[Dovecot] Sendmail + deliver; silent errors.
Hi all. I've got a bit of a peculiar issue here. I'm running dovecot 1.2.9 on an Ubuntu 9.10 box using Sendmail 8.14.3. I've set up Sendmail similar to http://wiki.dovecot.org/LDA/Sendmail except that *) dovecot's deliver is configured as my default local mailer, so some of the flags for the Mailer definition had to be adjusted accordingly. *) The setuid users listed in the wiki kept result in setgid() failures from deliver, so I've changed it to root:mail (mail being sendmail's MDA group), with permissions as u+s,g+rx,o-rwx When sendmail attempts delivery, I'm getting deferred: deliver failed with EX_TEMP, but nothing recorded in the log files. I've embarrassingly widened the permissions of /var/log/dovecot and the files contained within to read/write everyone, just to ensure that whomever it's running as has access, but the log files aren't updated. The peculiar thing kicks in when I attempt to debug this. So far I have (amongst other things): *) Run deliver from the command line logged in as mail. *) written a shell wrapper script to be able to confirm things like the user ID that was invoking deliver. *) both in the shell script, and as an mailer definition in sendmail, strace'd (using a setuid root binary) deliver to capture what it was doing. Whenever I do any of the above, deliver works perfectly, and appears to log correctly. It only appears to bork when no-one is watching it, which is quite frustrating when trying to fix it. Help? Configuration of dovecot follows: # 1.2.9: /etc/opt/dovecot-1.2.9/dovecot.conf # OS: Linux 2.6.31-14-server x86_64 Ubuntu 9.10 ext3 base_dir: /var/run/dovecot-1.2.9/ log_path: /var/log/dovecot/dovecot.log info_log_path: /var/log/dovecot/dovecot-info.log protocols: pop3 imap imaps ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot-1.2.9//login login_executable(default): /opt/dovecot-1.2.9/libexec/dovecot/imap-login login_executable(imap): /opt/dovecot-1.2.9/libexec/dovecot/imap-login login_executable(pop3): /opt/dovecot-1.2.9/libexec/dovecot/pop3-login mail_uid: vmail mail_gid: vmail mail_location: maildir:/vmail/spool/%u:LAYOUT=fs mail_executable(default): /opt/dovecot-1.2.9/libexec/dovecot/imap mail_executable(imap): /opt/dovecot-1.2.9/libexec/dovecot/imap mail_executable(pop3): /opt/dovecot-1.2.9/libexec/dovecot/pop3 mail_plugin_dir(default): /opt/dovecot-1.2.9/lib/dovecot/imap mail_plugin_dir(imap): /opt/dovecot-1.2.9/lib/dovecot/imap mail_plugin_dir(pop3): /opt/dovecot-1.2.9/lib/dovecot/pop3 lda: postmaster_address: postmas...@handcraftedcomputers.com.au auth_socket_path: /var/run/dovecot-1.2.9/auth-master auth default: verbose: yes passdb: driver: passwd-file args: /vmail/auth/passwd userdb: driver: static args: uid=vmail gid=vmail socket: type: listen master: path: /var/run/dovecot-1.2.9/auth-master mode: 384 user: vmail group: vmail -- Regards, Daryl Tester Member of the Amalgamated Australian Association Against Apostrophe Abuse. (formerly the 6A's - no, wait ...).
Re: [Dovecot] Sendmail + deliver; silent errors.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 19 Mar 2010, Daryl Tester wrote:
You are using system users?
*) The setuid users listed in the wiki kept result in setgid()
What setuid users?
failures from deliver, so I've changed it to root:mail (mail being
sendmail's MDA group), with permissions as u+s,g+rx,o-rwx
When sendmail attempts delivery, I'm getting deferred: deliver
failed with EX_TEMP, but nothing recorded in the log files. I've
embarrassingly widened the permissions of /var/log/dovecot and the
I changed logging of deliver to syslog for this reason:
protocol lda {
[...]
# Log to syslog
log_path =
info_log_path =
syslog_facility = mail
}
===
My definition of local delivery on Debian is:
dnl -f $g -- sender
dnl -d $u -- destination user account name
dnl -m $h -- mailbox to deliver to (+detail part of address)
dnl -n-- don't create new mailbox
dnl -e-- exit code rather DSN
FEATURE(`local_procmail', `/etc/mail/smrsh/dovecot-deliver',
`/etc/mail/smrsh/dovecot-deliver -e -f $g -d $u')dnl
sendmail invokes deliver already as the system user, no setuid necessary.
regards,
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS6M6vL+Vh58GPL/cAQLTWggAmTJR+hlg42revY2+DYLcYlvAYEYDZKmG
RjoEDYxl+jtj8PkeJjAsw18wT8awUzN79fkgIh6cNi1kh/VvsCdzobVDjlJ48k2K
uTOvFRHS04uQLmOpaWsl50LRmrEw4AtMzrE2NOYL7XVdfyR6uqOf4DtpdRZsyRnD
XAc/I9nUfmk6aol0P+wnxSFNuN8hoLgIVSKF50oIzuLE3MjJgxxea7YcL+QSx8rU
j6HV5GalFYHX+/JNgVj7QUNdxdkxqhO1djNM2jhg3Ob5pYT3PGidzPLFVa10vqC2
qlFPJrc7JibyEysEDMReUxesk0ogYLKef/ey7piIGk3g9JVoBgiDGg==
=9X3F
-END PGP SIGNATURE-
Re: [Dovecot] 2.0beta3 10876:370ee9717a6c broke listen on literal IPv6 address
Timo Sirainen t...@iki.fi wrote:
On Wed, 2010-03-10 at 18:01 +0100, Bernhard Schmidt wrote:
mail.svr02.mucip.net:~# dovecot -F -c /etc/dovecot/dovecot.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:29:=20
listen=3D..:port has been replaced by service { inet_listener { port } }
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf:=20
duplicate listener: 1:
OK, now it really should be fixed.
Confirmed.
Bernhard
Re: [Dovecot] Sendmail + deliver; silent errors.
Steffen Kaiser wrote: You are using system users? I believe so. Running delivery from the command line as the sendmail user works as it should. *) The setuid users listed in the wiki kept result in setgid() What setuid users? Sorry, I typed a little hastily. setuid user's configuration - setting the deliver owner to vmail:vmail as listed in http://wiki.dovecot.org/LDA/Sendmail resulted in setgid(1002(vmail)) failed with euid=1002(vmail), gid=8(mail), egid=8(mail): Operation not permitted. When sendmail attempts delivery, I'm getting deferred: deliver failed with EX_TEMP, but nothing recorded in the log files. I've embarrassingly widened the permissions of /var/log/dovecot and the I changed logging of deliver to syslog for this reason: Fair enough, but I'm happy to tighten the permissions once I've got it working; I just have to get it working first. === My definition of local delivery on Debian is: dnl -f $g -- sender dnl -d $u -- destination user account name dnl -m $h -- mailbox to deliver to (+detail part of address) dnl -n-- don't create new mailbox dnl -e-- exit code rather DSN FEATURE(`local_procmail', `/etc/mail/smrsh/dovecot-deliver', `/etc/mail/smrsh/dovecot-deliver -e -f $g -d $u')dnl sendmail invokes deliver already as the system user, no setuid necessary. So sendmail and deliver are running as the same user ID? I'm not sure my mailer definition is an issue here - like I said, if I wrap the invocation in a shell script or use strace as a mailer (that's a first for me) it works correctly. For the record, I'm using: Mdovecot, P=/opt/dovecot-1.2.9/libexec/dovecot/deliver, F=lADFMPhnu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, T=DNS/RFC822/X-Unix, A=deliver -d $u #Mdovecot, P=/tmp/strace, F=lADFMPhnu9, # S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, # T=DNS/RFC822/X-Unix, # A=strace -o /tmp/strace.log /opt/dovecot-1.2.9/libexec/dovecot/deliver -d $u -- Regards, Daryl Tester Member of the Amalgamated Australian Association Against Apostrophe Abuse. (formerly the 6A's - no, wait ...).
[Dovecot] configure dovecot to read-only ?
Hi, I like to configure the use of IMAP to read-only on a special backup system. Users should only be able to read archived email, they should not be able to create folders or delete email. I know how to configure user- or folder-specific acls, but it seems to be a bit complicated to setup a ACL for every user. Any simple global option available ? Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:fr...@powerweb.de Schinkelstrasse 17fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 == Public PGP Key available for fr...@powerweb.de
Re: [Dovecot] Sendmail + deliver; silent errors.
Daryl Tester wrote: When sendmail attempts delivery, I'm getting deferred: deliver failed with EX_TEMP, but nothing recorded in the log files. Gnargh, found it. After adding an freopen() to deliver to capture stderr (because sendmail sure as heck wasn't), deliver was reporting stat(deliver) failed: No such file or directory. Mdovecot, P=/opt/dovecot-1.2.9/libexec/dovecot/deliver, F=lADFMPhnu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, T=DNS/RFC822/X-Unix, A=deliver -d $u Change the last line (Argv) to A=/opt/dovecot-1.2.9/libexec/dovecot/deliver -d $u sets argv[0] to the full path of the binary so the permissions check in deliver succeeds. Which in hindsight explains why it worked with a wrapper script or strace; they both would have set the full path automatically. I can't believe I've spent most of an afternoon on this. hangs head in shame -- Regards, Daryl Tester Member of the Amalgamated Australian Association Against Apostrophe Abuse. (formerly the 6A's - no, wait ...).
[Dovecot] Problem with quota recreation
Hi, I'm migrating from cyrus to dovecot 1.2.10 with cyrus2dovecot. I've setup quota with mysql dict and while testing delivery quota is working fine. The only problem is when i migrate mailbox from cyrus to dovecot and when bytes and messages is set to 0. I tried with x GETQUOTAROOT Inbox but the quota usage is not recalculated and when a new message is delivered quota is calculated only on the new message. Any help would be greatly appreciated. Best regards Uros
Re: [Dovecot] Sendmail + deliver; silent errors.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Mar 2010, Daryl Tester wrote: I can't believe I've spent most of an afternoon on this. hangs head in shame Well, there are things worse :-) Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6OGLL+Vh58GPL/cAQLpuwgAn0IF+cFC48TThxzyDAaAqQYa4ZpBXA7d ftBB8EEK4/CdyT247E4h0YttQ29VNIaeXfjFvgH6Wyvz+fRIUOmqqkvHxvttDUkU S5u/ncnHHeH85xB2lRlqhKI6DrvgdgpRAPycRxbIhxnDaKkeovZtumtZAk9ISCuv xDAsPLSIEEhALxcOKAX5242BU/FGxwDMlXIu1BrdOk/F2iwwVTBZEaatODDUuSyj oQGlrvfpIyh5RauKo1IOC5/UfI05sQ2IfZonhbJt8IJd5WnXthgBRD7vTQ9etIgT DwXERonJ68HY8WYOcc9KdwTUOa9VoTC5tXCnwM/OUSaxX6VTPaAzmA== =xYp3 -END PGP SIGNATURE-
Re: [Dovecot] Problem with quota recreation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Mar 2010, Uroš Gruber wrote: only problem is when i migrate mailbox from cyrus to dovecot and when bytes and messages is set to 0. I tried with x GETQUOTAROOT Inbox but the quota usage is not recalculated and when a new message is delivered quota is calculated only on the new message. Any help would be greatly appreciated. Hmm, what does 0 means for cyrus, unlimited too? see http://wiki.dovecot.org/Quota/1.1 bytes: Quota limit in bytes, 0 means unlimited. Or do you refer to the actual (current) quota and not the limits? In that case, just remove the entries. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6OHMr+Vh58GPL/cAQLGKQf+Mh7fAs02ydVfsqUTOiiSNAtfu6IGTH9V FYSZ1sPvxfybTZOzcf8oViaI2bhtkYd2VblLU+0+w9FlPwvSY5oOfhr5r70EyhB+ NN42/RfXo91oVM2rK9+tg71HdnsBNJVj+a2I+PTPW5lP7KzHnCV9cDTlHV0845L1 vMuZTUBsaiPM4k4RRR7l7LzN6gvhLSVLl123SojgMX61G6smmP5jZlIqffb0kY4v MDFEbuwr0S04HBKPzTwoUFanRnBvwI9byUmJfEQswqbUzFvgRnSUT2L0Vcq4V6SB zGDmq9FPRQCGzbcupPOe1EPV/jqSthI/mzRC1+4yLe4IPDIio4fQ6g== =Bn6e -END PGP SIGNATURE-
Re: [Dovecot] Triggering mailbox fetch
On Fri, 2010-03-19 at 16:02 +, Brian Candler wrote: In courier-imap I could create a '.loginexec' file which is executed when the user logs in, and gets deleted if it completes successfully. I'm trying to find something similar for Dovecot. How about: http://wiki.dovecot.org/PostLoginScripting signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Triggering mailbox fetch
On Fri, Mar 19, 2010 at 06:15:20PM +0200, Timo Sirainen wrote: In courier-imap I could create a '.loginexec' file which is executed when the user logs in, and gets deleted if it completes successfully. I'm trying to find something similar for Dovecot. How about: http://wiki.dovecot.org/PostLoginScripting Looks perfect. Thank you!
[Dovecot] ACL + shared-imap + nested AD groups
Hi,
I'm looking for a solution to use nested AD groups for authorization in
shared-imap folders(namespace public).
As a simple hack to determine the (primary) groups of a user we use the
following setup with a post-login script:
in dovecot.conf
...
protocol imap {
mail_executable = /etc/dovecot/ldap_groups.sh
...
ldap_groups.sh
ACL_GROUPS=`ldapsearch -h ldapserver -p 3268 -s sub -D cn=ldap mail, ou=user,
ou=global, ou=xxx, dc=xxx, dc=local -b ou=xxx, dc=xxx, dc=local
((sAMAccountName=$USER)) -LLL memberOf -w password | grep memberOf: CN= |
sed 's/memberOf: CN=//' | sed 's/,OU=.*//' | tr \n , | sed 's/, $//'`
export ACL_GROUPS
exec /usr/libexec/dovecot/imap $*
Does anyone know, how to simply get the groups of groups with such a
post-login script?
Thanks,
Martin
Re: [Dovecot] Shared mailboxes basics
On Thu, Mar 18, 2010 at 05:50:44PM +0100, Thomas Hummel wrote: But isn't a client like Thunderbird (3.0.3) supposed to . show me the #shared (even if no one shares mailboxes to me) folder (because of list = yes )? . let me share, let's say the .sous.arbo mailbox ? If yes, how ? Or should I first pre-set some acl files ??? For now, it says : This is a personnal mail folder. It is not shared. I made some progress and managed to share a mailbox with my setup but : a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. b) For things to work, I had to set up loose permissions on the maildirs and the shared-mailbox file. I've read on this list (from the 1.2 beta days) that it is supposed to be easier with virtual user (as opposed to system users) : why ? mailboxes end up being on the filesystem anyway... In fact, I don't really understand the difference between virtual and system users...Aren't they seen as almost the same for dovecot ? c) What's weird also is if I put a dovecot-acl file in a maildir I want to share, TB does not see it. But if I telnet and issue the SETACL command which end up generating the same dovecot-acl file, TB then sees the shared mailbox... Timo ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Problem with quota recreation
Hi,
I'm refering to current usage not limits. Here is my quota-sql config
user_query = \
SELECT '/var/vmail/%d/%n' as home, 'dict:user::proxy::quota' AS quota,
concat('*:storage=', quotaLimit,'M') AS quota_rule \
FROM mailAccount WHERE username = '%u' AND domain = '%d' AND isLocked =
FALSE
and actual quota config
map {
pattern = priv/quota/storage
table = mailAccount
username_field = username
value_field = usageBytes
}
map {
pattern = priv/quota/messages
table = mailAccount
username_field = username
value_field = usageMessages
}
Select from mysql select username, usageBytes, usageMessages from
mailAccount where username='u...@gruber.si' gives me
u...@gruber.si NULL NULL
actual usageBytes and usageMessages only change on moving messages between
folders or on delivery. But I need recalculate after migration from cyrus to
dovecote via cyrus2dovecote. I tried with GETQUOTAROOT but without any luck.
Best regards
Uros
On Fri, Mar 19, 2010 at 3:16 PM, Steffen Kaiser
skdove...@smail.inf.fh-brs.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 19 Mar 2010, Uroš Gruber wrote:
only problem is when i migrate mailbox from cyrus to dovecot and when
bytes
and messages is set to 0. I tried with x GETQUOTAROOT Inbox but the quota
usage is not recalculated and when a new message is delivered quota is
calculated only on the new message. Any help would be greatly appreciated.
Hmm, what does 0 means for cyrus, unlimited too?
see http://wiki.dovecot.org/Quota/1.1
bytes: Quota limit in bytes, 0 means unlimited.
Or do you refer to the actual (current) quota and not the limits?
In that case, just remove the entries.
Regards,
- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS6OHMr+Vh58GPL/cAQLGKQf+Mh7fAs02ydVfsqUTOiiSNAtfu6IGTH9V
FYSZ1sPvxfybTZOzcf8oViaI2bhtkYd2VblLU+0+w9FlPwvSY5oOfhr5r70EyhB+
NN42/RfXo91oVM2rK9+tg71HdnsBNJVj+a2I+PTPW5lP7KzHnCV9cDTlHV0845L1
vMuZTUBsaiPM4k4RRR7l7LzN6gvhLSVLl123SojgMX61G6smmP5jZlIqffb0kY4v
MDFEbuwr0S04HBKPzTwoUFanRnBvwI9byUmJfEQswqbUzFvgRnSUT2L0Vcq4V6SB
zGDmq9FPRQCGzbcupPOe1EPV/jqSthI/mzRC1+4yLe4IPDIio4fQ6g==
=Bn6e
-END PGP SIGNATURE-
Re: [Dovecot] Triggering mailbox fetch
On Fri, Mar 19, 2010 at 7:21 PM, Brian Candler b.cand...@pobox.com wrote: On Fri, Mar 19, 2010 at 06:15:20PM +0200, Timo Sirainen wrote: In courier-imap I could create a '.loginexec' file which is executed when the user logs in, and gets deleted if it completes successfully. I'm trying to find something similar for Dovecot. How about: http://wiki.dovecot.org/PostLoginScripting Looks perfect. Thank you! @Brian, Once done, I hope you can share such a tool in the Dovecot Wiki. Seems extremely handy. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ If you have nothing good to say about someone, just shut up!. -- Lucky Dube
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 17:27 +0100, Thomas Hummel wrote: a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. b) For things to work, I had to set up loose permissions on the maildirs and the shared-mailbox file. I've read on this list (from the 1.2 beta days) that it is supposed to be easier with virtual user (as opposed to system users) : why ? mailboxes end up being on the filesystem anyway... In fact, I don't really understand the difference between virtual and system users...Aren't they seen as almost the same for dovecot ? Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) c) What's weird also is if I put a dovecot-acl file in a maildir I want to share, TB does not see it. But if I telnet and issue the SETACL command which end up generating the same dovecot-acl file, TB then sees the shared mailbox... Yes, because SETACL updates also the shared-mailbox file, which contains information about what mailboxes are visible to who. Without that, Dovecot would have to look through all users all mailboxes to see if there happens to be any dovecot-acl files that contains rules for current user, which of course would be really slow. Maybe for v2.0 I could add doveadm acl command to help with these things. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Sendmail + deliver; silent errors.
On Fri, 2010-03-19 at 21:48 +1030, Daryl Tester wrote: Mdovecot, P=/opt/dovecot-1.2.9/libexec/dovecot/deliver, F=lADFMPhnu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrFromL, T=DNS/RFC822/X-Unix, A=deliver -d $u Change the last line (Argv) to A=/opt/dovecot-1.2.9/libexec/dovecot/deliver -d $u .. I can't believe I've spent most of an afternoon on this. hangs head in shame Well, at least I updated the wiki now so that future people won't have this problem. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] problem with master db and dovecot-2.0.beta3
On Wed, 2010-03-17 at 12:34 +0100, Oliver Eales wrote: Mar 17 12:06:50 auth: Info: passdb(masteru...@vodafone.de,::1,master): Attempted master login with no master passdbs (trying to log in as user: 10...@vodafone.de) Fixed that too now, and actually tested that it works. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Thanks for your answer Timo. a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. Ouch! What known UA does support it ? What's the point of supporting only GETACL ? I guess this means that if users run this client, shared mailboxes have to be managed by an administrator, right ? Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? Thanks. -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Yes, because SETACL updates also the shared-mailbox file, which contains information about what mailboxes are visible to who. Without that, Dovecot would have to look through all users all mailboxes to see if there happens to be any dovecot-acl files that contains rules for current user, which of course would be really slow. Get it. So I guess the recommended method to make the share mailboxes visible is to talk IMAP (through telnet for instance) and not trying to suppose anything about the shared-mailbox file format and try to hack it directly, right ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 22:09 +0100, Thomas Hummel wrote: On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Thanks for your answer Timo. a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. Ouch! What known UA does support it ? Mulberry, Kolab, some webmail plugins maybe. What's the point of supporting only GETACL ? I guess it just shows nicely what mailboxes are shared. I guess this means that if users run this client, shared mailboxes have to be managed by an administrator, right ? Or some custom web interface. Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? Pretty much. But 0777 permissions are somewhat worse for security than just giving a single shared uid 0700 permissions. :) So there's nothing magical about virtual users making this easier. It's just that most people wouldn't like using 0777/0666 permissions for all mails.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 22:14 +0100, Thomas Hummel wrote: Get it. So I guess the recommended method to make the share mailboxes visible is to talk IMAP (through telnet for instance) and not trying to suppose anything about the shared-mailbox file format and try to hack it directly, right ? Right. Note that you could also do things like: printf 1 setacl blah\n2 logout\n | dovecot --exec-mail imap (assuming environment is setup properly, USER=username being the most important) signature.asc Description: This is a digitally signed message part
[Dovecot] Post Login Script in 2.0
Been digging through the list archives but I didn't see anything about this specifically. I've been playing with trying to get the post-login script stuff working with 2.0 (tried with a mercurial checkout from today and one I had kicking around from a few days ago), mainly to run the courier conversion script after logins. I'm using the 'executable' arg in 'service pop' and 'service imap' and I've tried with and without drop_priv_before_exec=yes. I've just been using the test script mentioned in the wiki that dumps the environment to a file in /tmp and then execs libexec/imap or libexec/pop. The script specified in 'executable' is definitely getting executed just fine and logins work just fine. When it executes though, they're getting just the basic environment, as opposed to the environment that shows up in 1.2.11 full of various MAIL*/NAMESPACE*/etc variables. And I see in strace output that there's no batch of env vars getting passed around anymore, even when dovecot invokes libexec/imap or libexec/pop directly. Is there a setting that tells the dovecot process to fork the post-login script with the fully populated set of environment variables? Or alternatively, in the 2.0 world, is the idea to get that info out of the /var/run/dovecot/config socket? If so, is there an example somewhere? I can post my configs, but I figured that since this is a conceptual problem, I might as well ask first without pasting a few pages of dovecot -a output :)
Re: [Dovecot] Post Login Script in 2.0
On 20.3.2010, at 2.54, Mark Moseley wrote: Been digging through the list archives but I didn't see anything about this specifically. There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
Re: [Dovecot] Sendmail + deliver; silent errors.
Timo Sirainen wrote: [Sendmail mailer arguments] Change the last line (Argv) to A=/opt/dovecot-1.2.9/libexec/dovecot/deliver -d $u ... Well, at least I updated the wiki now so that future people won't have this problem. :) To be fair, this was only a problem because I setuid'd the binary as root, which causes the extra permissions checking. The wiki page uses a non- root ID, which I couldn't get to work (the previously mentioned setgid() failure), but at least wouldn't have fallen over in this fashion. Cheers! -- Regards, Daryl Tester Member of the Amalgamated Australian Association Against Apostrophe Abuse. (formerly the 6A's - no, wait ...).
