Re: Using dovecot-shared for an shared index not working
Am 18.02.2022 um 13:41 schrieb Achim Gottinger: > Hello > > I'm in the process to migrate our mail server from version 2.2.13 with > maildirs to 2.3.13 with sdbox. > On the old server if we wanted an common index for the seen flag on shared > folders we created an file called dovecot-shared in the mail_location folder > and the mailbox folders. > This does not work on the new server for all shared mailboxes the seen flag > is stored per user. > > The log file shows this if the seen flag is changed > > Feb 18 13:24:15 SERVER dovecot[18887]: imap(USER)<18978><51HhlUnYeOfAwAx3>: > Debug: imapsieve: mailbox shared/info: FLAG event (changed flags: \Seen) > > The dovecot-acl file for the shared/info/INBOX folder has the s flag set. > > I hope i can get a few pointers here how to get the seen flag working for all > users again. > On the old server the location variable for the shared folders had the > variable INDEX defined which can not be used with sdbox. > > location = > maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX > > Does that imply that sharing the seen flag can not be used with sdbox? > > Thanks in advance, > Achim > Found if I do not define INDEXPVT for the shared location the seen flag is used common for all users. Would be nice to control that per shared folder. dovecot-shared does not seem to be used any longer, tought to find old docs on the internet at all.
Using dovecot-shared for an shared index not working
Hello I'm in the process to migrate our mail server from version 2.2.13 with maildirs to 2.3.13 with sdbox. On the old server if we wanted an common index for the seen flag on shared folders we created an file called dovecot-shared in the mail_location folder and the mailbox folders. This does not work on the new server for all shared mailboxes the seen flag is stored per user. The log file shows this if the seen flag is changed Feb 18 13:24:15 SERVER dovecot[18887]: imap(USER)<18978><51HhlUnYeOfAwAx3>: Debug: imapsieve: mailbox shared/info: FLAG event (changed flags: \Seen) The dovecot-acl file for the shared/info/INBOX folder has the s flag set. I hope i can get a few pointers here how to get the seen flag working for all users again. On the old server the location variable for the shared folders had the variable INDEX defined which can not be used with sdbox. location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX Does that imply that sharing the seen flag can not be used with sdbox? Thanks in advance, Achim Here is the dovecot -n output: -- # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 4.19.0+1 x86_64 Debian 11.2 zfs # Hostname: SERVER auth_cache_size = 5 M auth_gssapi_hostname = SERVER auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_master_user_separator = % auth_mechanisms = plain login gssapi auth_username_format = %Ln debug_log_path = syslog first_valid_gid = 998 first_valid_uid = 998 imap_max_line_length = 2 M info_log_path = syslog mail_attachment_dir = /var/lib/vmail/attachements mail_debug = yes mail_gid = 998 mail_home = /var/lib/vmail/%u mail_location = sdbox:/var/lib/vmail/%u/sdbox:INDEX=/var/lib/vmail/%u/sdbox mail_plugins = acl fts fts_solr mail_uid = 998 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace { list = children location = sdbox:/var/lib/vmail/%%u/sdbox:INDEXPVT=/var/lib/vmail/%u/sdbox/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { acl = vfile acl_anyone = allow acl_defaults_from_inbox = yes acl_shared_dict = file:/var/lib/vmail/.shared-mailboxes fts = solr fts_autoindex = yes fts_autoindex_exclude = \Junk fts_autoindex_exclude2 = \Trash fts_solr = url=http://localhost:8983/solr/dovecot/ imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid from subject size sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/after.d/ sieve_dir = ~/sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/acl-groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Re: Moving Maildir folders
Am 17.07.2016 um 02:36 schrieb Mark Foley: Not quite there yet. The folders show up, but I cannot see the mail inside the folders unless (in the Thunderbird client) I uncheck the setting "Show only subscribed folders". Still, the top-level folder is shown as grayed-out/italics as well as the the sub-folder INBOX. All other sub-folder at the same level as INBOX are not grayed-out, nor are folders subordinate to INBOX: u...@mydom.org <-- topmost "real" account folder +Inbox Drafts Templates send Items Junk E-mail Deleted Items +bpatterson <-- added Maildir folders from former user, grayed-out, italics +INBOX <-- grayed out, italic Payabled <-- not grayed Health Care <-- not grayed : : Sent <-- not grayed Sent Items <-- not grayed Templates <-- not grayed Trash <-- not grayed Mozilla has a reference to this phenomenon http://kb.mozillazine.org/Grey_italic_folders, but this seems to have to do with GMAIL accounts. Mine is a local IMAP server and the link has no apparent remedy. Furthermore, if I attempt to delete e.g. "Trash" I get an error, presumably from Dovecot: "The current command did not succeed. The mail server for account u...@mydom.org responded: [ALREADYEXISTS] Target mailbox already exists." Seem like an odd error when trying to delete. My theory is that if I can designated these folders as 'subcribed' everything would work normally. I don't know if that's true. I've tried added these folders to the 'subscriptions' file in the user's Maildir folder, an excerpt of which: INBOX.Directed Brokerage INBOX.Directed Brokerage.Abel Noser INBOX.Investments-Active.Kayne INBOX.Pending - Open Projects Deleted Items.Oath INBOX.Board Info.New Trustee-Oath of Office INBOX.Rule Filing-Rule Changes bpatterson.INBOX.2011 Investment Confirmation Responses bpatterson.INBOX.2011 and 2012 KCR Audit bpatterson.INBOX.2012 Investment Confirmation Responses bpatterson.INBOX.2013 Health Care Changes - Information bpatterson.INBOX.2013 Investment Confirmation Responses where the 1st 7 listed are part of the user's existing list and the next ones are what I added for the former user's mail folders. This did not work. Ideas? --Mark Hi Mark, Try to subscribe in thundebird via your accounts right click context menu. The greyed out folders may not contain mails (missing .cur etc. suubfolders). Sometimes it is neccessary to clean the ImapMail folder in the thunderbird user profile (as an last resort). achim~
Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
Am 04.07.2016 um 09:30 schrieb Mark Foley: Actually, I see that you used host.domain.name further down. That's a good substitute for mail.hprs.local. Also, not to be a literary critic, but it might not hurt to show an example keytab beneath your "Make sure your keytab has entry for ...". Just in case people don't exactly know how to "make sure: $ klist -Kek /etc/dovecot/dovecot.keytab Keytab name: FILE:/etc/dovecot/dovecot.keytab KVNO Principal -- 1 imap/host.domain.name@MYREALM (des-cbc-crc) (0x232616c2a4fd08f7) 1 imap/host.domain.name@MYREALM (des-cbc-md5) (0x232616c2a4fd08f7) 1 imap/host.domain.name@MYREALM (arcfour-hmac) (0x9dae89a221dc374a39f560833 --Mark -Original Message- From: Mark Foley <mfo...@ohprs.org> Date: Mon, 04 Jul 2016 03:23:30 -0400 Organization: Ohio Highway Patrol Retirement System To: dovecot@dovecot.org Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config] On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tu...@dovecot.fi> wrote: http://wiki2.dovecot.org/Authentication/Kerberos It has been now updated. Excellent! That was quick! Although, you used my actual local domain in your example: mail.hprs.local. Not that I care, no one can get to that, but it might be clearer to those of us who uncomprehendingly monkey-type things from wiki's when we don't fully understand. Perhaps something more generic would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- something like that. Not sure what is best; just don't want to imply that they HAVE TO use mail.hprs.local. I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. I have to set up some kind of test environment to find out why it bugs. I'm going to give my brain a rest for a bit before I resume tilting at the NTML windmill! I'll check back with the list to see if you've come up with anything. Aki Again, thanks for all your help. --Mark -Original Message- Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config] To: dovecot@dovecot.org From: Aki Tuomi <aki.tu...@dovecot.fi> Organization: Dovecot Oy Date: Mon, 4 Jul 2016 08:54:27 +0300 On 04.07.2016 07:44, Mark Foley wrote: After a over a year and a half struggling to get Dovecot to do either NTLM or GSSAPI authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all those in this list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey especially Aki Tuomi; and infinite thanks to Achim Gottinger on the SambaList for his patience in working this through with me. Although my purpose was for Dovecot to authenticate mail clients, the configuration settings needed were on the Samba side. I hope a variation of these instructions can eventually make it into: http://wiki2.dovecot.org/Authentication/Kerberos It has been now updated. I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. I have to set up some kind of test environment to find out why it bugs. Aki Thanks for updating the kerberos docs. Usually it is also an good idea to disable password expiry for the service accounts. samba-tool user setexpiry dovecot --noexpiry achim~
Re: [Dovecot] connection Dovecot to samba4
Hi, Added a few corrections to your config below. Hope it works. achim~ Am 16.12.2013 11:51, schrieb Pascal den Bekker: Hello, I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ?? I tried the following: /etc/dovecot.conf: protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000 Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range. log_path = /var/log/dovecot log_timestamp = %Y-%m-%d %H:%M:%S login_greeting = Welcome to domain.local. service imap { inet_listener { port=143 } } protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve } service managesieve { inet_listener { port=12000 } } auth_verbose = yes auth_debug = yes service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } } #service auth-userdb { #user = vmail #} #user = root #} passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap } plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 } debug_log_path = /var/log/dovecot-debug.log dict { } /etc/dovecot/dovecot-ldap-passdb.conf hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = ((objectClass=person)(cn=%u)(mail=*)) hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000 This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName. /etc/dovecot/dovecot-ldap-userdb.conf: hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local #user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir user_filter = ((objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user When I try to login with useraccountadministrator I get the following error messages: 2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=ldap, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=N3HjRaTtdAB/AAAB Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ?? Cheers, - Pascal
Re: [Dovecot] connection Dovecot to samba4
Am 16.12.2013 16:14, schrieb Pascal den Bekker: Hey Achim, thank you for your help :-) Unfortunately it did not work :-( I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message: 2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,DBQZNajtqQB/AAAB): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,DBQZNajtqQB/AAAB): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=administrator, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=DBQZNajtqQB/AAAB When I look in samba4: samba-tool user list Administrator krbtgt Guest ldap The user seems to be there..:-( Cheers, - Pascal On 12/16/2013 03:37 PM, Achim Gottinger wrote: Hi, Added a few corrections to your config below. Hope it works. achim~ Am 16.12.2013 11:51, schrieb Pascal den Bekker: Hello, I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ?? I tried the following: /etc/dovecot.conf: protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000 Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range. log_path = /var/log/dovecot log_timestamp = %Y-%m-%d %H:%M:%S login_greeting = Welcome to domain.local. service imap { inet_listener { port=143 } } protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve } service managesieve { inet_listener { port=12000 } } auth_verbose = yes auth_debug = yes service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } } #service auth-userdb { #user = vmail #} #user = root #} passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap } plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 } debug_log_path = /var/log/dovecot-debug.log dict { } /etc/dovecot/dovecot-ldap-passdb.conf hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = ((objectClass=person)(cn=%u)(mail=*)) hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000 This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName. /etc/dovecot/dovecot-ldap-userdb.conf: hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local #user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir user_filter = ((objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user When I try to login with useraccountadministrator I get the following error messages: 2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=ldap, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=N3HjRaTtdAB/AAAB Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ?? Cheers, - Pascal I'd test it with an different user than Administrator, and make sure the user has an E-Mail adress assigned.
[Dovecot] Problem with INDEXes and deleting shared folders
Hi, I use dovecot 2.1.7 on debian wheezy. I have a bunch of shared folders whom i configured to store the indexe's under the users mail_location/shared/%%u. I configured acl's for those shared folders in an way that all users should be able to add and delete folders (for example group=buchhaltung keilrwtsx). Creating folders works fine but if i try to delete such an folder i get the following error. Dec 10 12:03:41 logon-zor dovecot: imap(ag): Debug: Can't rename 'shared/buchhaltung/Test' to 'Trash/Test': one namespace has index dir and another doesn't Of course there is no dovecot.index file in /home/vmail/buchhaltung/mai/.Test but there is one in /home/ag/vmail/mail/shared/buchhaltung/.Test and in /home/ag/vmail/mail/.Trash. Seems dovecot does not honour the shared namespaces index settings when trying to rename that folder. Is there an fix for this issue in 2.1.7 or would upgrade to 2.2.5 (from debian unstable) help? Thanks in advance Achim Gottinger Here are my namespace mail_location etc. settings: mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX mail_uid = 998 mail_gid = 998 first_valid_uid = 998 first_valid_gid = 998 mail_shared_explicit_inbox = yes maildir_very_dirty_syncs = yes namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { inbox = yes location = maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX prefix = separator = / type = private }
Re: [Dovecot] Problem with INDEXes and deleting shared folders
Am 10.12.2013 12:09, schrieb Achim Gottinger: Hi, I use dovecot 2.1.7 on debian wheezy. I have a bunch of shared folders whom i configured to store the indexe's under the users mail_location/shared/%%u. I configured acl's for those shared folders in an way that all users should be able to add and delete folders (for example group=buchhaltung keilrwtsx). Creating folders works fine but if i try to delete such an folder i get the following error. Dec 10 12:03:41 logon-zor dovecot: imap(ag): Debug: Can't rename 'shared/buchhaltung/Test' to 'Trash/Test': one namespace has index dir and another doesn't Of course there is no dovecot.index file in /home/vmail/buchhaltung/mai/.Test but there is one in /home/ag/vmail/mail/shared/buchhaltung/.Test and in /home/ag/vmail/mail/.Trash. Seems dovecot does not honour the shared namespaces index settings when trying to rename that folder. Is there an fix for this issue in 2.1.7 or would upgrade to 2.2.5 (from debian unstable) help? To answer my own question, if i configure thunderbird to delete messages immediate, deleting these folders work. But I'd prefer the usualy way where messages/folders move to the trash folder first. Thanks in advance Achim Gottinger Here are my namespace mail_location etc. settings: mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX mail_uid = 998 mail_gid = 998 first_valid_uid = 998 first_valid_gid = 998 mail_shared_explicit_inbox = yes maildir_very_dirty_syncs = yes namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { inbox = yes location = maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX prefix = separator = / type = private }
Re: [Dovecot] Shared Folters with LDA/Sieve
Am 17.11.2013 05:31, schrieb Dieter Knopf: Hello, i'm searching for a way to use Shared mailboxes with Sieve Filtering. I need global email addresses like: i...@foo.tld cont...@foo.tld h...@foo.tld Every address with own Sieve-rules for filtering and sorting of incoming mails. Now every user needs access to this folders, but how? How should i create the global addresses? I already found http://wiki2.dovecot.org/SharedMailboxes/Public , but that's just a public namespace. Is there any FAQ available for this? Thank you very much Dieter On my setup with an Active Directory LDAP backend i used Domain Groups for such email Adresses and configured the acl's in an way that members of the groups have full access to the group's imap folders via the shared (not the public) namespace. Since each group has normal imap account sieve rules can be applied as well. Guess you can use simple useraccounts for the mail accounts and share them for all authenticated users. Should be simpler. http://wiki2.dovecot.org/SharedMailboxes/Shared achim~
Re: [Dovecot] Can't get sieve/managedsieve working
Am 09.11.2013 14:01, schrieb Stefan Liebl: Am 2013-11-08 22:31, schrieb Achim Gottinger: Am 08.11.2013 22:19, schrieb Alter Depp: I am running dovecot 2.1.7 for a while, with roundcube webmail frontend 0.9.5 . An wild guess but it may help if you define mail_home as well. Does this setting exist in dovecot 2? Where should I set it and to what? Stefan I had to let mail_home point to an different folder that mail_location, but i use virtual users and dovecot runs as user vmail only. http://wiki2.dovecot.org/VirtualUsers/Home. The thunderbird sieve addon works here with plaintext passwords over imap or imaps. It does not work with kerberos authetication and may have an problem with tls as well. You said you can upload scipts with sieve-connect, do they apply to incoming mails? I'd go through the manual login and upload tests described here as well http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting?highlight=%28sieve%29|%28telnet%29 achim~
Re: [Dovecot] Question about folder sharing
Am 08.11.2013 01:25, schrieb Achim Gottinger: Hi, I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox. What i want to archiev is the following: If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox. I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this? doveconf -n mail_location = maildir:/home/vmail/%u/mail namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } I changed the location of the inbox like this mail_location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX= /home/vmail/%%u/mail/.Inbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox prefix = separator = / type = private } Also exteded my ldap queries to return the correct mail variable (=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox). Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly created subfolders, which is very helpful. However if i share an users inbox now the hierarchie looks like this for an user with access. shared/user shared/user/Inbox shared/user/INBOX All three folders point to user's inbox. If i set mail_shared_explicit_inbox=yes shared/user is greyed out but the other two folders remain. Can someone here tell me what i did wrong to have three verisons of the inbox now? Thanks in advance achim~
Re: [Dovecot] Question about folder sharing
Am 09.11.2013 11:48, schrieb Achim Gottinger: Am 08.11.2013 01:25, schrieb Achim Gottinger: Hi, I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox. What i want to archiev is the following: If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox. I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this? doveconf -n mail_location = maildir:/home/vmail/%u/mail namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } I changed the location of the inbox like this mail_location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX= /home/vmail/%%u/mail/.Inbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox prefix = separator = / type = private } Also exteded my ldap queries to return the correct mail variable (=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox). Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly created subfolders, which is very helpful. However if i share an users inbox now the hierarchie looks like this for an user with access. shared/user shared/user/Inbox shared/user/INBOX All three folders point to user's inbox. If i set mail_shared_explicit_inbox=yes shared/user is greyed out but the other two folders remain. Can someone here tell me what i did wrong to have three verisons of the inbox now? Thanks in advance achim~ Changed .Inbox to .INBOX now there is only one folder named INBOX visible. The ACL's from /home/vmail/%u/mail are used for all subfolders under ../mail no matter if they have an dovecot-acl file inside or not. Can not find this documented, it's useful in my case but is it supposed to work like that? Nice thing is i can create root-level folders for users with an mail_location configured like that in the shared subsections.
Re: [Dovecot] Can't get sieve/managedsieve working
Am 08.11.2013 22:19, schrieb Alter Depp: Hi, I am running dovecot 2.1.7 for a while, with roundcube webmail frontend 0.9.5 . Now I wanted to add sieve to filter mails. Unfortunately most tutorials are for dovecot 1.x but I'm running dovecot 2 on debian wheezy. I could upload some scripst with sieve-connect, checked and activated them. When I try to edit filters with thunderbird sieve plugin 0.2.2 nothing happens. If I try to edit filters with roundcube managesieve plugin nothing happens, too, but I get some errors in logfile: roundcube: Authentication failed. (3) roundcube: Not currently in AUTHORISATION stata (1): Can someone help me, to get it running? An wild guess but it may help if you define mail_home as well.
[Dovecot] Question about folder sharing
Hi, I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox. What i want to archiev is the following: If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox. I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this? doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_master_user_separator = % auth_mechanisms = plain login gssapi auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_format = %n auth_verbose = yes debug_log_path = syslog disable_plaintext_auth = no first_valid_gid = 998 first_valid_uid = 998 info_log_path = syslog mail_debug = yes mail_gid = 998 mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail mail_plugins = acl mail_shared_explicit_inbox = no mail_uid = 998 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/home/vmail/.shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/acl-groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = /etc/easy-rsa/keys/dovecot.crt ssl_key = /etc/easy-rsa/keys/dovecot.key userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } protocol imap { imap_client_workarounds = delay-newmail mail_plugins = acl imap_acl } protocol lmtp { mail_plugins = acl sieve }
Re: [Dovecot] Question about folder sharing
Hmm inheritance for Inbox subfolders is working now that i changed namespace inbox into namespace. However the prefix INDEX thing does not look nice for shared folders they appear as shaler/username/INBOX/[foldername] The docs mention: ACL Inheritance Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance. Namespace's default ACLs are read from dovecot-acl file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs. What i do not understand where would i have to put an dovecot-acl for user default? My mail_home is /home/vmail/%u and mail root an subfolder mail inside. The dovecot-acl residing here is the one with the acl's for inbox and therefore only used for inboxe's subfolders. Am 08.11.2013 01:25, schrieb Achim Gottinger: Hi, I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox. What i want to archiev is the following: If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox. I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this? doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_master_user_separator = % auth_mechanisms = plain login gssapi auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_format = %n auth_verbose = yes debug_log_path = syslog disable_plaintext_auth = no first_valid_gid = 998 first_valid_uid = 998 info_log_path = syslog mail_debug = yes mail_gid = 998 mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail mail_plugins = acl mail_shared_explicit_inbox = no mail_uid = 998 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/home/vmail/.shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp sieve service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/acl-groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = /etc/easy-rsa/keys/dovecot.crt ssl_key = /etc/easy-rsa/keys/dovecot.key userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } protocol imap { imap_client_workarounds = delay-newmail mail_plugins = acl imap_acl } protocol lmtp { mail_plugins = acl sieve }
Re: [Dovecot] Question about folder sharing
Am 08.11.2013 02:50, schrieb Achim Gottinger: Hmm inheritance for Inbox subfolders is working now that i changed namespace inbox into namespace. However the prefix INDEX thing does not look nice for shared folders they appear as shaler/username/INBOX/[foldername] The docs mention: ACL Inheritance Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance. Namespace's default ACLs are read from dovecot-acl file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs. What i do not understand where would i have to put an dovecot-acl for user default? My mail_home is /home/vmail/%u and mail root an subfolder mail inside. The dovecot-acl residing here is the one with the acl's for inbox and therefore only used for inboxe's subfolders. Beside that i guess it would still not allow users to create folders via thunderbird by right click on shared/[username] and selecting new folder. Seems the only workaround is to create an separate folder share him and set acls on that folder so the hierarchy would end up linke this Inbox Trash ... shared/[username] (users inbox) shared/[username]/folder (the helper folder with proper acl's) shared/[username]/folder/[subfolders] and if there are subfolders in the inbox shared/[username]/INBOX/[subfolder]
Re: [Dovecot] dovecot-ldap : can't find user in OU subtree // solved
Am 31.10.2013 01:11, schrieb m...@electronico.nc: Le 31/10/2013 10:42, Achim Gottinger a écrit : Am 30.10.2013 21:17, schrieb m...@electronico.nc: Hello and thanks for your answer. Le 30/10/2013 19:32, Steffen Kaiser a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 30 Oct 2013, m...@electronico.nc wrote: passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } /etc/dovecot/dovecot-ldap-passdb.conf.ext: hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan ldap_version = 3 base = ou=users,dc=domain,dc=lan scope = subtree pass_filter = ((objectClass=person)(cn=%u)(mail=*)) You should use /etc/dovecot/dovecot-ldap-passdb.conf.ext hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=lan dnpass = My_secret_pass auth_bind = yes ldap_version = 3 base = OU=users,DC=domain,DC=lan scope = subtree pass_filter = ((objectClass=person)(cn=%u)(mail=*)) That way pass_filter should match cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN lookup vs. DN template. Hello Achim, Thanks for your answer :-) Sure it works OK, as soon as I specify dn dnpass (that I omitted in passdb... :-[ ) Many thanks again ! Nicolas The problem was auth_bind_userdn which only matched users in OU=users. If you use that type of passwort check pass_filter is not used. Now dovecot binds as user dn first, does an lookup of the users dn via pass_filter and uses the result as the dn for the password verification via an second bind to ldap. If you use the LDAP Server from an Active Directory i'd recommen you use. pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)). Because if you use Windows Remote Admin Tools to create users the users dn is usually someting like dn=cn=[Full Name],ou=Users,dc=domain,dc=lan and cn=[Full Name]. sAMAccountName however holds the users login name.
Re: [Dovecot] dovecot-ldap : can't find user in OU subtree
Am 30.10.2013 21:17, schrieb m...@electronico.nc: Hello and thanks for your answer. Le 30/10/2013 19:32, Steffen Kaiser a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 30 Oct 2013, m...@electronico.nc wrote: passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } /etc/dovecot/dovecot-ldap-passdb.conf.ext: hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan ldap_version = 3 base = ou=users,dc=domain,dc=lan scope = subtree pass_filter = ((objectClass=person)(cn=%u)(mail=*)) You should use /etc/dovecot/dovecot-ldap-passdb.conf.ext hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=lan dnpass = My_secret_pass auth_bind = yes ldap_version = 3 base = OU=users,DC=domain,DC=lan scope = subtree pass_filter = ((objectClass=person)(cn=%u)(mail=*)) That way pass_filter should match cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN lookup vs. DN template.