefix: INBOX. inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login cache_size: 20480 cache_ttl: 300 cache_negative_ttl: 0 passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: prefetch userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen master: path: /var/run/dovecot/auth-master mode: 438 plugin: quota: maildir quota_rule: *:bytes=10240 quota_rule2: *:messages=3 autocreate: SPAM.E Spam autocreate2: SPAM.Marcar Spam autocreate3: SPAM autocreate4: SPAM.Desmarcar Spam expire: Trash 1 SPAM 10 SPAM/* 10 Sent 30 expire_dict: proxy::expire auth_socket_path: /var/run/dovecot/auth-master dict: expire: db:/usr/lib/dovecot/expidb/expire.db
Re: [Dovecot] keep users from deleting email
At 8:42 AM -0500 4/14/08, Adam Williams imposed structure on a stream of electrons, yielding: I looked on the dovecot website, but didn't find an answer. With dovecot 1.0, is there a way to keep users from deleting their email? So that when they click the delete button on their email client, nothing happens/dovecot refuses to delete email, etc? Presumably you're users are all using IMAP, since the question doesn't really make sense for POP users, whose view of mail is entirely local to their machines, not the server. I'd argue that having the sort of in-your-face dysfunction you describe is probably not the best approach unless user antagonism is one of your goals. You would probably be better off making a user's deletion into a server-side hiding/archiving. The Lazy Expunge plugin can do that. http://wiki.dovecot.org/Plugins/Lazyexpunge -- Bill Cole [EMAIL PROTECTED]
Re: [Dovecot] keep users from deleting email
On 4/14/2008, Bill Cole ([EMAIL PROTECTED]) wrote: You would probably be better off making a user's deletion into a server-side hiding/archiving. The Lazy Expunge plugin can do that. http://wiki.dovecot.org/Plugins/Lazyexpunge Oh, right... forgot about that one... Dovecot 'just' rocks... :) -- Best regards, Charles
[Dovecot] dovecot-deliver auth-master error
Hi all, I'm trying to get the sieve plugin to work, but with little result. I'm following http://wiki.dovecot.org/LDA, http://wiki.dovecot.org/LDA/Postfix and http://wiki.dovecot.org/LDA/Sieve but it won't work. As I have virtual users from several virtual domains, I added the virtual users - with lookup section from http://wiki.dovecot.org/LDA, but now dovecot fails to start. My dovecot.conf is as follows: # 1.0.13: /etc/dovecot.conf login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_location: maildir:/data/mail/mydomain/%Ln maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): outlook-idle pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: username_format: %Lu debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: static args: uid=5000 gid=5000 home=/var/mail/vmail socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve: /home/virtual/%u/sieve The problem seems to be in the auth-master path, for /var/log/maillog shows: Apr 14 16:14:44 termserv dovecot: Dovecot v1.0.13 starting up Apr 14 16:14:44 termserv dovecot: auth(default): unlink(/var/run/dovecot/auth-master) failed: Is a directory Apr 14 16:14:44 termserv dovecot: Auth process died too early - shutting down Apr 14 16:14:44 termserv dovecot: child 12385 (auth) returned error 89 Can anyone point me in the right direction? TIA, Wouter
Re: [Dovecot] keep users from deleting email
Charles Marcus wrote: Then you are using the wrong tool. For legal purposes, your message archives should be completely separate from your normal mail store. Set up a parallel delivery system for your archiver. Do you mean like, Postfix's always_bcc = [EMAIL PROTECTED] option? But, then I'm doubling my data. One copy is the user's email, and one copy for always_bcc. Then I have twice the data to back up, more CPU cycles to compress it to tape, etc...
Re: [Dovecot] keep users from deleting email
At 8:58 AM -0500 4/14/08, Adam Williams wrote: Charles Marcus wrote: I was thinking about a possible plugin - call it maybe 'fake-delete or something - that would move all messages that a user deletes to a hidden folder in their maildir, for admin purposes... you could also use the expire plugin to keep this from growing indefinitely. But to prevent them from deleting them altogether? Why? If you just want a read-only maildir, just do that - so only admins can delete messages from protected accounts... Management wants the users to be able to use the email like normal (to read as normal, to file into mailboxes, etc) but not be able to delete any email, ever, for archival/legal purposes. Just so others don't read that as some sort of generally relevant good idea, it should be noted that as a government agency you have very special archival/legal concerns, and that they may be even more unusual as an agency focused on historical information. Acme's Widgets Inc. would not be well-advised to use the Mississippi Dept. of Archives and History as a role model in email preservation. I still would think that the particular approach you describe is looking at the archival requirements in the wrong place. Rather than interfering with how users work with their mail, you would probably be better off looking at the delivery process and having it create your permanent archive rather than treating the user-facing mailbox as the archive. Also, I'm using the wu-imap mbox format and not the Maildir format for keeping email, because a year ago I migrated away from wu-imap to dovecot. That eliminates the Lazy Expunge option... -- Bill Cole [EMAIL PROTECTED]
Re: [Dovecot] keep users from deleting email
At 9:36 AM -0500 4/14/08, Adam Williams wrote: Bill Cole wrote: Presumably you're users are all using IMAP, since the question doesn't really make sense for POP users, whose view of mail is entirely local to their machines, not the server. I'd argue that having the sort of in-your-face dysfunction you describe is probably not the best approach unless user antagonism is one of your goals. You would probably be better off making a user's deletion into a server-side hiding/archiving. The Lazy Expunge plugin can do that. http://wiki.dovecot.org/Plugins/Lazyexpunge Thanks, I agree with you. However, I just do what management tells me to do, and we're trying to get Sarbanes-Oxley Act of 2002 compliant with our data. Um, really? I've had a little experience with SOx, HIPAA, GLBA, and Federal E-Discovery compliance projects, and I've never heard that SOx applied at all to state agencies or that it requires anyone to archive all email forever. In fact, doing so as a matter of normal policy may be a very bad idea under the E-Discovery rules. I'm certainly no lawyer, but your management may want to find better ones than they seem to have... Lazy Expunge only operates on Maildir format, and while dovecot's website has instructions for converting from mbox to Maildir, mbox works pretty good for us, and I don't want to fix what isn't broken. You definitely need to be aware of the fact that one of the downsides of mbox is performance and resource demands as the mbox files grow. -- Bill Cole [EMAIL PROTECTED]
Re: [Dovecot] keep users from deleting email
Bill Cole wrote: Presumably you're users are all using IMAP, since the question doesn't really make sense for POP users, whose view of mail is entirely local to their machines, not the server. I'd argue that having the sort of in-your-face dysfunction you describe is probably not the best approach unless user antagonism is one of your goals. You would probably be better off making a user's deletion into a server-side hiding/archiving. The Lazy Expunge plugin can do that. http://wiki.dovecot.org/Plugins/Lazyexpunge Thanks, I agree with you. However, I just do what management tells me to do, and we're trying to get Sarbanes-Oxley Act of 2002 compliant with our data. Lazy Expunge only operates on Maildir format, and while dovecot's website has instructions for converting from mbox to Maildir, mbox works pretty good for us, and I don't want to fix what isn't broken.
Re: [Dovecot] keep users from deleting email
At 9:45 AM -0500 4/14/08, Adam Williams imposed structure on a stream of electrons, yielding: Charles Marcus wrote: Then you are using the wrong tool. For legal purposes, your message archives should be completely separate from your normal mail store. Set up a parallel delivery system for your archiver. Do you mean like, Postfix's always_bcc = [EMAIL PROTECTED] option? But, then I'm doubling my data. One copy is the user's email, and one copy for always_bcc. Then I have twice the data to back up, more CPU cycles to compress it to tape, etc... If you use something like Postfix's recipient_bcc_maps you may not need to back up the live user-facing mailboxes at all, because you can have an archive mailbox for each user instead of the big shared dump you get with always_bcc. -- Bill Cole [EMAIL PROTECTED]
Re: [Dovecot] keep users from deleting email
On 4/14/2008, Adam Williams ([EMAIL PROTECTED]) wrote: Do you mean like, Postfix's always_bcc = [EMAIL PROTECTED] option? But, then I'm doubling my data. One copy is the user's email, and one copy for always_bcc. Then I have twice the data to back up, more CPU cycles to compress it to tape, etc... Yep... but its the only legally recognizable way of insuring you are actually archiving your email. If you are archiving because you are legally *required* to do so, then I don't think such a scheme would satisfy that requirement - but I could be wrong. I'm glad I'm not in a regulated industry where we *have* to archive. -- Best regards, Charles
Re: [Dovecot] keep users from deleting email
Bill Cole wrote: Um, really? I've had a little experience with SOx, HIPAA, GLBA, and Federal E-Discovery compliance projects, and I've never heard that SOx applied at all to state agencies or that it requires anyone to archive all email forever. In fact, doing so as a matter of normal policy may be a very bad idea under the E-Discovery rules. I'm certainly no lawyer, but your management may want to find better ones than they seem to have... Well it doesn't, but management wants us to archive all electronic data forever in a fashion that is compliant to that law. You definitely need to be aware of the fact that one of the downsides of mbox is performance and resource demands as the mbox files grow. What do you consider a large mbox? We have users with single mbox files of 3G and their mail loads up fine. We are using Seamonkey's email client and it makes a local index file of all the message to/from/subject/date/etc so it loads mail very quickly, pretty much instantaneous. One thing I don't like about Maildir is that it keeps each message as a seperate file, so you'll end up with directories with 20k+ files and run into glob problems, and with ext3, you have all these sub 4kb messages still taking up a 4k block on the disk, wasting disk space.
Re: [Dovecot] keep users from deleting email
Adam Williams wrote: Charles Marcus wrote: Then you are using the wrong tool. For legal purposes, your message archives should be completely separate from your normal mail store. Set up a parallel delivery system for your archiver. Do you mean like, Postfix's always_bcc = [EMAIL PROTECTED] option? But, then I'm doubling my data. One copy is the user's email, and one copy for always_bcc. Then I have twice the data to back up, more CPU cycles to compress it to tape, etc... If you still want to do it this way, upon source inspection it looks like you can accomplish it by making imap_expunge function (src/imap/imap-expunge.c) a noop, that is, returning always true. If it works for read-only mailboxes it should do for this, but haven't tested myself :) BTW I'm sure it can also be done as a plugin, but I'm not familiar with the plugin api at all. Bright side is that if expunge is a noop, users stop seeing the message as it gets marked as deleted but it's left there. Anyway as others have pointed out, I'd look at doing this outside the imap server. It's too easy to get something like this disabled by mistake (deploy an unpatched binary) and do unnoticed. Regards, -- Angel Marin http://anmar.eu.org/
Re: [Dovecot] Expire plugin isn't working
Raphael Bittencourt S. Costa wrote: I followed the wiki to configured the expire plugin on dovecot-1.1rc4 and it isn't working. No error messages on logs or on the execution of dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool. I also have trouble getting it to do much. It may be broken; I found some old mails where Timo says that it has not been tested in recent times. Anders.
Re: [Dovecot] ACLs generating plugin problems.
Sorry again, I forgot to tell: dovecot version: 1.0.5-1 Debian package. Also, I tried to change plugin order on dovecot.conf, but the problem persists! Thanks! Fábio M. Catunda escreveu: Hi! I'm trying to use an ACL to avoid deletion of messages that are inside .Trash folder, the ACL is already working very well, the problem that I'm facing is that even if the message is not deleted, mail_log logs that it has been deleted. Also, in some cases part of the lazy_expunge code is executed too, but sometimes I just dont know where the message is, thats weird. I erased deleted and expunged folders, then I deleted a message, It hasn't been deleted, but deleted and expunged folders has been created. Anyway, I would like to know if there is a way to stop plugin execution when an ACL matches. Thanks a lot.
