Re: Using dovecot-shared for an shared index not working
Am 18.02.2022 um 13:41 schrieb Achim Gottinger: > Hello > > I'm in the process to migrate our mail server from version 2.2.13 with > maildirs to 2.3.13 with sdbox. > On the old server if we wanted an common index for the seen flag on shared > folders we created an file called dovecot-shared in the mail_location folder > and the mailbox folders. > This does not work on the new server for all shared mailboxes the seen flag > is stored per user. > > The log file shows this if the seen flag is changed > > Feb 18 13:24:15 SERVER dovecot[18887]: imap(USER)<18978><51HhlUnYeOfAwAx3>: > Debug: imapsieve: mailbox shared/info: FLAG event (changed flags: \Seen) > > The dovecot-acl file for the shared/info/INBOX folder has the s flag set. > > I hope i can get a few pointers here how to get the seen flag working for all > users again. > On the old server the location variable for the shared folders had the > variable INDEX defined which can not be used with sdbox. > > location = > maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX > > Does that imply that sharing the seen flag can not be used with sdbox? > > Thanks in advance, > Achim > Found if I do not define INDEXPVT for the shared location the seen flag is used common for all users. Would be nice to control that per shared folder. dovecot-shared does not seem to be used any longer, tought to find old docs on the internet at all.
Using dovecot-shared for an shared index not working
Hello
I'm in the process to migrate our mail server from version 2.2.13 with maildirs
to 2.3.13 with sdbox.
On the old server if we wanted an common index for the seen flag on shared
folders we created an file called dovecot-shared in the mail_location folder
and the mailbox folders.
This does not work on the new server for all shared mailboxes the seen flag is
stored per user.
The log file shows this if the seen flag is changed
Feb 18 13:24:15 SERVER dovecot[18887]: imap(USER)<18978><51HhlUnYeOfAwAx3>:
Debug: imapsieve: mailbox shared/info: FLAG event (changed flags: \Seen)
The dovecot-acl file for the shared/info/INBOX folder has the s flag set.
I hope i can get a few pointers here how to get the seen flag working for all
users again.
On the old server the location variable for the shared folders had the variable
INDEX defined which can not be used with sdbox.
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX
Does that imply that sharing the seen flag can not be used with sdbox?
Thanks in advance,
Achim
Here is the dovecot -n output:
--
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 4.19.0+1 x86_64 Debian 11.2 zfs
# Hostname: SERVER
auth_cache_size = 5 M
auth_gssapi_hostname = SERVER
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_master_user_separator = %
auth_mechanisms = plain login gssapi
auth_username_format = %Ln
debug_log_path = syslog
first_valid_gid = 998
first_valid_uid = 998
imap_max_line_length = 2 M
info_log_path = syslog
mail_attachment_dir = /var/lib/vmail/attachements
mail_debug = yes
mail_gid = 998
mail_home = /var/lib/vmail/%u
mail_location = sdbox:/var/lib/vmail/%u/sdbox:INDEX=/var/lib/vmail/%u/sdbox
mail_plugins = acl fts fts_solr
mail_uid = 998
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment
mailbox date index ihave duplicate mime foreverypart extracttext imapsieve
vnd.dovecot.imapsieve
namespace {
list = children
location =
sdbox:/var/lib/vmail/%%u/sdbox:INDEXPVT=/var/lib/vmail/%u/sdbox/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_anyone = allow
acl_defaults_from_inbox = yes
acl_shared_dict = file:/var/lib/vmail/.shared-mailboxes
fts = solr
fts_autoindex = yes
fts_autoindex_exclude = \Junk
fts_autoindex_exclude2 = \Trash
fts_solr = url=http://localhost:8983/solr/dovecot/
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid from subject size
sieve = ~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve/after.d/
sieve_dir = ~/sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = " imap lmtp sieve"
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0777
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap-postlogin {
executable = script-login /etc/dovecot/acl-groups.sh
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert =
Re: Moving Maildir folders
Am 17.07.2016 um 02:36 schrieb Mark Foley: Not quite there yet. The folders show up, but I cannot see the mail inside the folders unless (in the Thunderbird client) I uncheck the setting "Show only subscribed folders". Still, the top-level folder is shown as grayed-out/italics as well as the the sub-folder INBOX. All other sub-folder at the same level as INBOX are not grayed-out, nor are folders subordinate to INBOX: u...@mydom.org <-- topmost "real" account folder +Inbox Drafts Templates send Items Junk E-mail Deleted Items +bpatterson <-- added Maildir folders from former user, grayed-out, italics +INBOX <-- grayed out, italic Payabled <-- not grayed Health Care <-- not grayed : : Sent <-- not grayed Sent Items <-- not grayed Templates <-- not grayed Trash <-- not grayed Mozilla has a reference to this phenomenon http://kb.mozillazine.org/Grey_italic_folders, but this seems to have to do with GMAIL accounts. Mine is a local IMAP server and the link has no apparent remedy. Furthermore, if I attempt to delete e.g. "Trash" I get an error, presumably from Dovecot: "The current command did not succeed. The mail server for account u...@mydom.org responded: [ALREADYEXISTS] Target mailbox already exists." Seem like an odd error when trying to delete. My theory is that if I can designated these folders as 'subcribed' everything would work normally. I don't know if that's true. I've tried added these folders to the 'subscriptions' file in the user's Maildir folder, an excerpt of which: INBOX.Directed Brokerage INBOX.Directed Brokerage.Abel Noser INBOX.Investments-Active.Kayne INBOX.Pending - Open Projects Deleted Items.Oath INBOX.Board Info.New Trustee-Oath of Office INBOX.Rule Filing-Rule Changes bpatterson.INBOX.2011 Investment Confirmation Responses bpatterson.INBOX.2011 and 2012 KCR Audit bpatterson.INBOX.2012 Investment Confirmation Responses bpatterson.INBOX.2013 Health Care Changes - Information bpatterson.INBOX.2013 Investment Confirmation Responses where the 1st 7 listed are part of the user's existing list and the next ones are what I added for the former user's mail folders. This did not work. Ideas? --Mark Hi Mark, Try to subscribe in thundebird via your accounts right click context menu. The greyed out folders may not contain mails (missing .cur etc. suubfolders). Sometimes it is neccessary to clean the ImapMail folder in the thunderbird user profile (as an last resort). achim~
Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config]
Am 04.07.2016 um 09:30 schrieb Mark Foley: Actually, I see that you used host.domain.name further down. That's a good substitute for mail.hprs.local. Also, not to be a literary critic, but it might not hurt to show an example keytab beneath your "Make sure your keytab has entry for ...". Just in case people don't exactly know how to "make sure: $ klist -Kek /etc/dovecot/dovecot.keytab Keytab name: FILE:/etc/dovecot/dovecot.keytab KVNO Principal -- 1 imap/host.domain.name@MYREALM (des-cbc-crc) (0x232616c2a4fd08f7) 1 imap/host.domain.name@MYREALM (des-cbc-md5) (0x232616c2a4fd08f7) 1 imap/host.domain.name@MYREALM (arcfour-hmac) (0x9dae89a221dc374a39f560833 --Mark -Original Message- From: Mark Foley <mfo...@ohprs.org> Date: Mon, 04 Jul 2016 03:23:30 -0400 Organization: Ohio Highway Patrol Retirement System To: dovecot@dovecot.org Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config] On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tu...@dovecot.fi> wrote: http://wiki2.dovecot.org/Authentication/Kerberos It has been now updated. Excellent! That was quick! Although, you used my actual local domain in your example: mail.hprs.local. Not that I care, no one can get to that, but it might be clearer to those of us who uncomprehendingly monkey-type things from wiki's when we don't fully understand. Perhaps something more generic would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- something like that. Not sure what is best; just don't want to imply that they HAVE TO use mail.hprs.local. I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. I have to set up some kind of test environment to find out why it bugs. I'm going to give my brain a rest for a bit before I resume tilting at the NTML windmill! I'll check back with the list to see if you've come up with anything. Aki Again, thanks for all your help. --Mark -Original Message- Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI config] To: dovecot@dovecot.org From: Aki Tuomi <aki.tu...@dovecot.fi> Organization: Dovecot Oy Date: Mon, 4 Jul 2016 08:54:27 +0300 On 04.07.2016 07:44, Mark Foley wrote: After a over a year and a half struggling to get Dovecot to do either NTLM or GSSAPI authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to all those in this list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey especially Aki Tuomi; and infinite thanks to Achim Gottinger on the SambaList for his patience in working this through with me. Although my purpose was for Dovecot to authenticate mail clients, the configuration settings needed were on the Samba side. I hope a variation of these instructions can eventually make it into: http://wiki2.dovecot.org/Authentication/Kerberos It has been now updated. I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. I have to set up some kind of test environment to find out why it bugs. Aki Thanks for updating the kerberos docs. Usually it is also an good idea to disable password expiry for the service accounts. samba-tool user setexpiry dovecot --noexpiry achim~
Re: [Dovecot] connection Dovecot to samba4
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has
experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve
mail_location = maildir:/data/mail/%d/%n/Maildir
mail_access_groups = vmail
mail_privileged_group = vmail
first_valid_uid = 110
last_valid_uid = 110
last_valid_uid = 5000
first_valid_gid = 115
last_valid_gid = 115
last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in
the valid range.
log_path = /var/log/dovecot
log_timestamp = %Y-%m-%d %H:%M:%S
login_greeting = Welcome to domain.local.
service imap {
inet_listener {
port=143
}
}
protocol lda {
log_path = /var/log/mail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@domain.local
mail_plugins = sieve
}
service managesieve {
inet_listener {
port=12000
}
}
auth_verbose = yes
auth_debug = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
group = vmail
mode = 0660
user = postfix
}
}
#service auth-userdb {
#user = vmail
#}
#user = root
#}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf
driver = ldap
}
plugin {
sieve = /data/mail/%d/%n/sieverc
sieve_storage=/data/mail/%d/%n/sieve
sieve_max_redirects = 20
}
debug_log_path = /var/log/dovecot-debug.log
dict {
}
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
ldap_version = 3
base = cn=Users,dc=domain,dc=local
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
hosts = localhost
auth_bind = yes
dn = cn=ldap,cn=Users,DC=domain,DC=local
dnpass = password
#auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
ldap_version = 3
base = cn=Users,dc=domain,dc=local
pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*))
user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according to
pass_filter and uses the resulting dn for authetification. If you create
users via the Windows Remote Management tools the dn for an user normaly
uses the Full Name as cn and not the user id which is stored as
sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost
dn = cn=ldap,cn=Users,DC=domain,DC=local
dnpass = password
ldap_version = 3
base = cn=Users,DC=domain,DC=local
#user_attrs =
user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = ((objectClass=person)(cn=%u)(mail=*))
iterate_attrs = cn=user
iterate_filter = (objectClass=person)
user_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*))
iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the following
error messages:
2013-12-16 11:28:29 auth: Info:
ldap(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): unknown user
2013-12-16 11:28:29 auth: Error:
userdb(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): user not found from userdb
ldap
2013-12-16 11:28:29 imap: Error: Authenticated user not found from
userdb, auth lookup id=783810561 (client-pid=3809 client-id=1)
2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809
id=1) (internal failure, 1 succesful auths): user=ldap,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured,
session=N3HjRaTtdAB/AAAB
Can someone tell me what I am doing wrong, or is there way to test to
dovecot ldap connection string ??
Cheers,
- Pascal
Re: [Dovecot] connection Dovecot to samba4
Am 16.12.2013 16:14, schrieb Pascal den Bekker:
Hey Achim,
thank you for your help :-) Unfortunately it did not work :-(
I changed the lines in the dovecot config you sent me.. When I try to
login into the sogo gui, im getting the following error message:
2013-12-16 16:10:07 auth: Info:
ldap(administrator,127.0.0.1,DBQZNajtqQB/AAAB): unknown user
2013-12-16 16:10:07 auth: Error:
userdb(administrator,127.0.0.1,DBQZNajtqQB/AAAB): user not found
from userdb ldap
2013-12-16 16:10:07 imap: Error: Authenticated user not found from
userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1)
2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503
id=1) (internal failure, 1 succesful auths): user=administrator,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured,
session=DBQZNajtqQB/AAAB
When I look in samba4:
samba-tool user list
Administrator
krbtgt
Guest
ldap
The user seems to be there..:-(
Cheers,
- Pascal
On 12/16/2013 03:37 PM, Achim Gottinger wrote:
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has
experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve
mail_location = maildir:/data/mail/%d/%n/Maildir
mail_access_groups = vmail
mail_privileged_group = vmail
first_valid_uid = 110
last_valid_uid = 110
last_valid_uid = 5000
first_valid_gid = 115
last_valid_gid = 115
last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in
the valid range.
log_path = /var/log/dovecot
log_timestamp = %Y-%m-%d %H:%M:%S
login_greeting = Welcome to domain.local.
service imap {
inet_listener {
port=143
}
}
protocol lda {
log_path = /var/log/mail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@domain.local
mail_plugins = sieve
}
service managesieve {
inet_listener {
port=12000
}
}
auth_verbose = yes
auth_debug = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
group = vmail
mode = 0660
user = postfix
}
}
#service auth-userdb {
#user = vmail
#}
#user = root
#}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf
driver = ldap
}
plugin {
sieve = /data/mail/%d/%n/sieverc
sieve_storage=/data/mail/%d/%n/sieve
sieve_max_redirects = 20
}
debug_log_path = /var/log/dovecot-debug.log
dict {
}
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
ldap_version = 3
base = cn=Users,dc=domain,dc=local
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
hosts = localhost
auth_bind = yes
dn = cn=ldap,cn=Users,DC=domain,DC=local
dnpass = password
#auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
ldap_version = 3
base = cn=Users,dc=domain,dc=local
pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*))
user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according
to pass_filter and uses the resulting dn for authetification. If you
create users via the Windows Remote Management tools the dn for an
user normaly uses the Full Name as cn and not the user id which is
stored as sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost
dn = cn=ldap,cn=Users,DC=domain,DC=local
dnpass = password
ldap_version = 3
base = cn=Users,DC=domain,DC=local
#user_attrs =
user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = ((objectClass=person)(cn=%u)(mail=*))
iterate_attrs = cn=user
iterate_filter = (objectClass=person)
user_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*))
iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the
following error messages:
2013-12-16 11:28:29 auth: Info:
ldap(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): unknown user
2013-12-16 11:28:29 auth: Error:
userdb(ldap,127.0.0.1,N3HjRaTtdAB/AAAB): user not found from
userdb ldap
2013-12-16 11:28:29 imap: Error: Authenticated user not found from
userdb, auth lookup id=783810561 (client-pid=3809 client-id=1)
2013-12-16 11:28:29 imap-login: Info: Internal login failure
(pid=3809 id=1) (internal failure, 1 succesful auths): user=ldap,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured,
session=N3HjRaTtdAB/AAAB
Can someone tell me what I am doing wrong, or is there way to test
to dovecot ldap connection string ??
Cheers,
- Pascal
I'd test it with an different user than Administrator, and make sure the
user has an E-Mail adress assigned.
[Dovecot] Problem with INDEXes and deleting shared folders
Hi,
I use dovecot 2.1.7 on debian wheezy. I have a bunch of shared folders
whom i configured to store the indexe's under the users
mail_location/shared/%%u.
I configured acl's for those shared folders in an way that all users
should be able to add and delete folders (for example group=buchhaltung
keilrwtsx).
Creating folders works fine but if i try to delete such an folder i get
the following error.
Dec 10 12:03:41 logon-zor dovecot: imap(ag): Debug: Can't rename
'shared/buchhaltung/Test' to 'Trash/Test': one namespace has index dir
and another doesn't
Of course there is no dovecot.index file in
/home/vmail/buchhaltung/mai/.Test but there is one in
/home/ag/vmail/mail/shared/buchhaltung/.Test and in
/home/ag/vmail/mail/.Trash.
Seems dovecot does not honour the shared namespaces index settings when
trying to rename that folder.
Is there an fix for this issue in 2.1.7 or would upgrade to 2.2.5 (from
debian unstable) help?
Thanks in advance
Achim Gottinger
Here are my namespace mail_location etc. settings:
mail_home = /home/vmail/%u
mail_location =
maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX
mail_uid = 998
mail_gid = 998
first_valid_uid = 998
first_valid_gid = 998
mail_shared_explicit_inbox = yes
maildir_very_dirty_syncs = yes
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
inbox = yes
location =
maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX
prefix =
separator = /
type = private
}
Re: [Dovecot] Problem with INDEXes and deleting shared folders
Am 10.12.2013 12:09, schrieb Achim Gottinger:
Hi,
I use dovecot 2.1.7 on debian wheezy. I have a bunch of shared folders
whom i configured to store the indexe's under the users
mail_location/shared/%%u.
I configured acl's for those shared folders in an way that all users
should be able to add and delete folders (for example
group=buchhaltung keilrwtsx).
Creating folders works fine but if i try to delete such an folder i
get the following error.
Dec 10 12:03:41 logon-zor dovecot: imap(ag): Debug: Can't rename
'shared/buchhaltung/Test' to 'Trash/Test': one namespace has index dir
and another doesn't
Of course there is no dovecot.index file in
/home/vmail/buchhaltung/mai/.Test but there is one in
/home/ag/vmail/mail/shared/buchhaltung/.Test and in
/home/ag/vmail/mail/.Trash.
Seems dovecot does not honour the shared namespaces index settings
when trying to rename that folder.
Is there an fix for this issue in 2.1.7 or would upgrade to 2.2.5
(from debian unstable) help?
To answer my own question, if i configure thunderbird to delete messages
immediate, deleting these folders work. But I'd prefer the usualy way
where messages/folders move to the trash folder first.
Thanks in advance
Achim Gottinger
Here are my namespace mail_location etc. settings:
mail_home = /home/vmail/%u
mail_location =
maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX
mail_uid = 998
mail_gid = 998
first_valid_uid = 998
first_valid_gid = 998
mail_shared_explicit_inbox = yes
maildir_very_dirty_syncs = yes
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=/home/vmail/%%u/mail/.INBOX
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace {
inbox = yes
location =
maildir:/home/vmail/%u/mail:INDEX=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.INBOX
prefix =
separator = /
type = private
}
Re: [Dovecot] Shared Folters with LDA/Sieve
Am 17.11.2013 05:31, schrieb Dieter Knopf: Hello, i'm searching for a way to use Shared mailboxes with Sieve Filtering. I need global email addresses like: i...@foo.tld cont...@foo.tld h...@foo.tld Every address with own Sieve-rules for filtering and sorting of incoming mails. Now every user needs access to this folders, but how? How should i create the global addresses? I already found http://wiki2.dovecot.org/SharedMailboxes/Public , but that's just a public namespace. Is there any FAQ available for this? Thank you very much Dieter On my setup with an Active Directory LDAP backend i used Domain Groups for such email Adresses and configured the acl's in an way that members of the groups have full access to the group's imap folders via the shared (not the public) namespace. Since each group has normal imap account sieve rules can be applied as well. Guess you can use simple useraccounts for the mail accounts and share them for all authenticated users. Should be simpler. http://wiki2.dovecot.org/SharedMailboxes/Shared achim~
Re: [Dovecot] Can't get sieve/managedsieve working
Am 09.11.2013 14:01, schrieb Stefan Liebl: Am 2013-11-08 22:31, schrieb Achim Gottinger: Am 08.11.2013 22:19, schrieb Alter Depp: I am running dovecot 2.1.7 for a while, with roundcube webmail frontend 0.9.5 . An wild guess but it may help if you define mail_home as well. Does this setting exist in dovecot 2? Where should I set it and to what? Stefan I had to let mail_home point to an different folder that mail_location, but i use virtual users and dovecot runs as user vmail only. http://wiki2.dovecot.org/VirtualUsers/Home. The thunderbird sieve addon works here with plaintext passwords over imap or imaps. It does not work with kerberos authetication and may have an problem with tls as well. You said you can upload scipts with sieve-connect, do they apply to incoming mails? I'd go through the manual login and upload tests described here as well http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting?highlight=%28sieve%29|%28telnet%29 achim~
Re: [Dovecot] Question about folder sharing
Am 08.11.2013 01:25, schrieb Achim Gottinger:
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix,
samba4 (as ldap backend) and sogo. I configured folder sharing but
have an few issues.
With my current config users can share the inbox and other folders. If
the acl allows creatings subfolders this does work for all folders
beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create
subfolders and those should inherit the inboxe's acl. All subfolders
of inbox should appear as folders at root level and not as subfolders
of the inbox.
I thought this can be done by setting the prefix of namespace inbox to
INBOX/. I did this and changed the IMAP Server Folder setting in
thunderbird to INBOX (like it was earlier when i used courier). Now
subfolders created at rootlevel or as subfolders of the inbox appear
on rootlevel in thunderbird but they do not inherit the acl's from
inbox. Is there an way to achive this?
doveconf -n
mail_location = maildir:/home/vmail/%u/mail
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail
prefix =
separator = /
type = private
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext
driver = ldap
}
I changed the location of the inbox like this
mail_location = maildir:/home/vmail/%u/mail:INBOX=
/home/vmail/%u/mail/.Inbox
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=
/home/vmail/%%u/mail/.Inbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox
prefix =
separator = /
type = private
}
Also exteded my ldap queries to return the correct mail variable
(=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox).
Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly
created subfolders, which is very helpful. However if i share an users
inbox now the hierarchie looks like this for an user with access.
shared/user
shared/user/Inbox
shared/user/INBOX
All three folders point to user's inbox. If i set
mail_shared_explicit_inbox=yes shared/user is greyed out but the other
two folders remain. Can someone here tell me what i did wrong to have
three verisons of the inbox now?
Thanks in advance
achim~
Re: [Dovecot] Question about folder sharing
Am 09.11.2013 11:48, schrieb Achim Gottinger:
Am 08.11.2013 01:25, schrieb Achim Gottinger:
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix,
samba4 (as ldap backend) and sogo. I configured folder sharing but
have an few issues.
With my current config users can share the inbox and other folders.
If the acl allows creatings subfolders this does work for all folders
beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create
subfolders and those should inherit the inboxe's acl. All subfolders
of inbox should appear as folders at root level and not as subfolders
of the inbox.
I thought this can be done by setting the prefix of namespace inbox
to INBOX/. I did this and changed the IMAP Server Folder setting in
thunderbird to INBOX (like it was earlier when i used courier). Now
subfolders created at rootlevel or as subfolders of the inbox appear
on rootlevel in thunderbird but they do not inherit the acl's from
inbox. Is there an way to achive this?
doveconf -n
mail_location = maildir:/home/vmail/%u/mail
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail
prefix =
separator = /
type = private
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext
driver = ldap
}
I changed the location of the inbox like this
mail_location = maildir:/home/vmail/%u/mail:INBOX=
/home/vmail/%u/mail/.Inbox
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX=
/home/vmail/%%u/mail/.Inbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail:INBOX=
/home/vmail/%u/mail/.Inbox
prefix =
separator = /
type = private
}
Also exteded my ldap queries to return the correct mail variable
(=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox).
Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly
created subfolders, which is very helpful. However if i share an users
inbox now the hierarchie looks like this for an user with access.
shared/user
shared/user/Inbox
shared/user/INBOX
All three folders point to user's inbox. If i set
mail_shared_explicit_inbox=yes shared/user is greyed out but the
other two folders remain. Can someone here tell me what i did wrong to
have three verisons of the inbox now?
Thanks in advance
achim~
Changed .Inbox to .INBOX now there is only one folder named INBOX
visible. The ACL's from /home/vmail/%u/mail are used for all subfolders
under ../mail no matter if they have an dovecot-acl file inside or not.
Can not find this documented, it's useful in my case but is it supposed
to work like that? Nice thing is i can create root-level folders for
users with an mail_location configured like that in the shared subsections.
Re: [Dovecot] Can't get sieve/managedsieve working
Am 08.11.2013 22:19, schrieb Alter Depp: Hi, I am running dovecot 2.1.7 for a while, with roundcube webmail frontend 0.9.5 . Now I wanted to add sieve to filter mails. Unfortunately most tutorials are for dovecot 1.x but I'm running dovecot 2 on debian wheezy. I could upload some scripst with sieve-connect, checked and activated them. When I try to edit filters with thunderbird sieve plugin 0.2.2 nothing happens. If I try to edit filters with roundcube managesieve plugin nothing happens, too, but I get some errors in logfile: roundcube: Authentication failed. (3) roundcube: Not currently in AUTHORISATION stata (1): Can someone help me, to get it running? An wild guess but it may help if you define mail_home as well.
[Dovecot] Question about folder sharing
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix,
samba4 (as ldap backend) and sogo. I configured folder sharing but have
an few issues.
With my current config users can share the inbox and other folders. If
the acl allows creatings subfolders this does work for all folders
beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create subfolders
and those should inherit the inboxe's acl. All subfolders of inbox
should appear as folders at root level and not as subfolders of the inbox.
I thought this can be done by setting the prefix of namespace inbox to
INBOX/. I did this and changed the IMAP Server Folder setting in
thunderbird to INBOX (like it was earlier when i used courier). Now
subfolders created at rootlevel or as subfolders of the inbox appear on
rootlevel in thunderbird but they do not inherit the acl's from inbox.
Is there an way to achive this?
doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4
auth_debug = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_master_user_separator = %
auth_mechanisms = plain login gssapi
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_format = %n
auth_verbose = yes
debug_log_path = syslog
disable_plaintext_auth = no
first_valid_gid = 998
first_valid_uid = 998
info_log_path = syslog
mail_debug = yes
mail_gid = 998
mail_home = /home/vmail/%u
mail_location = maildir:/home/vmail/%u/mail
mail_plugins = acl
mail_shared_explicit_inbox = no
mail_uid = 998
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
}
plugin {
acl = vfile
acl_anyone = allow
acl_shared_dict = file:/home/vmail/.shared-mailboxes
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap lmtp sieve
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0777
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap-postlogin {
executable = script-login /etc/dovecot/acl-groups.sh
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = /etc/easy-rsa/keys/dovecot.crt
ssl_key = /etc/easy-rsa/keys/dovecot.key
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext
driver = ldap
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_plugins = acl imap_acl
}
protocol lmtp {
mail_plugins = acl sieve
}
Re: [Dovecot] Question about folder sharing
Hmm inheritance for Inbox subfolders is working now that i changed
namespace inbox into namespace.
However the prefix INDEX thing does not look nice for shared folders
they appear as shaler/username/INBOX/[foldername]
The docs mention:
ACL Inheritance
Every time you create a new mailbox, it gets its ACLs from the parent
mailbox. If you're creating a root-level mailbox, it uses the
namespace's default ACLs. There is no actual inheritance, however: If
you modify parent's ACLs, the child's ACLs stay the same. There is
currently no support for ACL inheritance.
Namespace's default ACLs are read from dovecot-acl file in the
namespace's mail root directory (e.g. /var/public/Maildir). Note that
currently these default ACLs are used only when creating new mailboxes,
they aren't used for mailboxes without ACLs.
What i do not understand where would i have to put an dovecot-acl for
user default? My mail_home is /home/vmail/%u and mail root an subfolder
mail inside. The dovecot-acl residing here is the one with the acl's for
inbox and therefore only used for inboxe's subfolders.
Am 08.11.2013 01:25, schrieb Achim Gottinger:
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix,
samba4 (as ldap backend) and sogo. I configured folder sharing but
have an few issues.
With my current config users can share the inbox and other folders. If
the acl allows creatings subfolders this does work for all folders
beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create
subfolders and those should inherit the inboxe's acl. All subfolders
of inbox should appear as folders at root level and not as subfolders
of the inbox.
I thought this can be done by setting the prefix of namespace inbox to
INBOX/. I did this and changed the IMAP Server Folder setting in
thunderbird to INBOX (like it was earlier when i used courier). Now
subfolders created at rootlevel or as subfolders of the inbox appear
on rootlevel in thunderbird but they do not inherit the acl's from
inbox. Is there an way to achive this?
doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4
auth_debug = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_master_user_separator = %
auth_mechanisms = plain login gssapi
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_format = %n
auth_verbose = yes
debug_log_path = syslog
disable_plaintext_auth = no
first_valid_gid = 998
first_valid_uid = 998
info_log_path = syslog
mail_debug = yes
mail_gid = 998
mail_home = /home/vmail/%u
mail_location = maildir:/home/vmail/%u/mail
mail_plugins = acl
mail_shared_explicit_inbox = no
mail_uid = 998
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
list = children
location =
maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location = maildir:/home/vmail/%u/mail
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
}
plugin {
acl = vfile
acl_anyone = allow
acl_shared_dict = file:/home/vmail/.shared-mailboxes
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap lmtp sieve
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0777
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap-postlogin {
executable = script-login /etc/dovecot/acl-groups.sh
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = /etc/easy-rsa/keys/dovecot.crt
ssl_key = /etc/easy-rsa/keys/dovecot.key
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
userdb {
args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext
driver = ldap
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_plugins = acl imap_acl
}
protocol lmtp {
mail_plugins = acl sieve
}
Re: [Dovecot] Question about folder sharing
Am 08.11.2013 02:50, schrieb Achim Gottinger: Hmm inheritance for Inbox subfolders is working now that i changed namespace inbox into namespace. However the prefix INDEX thing does not look nice for shared folders they appear as shaler/username/INBOX/[foldername] The docs mention: ACL Inheritance Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance. Namespace's default ACLs are read from dovecot-acl file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs. What i do not understand where would i have to put an dovecot-acl for user default? My mail_home is /home/vmail/%u and mail root an subfolder mail inside. The dovecot-acl residing here is the one with the acl's for inbox and therefore only used for inboxe's subfolders. Beside that i guess it would still not allow users to create folders via thunderbird by right click on shared/[username] and selecting new folder. Seems the only workaround is to create an separate folder share him and set acls on that folder so the hierarchy would end up linke this Inbox Trash ... shared/[username] (users inbox) shared/[username]/folder (the helper folder with proper acl's) shared/[username]/folder/[subfolders] and if there are subfolders in the inbox shared/[username]/INBOX/[subfolder]
Re: [Dovecot] dovecot-ldap : can't find user in OU subtree // solved
Am 31.10.2013 01:11, schrieb m...@electronico.nc:
Le 31/10/2013 10:42, Achim Gottinger a écrit :
Am 30.10.2013 21:17, schrieb m...@electronico.nc:
Hello and thanks for your answer.
Le 30/10/2013 19:32, Steffen Kaiser a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 30 Oct 2013, m...@electronico.nc wrote:
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan
You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan
ldap_version = 3
base = ou=users,dc=domain,dc=lan
scope = subtree
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
You should use
/etc/dovecot/dovecot-ldap-passdb.conf.ext
hosts = localhost
dn = cn=ldap,cn=Users,DC=domain,DC=lan
dnpass = My_secret_pass
auth_bind = yes
ldap_version = 3
base = OU=users,DC=domain,DC=lan
scope = subtree
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
That way pass_filter should match
cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an
look at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN
lookup vs. DN template.
Hello Achim,
Thanks for your answer :-)
Sure it works OK, as soon as I specify dn dnpass (that I omitted in
passdb... :-[ )
Many thanks again !
Nicolas
The problem was auth_bind_userdn which only matched users in OU=users.
If you use that type of passwort check pass_filter is not used. Now
dovecot binds as user dn first, does an lookup of the users dn via
pass_filter and uses the result as the dn for the password verification
via an second bind to ldap. If you use the LDAP Server from an Active
Directory i'd recommen you use.
pass_filter = ((objectClass=person)(sAMAccountName=%u)(mail=*)).
Because if you use Windows Remote Admin Tools to create users the users
dn is usually someting like dn=cn=[Full Name],ou=Users,dc=domain,dc=lan
and cn=[Full Name]. sAMAccountName however holds the users login name.
Re: [Dovecot] dovecot-ldap : can't find user in OU subtree
Am 30.10.2013 21:17, schrieb m...@electronico.nc:
Hello and thanks for your answer.
Le 30/10/2013 19:32, Steffen Kaiser a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 30 Oct 2013, m...@electronico.nc wrote:
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost
auth_bind = yes
auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan
You define your bind DN as cn=%u,OU=users,dc=domain,dc=lan
ldap_version = 3
base = ou=users,dc=domain,dc=lan
scope = subtree
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
You should use
/etc/dovecot/dovecot-ldap-passdb.conf.ext
hosts = localhost
dn = cn=ldap,cn=Users,DC=domain,DC=lan
dnpass = My_secret_pass
auth_bind = yes
ldap_version = 3
base = OU=users,DC=domain,DC=lan
scope = subtree
pass_filter = ((objectClass=person)(cn=%u)(mail=*))
That way pass_filter should match
cn=%u,OU=administrative,OU=Users,DC=domain,DC=lan as well. Take an look
at http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds DN lookup vs. DN
template.
