Strange folders

2017-08-31 Thread Marti Markov 
Hi all,

I’ve been experiencing the “magical” creation of random folders on my mail 
server.

I managed to catch the creation of one last night. Here is the log:

Aug 30 01:38:13 mail dovecot: imap(f.lastn...@domain.com): Debug: Namespace : 
/home/vmail/domain.com/f.lastName/Maildir/.wkkwgfrubwioniohkcyqttugdtdabuyn 
doesn't exist yet, using default permissions
Aug 30 01:38:13 mail dovecot: imap(f.lastn...@domain.com): Debug: Namespace : 
Using permissions from /home/vmail/domain.com/f.lastName/Maildir: mode=0700 
gid=default
Aug 30 01:38:13 mail dovecot: imap(f.lastn...@domain.com): Debug: acl vfile: 
file 
/home/vmail/domain.com/f.lastName/Maildir/.wkkwgfrubwioniohkcyqttugdtdabuyn/dovecot-acl
 not found


I have substituted only the username and the domain name. The folder name is as 
it was created: wkkwgfrubwioniohkcyqttugdtdabuyn



There has been no activity logged on the exim4 side at that time. What would be 
the best course of action to determine what is happening?

Re: Exim still accepting emails to nonexistent users

2016-11-23 Thread Marti Markov 
Hi Heiko,

Sorry for using your private email address. :/
I managed to get this working using  local_user changes by adding ldap user
verification there:

local_user:

  debug_print = "R: local_user LDAP lookup for $local_part@$domain"

  driver = accept

  domains = +local_domains

  condition = CHECK_VIRTUAL_USER

  transport = dovecot_lmtp

  cannot_route_message = Unknown user

Where CHECK_VIRTUAL_USER is:

# Query that tests the existence of the user

CHECK_VIRTUAL_USER = \

  ${lookup ldap{user="cn=exim4,ou=dsa,dc=mydomain,dc=com" pass=PASS \

ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@
$domain))}{$value}fail}


Thanks again for all the support. You pointed me in the right direction. :)

2016-11-21 11:16 GMT+00:00 Heiko Schlittermann :

> Hi,
>
> Heiko Schlittermann  (Mo 21 Nov 2016 11:50:13 CET):
> > a) Routing stage
> > You need to interact with the user database dovecot uses.
> > Either you access the user database directory (flat file, LDAP,
> > whatever) or you use the ${readsocket…} feature of Exim to talk to
> > dovecot.
>
> The readsocket trick doesn't seem to work anymore.
>
> Using
> $ socat STDIO UNIX:/run/dovecot/auth-master
>  <  VERSION 1   1
>  <  SPID16290
>  >  VERSION 1   1
>  >  USER42  hs12 service=imap
>  <  USER1   hs12uid=500 gid=500 home=/var/vmail/home/h/hs12
>
> (the spaces are tabs).
>
> But using Exim
>
> exim -be '${readsocket{/run/dovecot/auth-userdb}{VERSION\t1\t1\
> nUSER\t1\hs12\tservice=imap\n}}'
>
> does not work. Exim closes the sending side right after the final \n
> with shutdown(2). Dovecot seems to see this as if the connection should
> be closed now and closes the connection, w/o any response.
>
> As it's not unusual to shutdown(2) the sender if the message is sent,
> I'd see this as a bug on the dovecot side. There is no reason to
> consider the connection as dead, just because the sender closed
> its sending side of the connection.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
> --
>  SCHLITTERMANN.de  internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --- key ID: F69376CE -
>  ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -
>



-- 
Marti Markov
Pursuing a Bachelor Degree of Science in Computer Science at the University
of Southampton
Cell phone: +359886621454
Twitter: https://twitter.com/martimarkov
Facebook: https://facebook.com/Marti.Markov

Single user to have lrw to all mailboxes

2016-11-22 Thread Marti Markov 
I have implemented a global acl:

* owner lrwstipkae
INBOX.Spam owner lrwstipeka
.Trash owner lrwsti
INBOX.Trash owner lrw
* user=master-u...@mydomain.com lrs
* owner lrwstipkae

But the master-user then loses all other permissions on his own mailbox, he is 
left only with: lrs

Any pointers on how to fix this?

Re: Exim still accepting emails to nonexistent users

2016-11-20 Thread Marti Markov 
Hi Heiko,

Here is the router:

virtual_aliases:
driver = redirect
debug_print = "R: Check address using virtual_aliases for 
$local_part@$domain"
allow_fail
allow_defer
hide data = CHECK_VIRTUAL_ALIASES
user = vmail
group = mail




local_user:
  debug_print = "R: local_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
#Dovecot auth check
#  check_local_user
  local_parts = ! root
  transport = dovecot_lmtp
  cannot_route_message = Unknown user


And this is the transport:

dovecot_lmtp:
   driver = lmtp
   socket = /var/run/dovecot/lmtp
   #return_path_add
   #maximum number of deliveries per batch, default 1
   batch_max = 200

This might also be helpful (this is with check_local_user commented out in the 
router)
> local_user router <
local_part=nosuchuser domain=domainproblem.com
checking domains
cached yes match for +local_domains
cached lookup data = NULL
domainproblem.com in "+local_domains"? yes (matched "+local_domains" - cached)
checking local_parts
NoSuchUser in "! root"? yes (end of list)
R: local_user for nosuchu...@domainproblem.com
calling local_user router
local_user router called for nosuchu...@domainproblem.com
  domain = domainproblem.com
queued for dovecot_lmtp transport: local_part = nosuchuser
domain = domainproblem.com
  errors_to=NULL
  domain_data=NULL localpart_data=NULL
routed by local_user router
  envelope to: nosuchu...@domainproblem.com
  transport: dovecot_lmtp
Cannot do callout: neither router nor transport provided a host list
--- end verify 
deny: condition test failed in ACL "acl_check_rcpt"
processing "accept"
check domains = +relay_to_domains
domainproblem.com in "empty"? no (end of list)
domainproblem.com in "+relay_to_domains"? no (end of list)
accept: condition test failed in ACL "acl_check_rcpt"
processing "accept"
accept: condition test succeeded in ACL "acl_check_rcpt"
SMTP>> 250 Accepted
250 Accepted


This is when it’s not commented out:
> local_user router <
local_part=m.markov domain=domainproblem.com
checking domains
cached yes match for +local_domains
cached lookup data = NULL
domainproblem.com in "+local_domains"? yes (matched "+local_domains" - cached)
checking local_parts
m.markov in "! root"? yes (end of list)
checking for local user
seeking password data for user "m.markov": using cached result
getpwnam() returned NULL (user not found)
local_user router skipped: m.markov is not a local user


I currently have check_local_user disabled because nobody will be able to 
receive emails.

> On 17 Nov 2016, at 21:33, Heiko Schlittermann  wrote:
> 
> Hi,
> 
> Marti Markov  (Mi 16 Nov 2016 04:28:28 CET):
>> After adding the configuration bit:
>> 
>> deny
>>message = invalid recipient
>>domains = +local_domains
>>!verify = recipient/callout=no_cache
>> 
>> from: http://wiki2.dovecot.org/LMTP/Exim 
>> <http://wiki2.dovecot.org/LMTP/Exim> running update-exim4.conf and service 
>> exim4 restart
>> 
>> the server is still accepting emails to recipients that do not exist in 
>> dovecot.
> 
> How is the router, targeting the messages to dovecot, configured? And
> how the transport, responsible for the delivery to dovecot?
> 
>Best regards from Dresden/Germany
>Viele Grüße aus Dresden
>Heiko Schlittermann
> -- 
> SCHLITTERMANN.de  internet & unix support -
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --- key ID: F69376CE -
> ! key id 7CBF764A and 972EAC9F are revoked since 2015-01  -

Exim still accepting emails to nonexistent users

2016-11-15 Thread Marti Markov 
After adding the configuration bit:

deny
message = invalid recipient
domains = +local_domains
!verify = recipient/callout=no_cache

from: http://wiki2.dovecot.org/LMTP/Exim  
running update-exim4.conf and service exim4 restart

the server is still accepting emails to recipients that do not exist in dovecot.

Any ideas?

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Here is the `doveconf -n` output:


root@mail:~# doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14.32--grs-ipv6-64 x86_64  
auth_debug = yes
auth_default_realm = domain.com
auth_mechanisms = plain login
auth_verbose = yes
imapc_host = imap-mail.outlook.com
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_plugins = acl
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location = maildir:/home/vmail/Public:INDEXPVT=~/Maildir/Public
  prefix = Public/
  separator = /
  subscriptions = yes
  type = public
}
namespace {
  list = children
  location = 
maildir:/home/vmail/domain.com/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/home/vmail/domain.com/shared-mailboxes2
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@domain.com
protocols = " imap lmtp sieve"
service auth {
  unix_listener auth-client {
group = Debian-exim
mode = 0660
user = Debian-exim
  }
}
service imap-login {
  inet_listener imap {
port = 0
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
mode = 0666
  }
}
ssl = required
ssl_cert =  On 3 Jul 2016, at 16:58, Marti Markov  wrote:
> 
> Tried it but now luck in either OX App Suite or Thunderbird.
> 
> The thing is that it isn’t even listed as a subscribeable folder. For example 
> I have a Public namespace at that lists all the public mailboxes but Shared 
> doesn’t list anything.
> 
> I installed an addon in Thunderbird for ACL and that lists correct 
> permissions on the INBOX folders. (Users having lookup & read permissions).
> 
> I can post the doveconf output if you want?
> 
> 
>> On 3 Jul 2016, at 16:52, aki.tu...@dovecot.fi wrote:
>> 
>> 
>>> On July 3, 2016 at 6:46 PM Marti Markov  wrote:
>>> 
>>> 
>>> Aki, you were right. 
>>> It was at /usr/lib/dovecot
>>> 
>>> Here is the output:
>>> 
>>> * LIST (\Noselect \HasChildren) "/" Shared
>>> * LIST (\Noselect \HasChildren) "/" Shared/d.marteva
>>> * LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
>> 
>> Can you try 
>> 
>> doveadm mailbox subscribe -u yourusername Shared/d.marteva/INBOX
>> 
>> Aki
>

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Tried it but now luck in either OX App Suite or Thunderbird.

The thing is that it isn’t even listed as a subscribeable folder. For example I 
have a Public namespace at that lists all the public mailboxes but Shared 
doesn’t list anything.

I installed an addon in Thunderbird for ACL and that lists correct permissions 
on the INBOX folders. (Users having lookup & read permissions).

I can post the doveconf output if you want?


> On 3 Jul 2016, at 16:52, aki.tu...@dovecot.fi wrote:
> 
> 
>> On July 3, 2016 at 6:46 PM Marti Markov  wrote:
>> 
>> 
>> Aki, you were right. 
>> It was at /usr/lib/dovecot
>> 
>> Here is the output:
>> 
>> * LIST (\Noselect \HasChildren) "/" Shared
>> * LIST (\Noselect \HasChildren) "/" Shared/d.marteva
>> * LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
> 
> Can you try 
> 
> doveadm mailbox subscribe -u yourusername Shared/d.marteva/INBOX
> 
> Aki

Re: Shared mailboxes not showing up in shared namespace

2016-07-03 Thread Marti Markov 
Aki, you were right. 
It was at /usr/lib/dovecot

Here is the output:

root@mail:~#  /usr/lib/dovecot/imap  -u m.markov
* PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT 
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS 
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN 
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE ACL RIGHTS=texk] Logged in 
as m.mar...@domain.com
1 LIST "" "*"
* LIST (\HasNoChildren) "/" confirmed-spam
* LIST (\HasNoChildren \Trash) "/" Trash
* LIST (\HasNoChildren) "/" SpamLikely
* LIST (\HasNoChildren) "/" Spam
* LIST (\HasNoChildren) "/" "Sent Items"
* LIST (\HasNoChildren) "/" Archive
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren) "/" Notes
* LIST (\HasNoChildren) "/" TeamViewer
* LIST (\HasNoChildren \Sent) "/" "Sent Messages"
* LIST (\HasNoChildren) "/" confirmed-ham
* LIST (\Noselect \HasChildren) "/" Public
* LIST (\HasNoChildren) "/" Public/office3
* LIST (\HasNoChildren) "/" Public/office4
* LIST (\HasNoChildren) "/" Public/support
* LIST (\HasNoChildren) "/" Public/root
* LIST (\HasNoChildren) "/" Public/updates
* LIST (\HasNoChildren) "/" Public/postmaster
* LIST (\Noselect \HasChildren) "/" Shared
* LIST (\Noselect \HasChildren) "/" Shared/d.marteva
* LIST (\HasNoChildren) "/" Shared/d.marteva/INBOX
* LIST (\HasNoChildren) "/" INBOX
1 OK List completed.
2 LOGOUT


It does list the shared mailbox but it never shows up in either OX App Suite or 
Thunderbird.


> On 3 Jul 2016, at 15:04, aki.tu...@dovecot.fi wrote:
> 
> You should have it. Otherwise imap wouldn't work. It's probably under 
> /usr/lib/dovecot or /usr/lib/x86_64/dovecot
> 
> Aki
> 
>> On July 2, 2016 at 11:11 PM Marti Markov  wrote:
>> 
>> 
>> I don’t seem to have that install on my Debian machine.
>> 
>> But I have done this:
>> 
>> 1 LIST "" %
>> * LIST (\HasNoChildren) "/" confirmed-spam
>> * LIST (\HasChildren) "/" Archive
>> * LIST (\HasNoChildren \Sent) "/" Sent
>> * LIST (\HasChildren \Trash) "/" Trash
>> * LIST (\HasNoChildren) "/" Spam
>> * LIST (\HasChildren) "/" Archives
>> * LIST (\HasNoChildren \Drafts) "/" Drafts
>> * LIST (\HasNoChildren \Junk) "/" Junk
>> * LIST (\HasNoChildren) "/" Unwanted
>> * LIST (\HasNoChildren) "/" confirmed-ham
>> * LIST (\Noselect \HasChildren) "/" Public
>> * LIST (\Noselect \HasNoChildren) "/" Shared
>> * LIST (\HasNoChildren) "/" INBOX
>> 1 OK List completed.
>> 7 LIST * *
>> * LIST (\HasNoChildren) "/" confirmed-spam
>> * LIST (\HasChildren) "/" Archive
>> * LIST (\HasNoChildren) "/" Archive/2015
>> * LIST (\HasNoChildren \Sent) "/" Sent
>> * LIST (\HasChildren \Trash) "/" Trash
>> * LIST (\HasNoChildren) "/" Trash/Junk
>> * LIST (\HasNoChildren) "/" Spam
>> * LIST (\HasChildren) "/" Archives
>> * LIST (\HasNoChildren) "/" Archives/2015
>> * LIST (\HasNoChildren) "/" Archives/2011
>> * LIST (\HasNoChildren \Drafts) "/" Drafts
>> * LIST (\HasNoChildren \Junk) "/" Junk
>> * LIST (\HasNoChildren) "/" Unwanted
>> * LIST (\HasNoChildren) "/" confirmed-ham
>> * LIST (\Noselect \HasChildren) "/" Public
>> * LIST (\HasNoChildren) "/" Public/office3
>> * LIST (\HasNoChildren) "/" Public/office4
>> * LIST (\Noselect \HasNoChildren) "/" Shared
>> * LIST (\HasNoChildren) "/" INBOX
>> 7 OK List completed.
>> 
>> By connecting using `openssl` from a remote machine.
>> 
>>> On 1 Jul 2016, at 09:02, Steffen Kaiser  
>>> wrote:
>>> 
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>> 
>>> On Thu, 30 Jun 2016, Marti Markov wrote:
>>> 
>>>> I think I have configured everything correctly but for some reason I can’t 
>>>> get a list of the shared mailboxes to show up.
>>>> 
>>>> When I run:
>>>> 
>>>> doveadm acl debug -u m.markov Shared/d.marteva/INBOX
>>>> 
>>>> 
>>>> doveadm(m.markov): Info: User d.marteva found from ACL shared dict
>>>> doveadm(m.markov): Info: Mailbox Shared/d.marteva/INBOX is visible in LIST
>>> 
>>> did you've tried:
>>> 
>>> http://wiki2.dovecot.org/PreAuth
>>> 
>>> /usr/local/libexec/dovecot/imap -u m.markov
>>> 1 LIST "" "*"
>>> 2 LOGOUT
>>> 
>>> ?
>>> 
>>> Maybe the client does not list them.
>>> 
>>> - -- Steffen Kaiser
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1
>>> 
>>> iQEVAwUBV3Yjqnz1H7kL/d9rAQIoSQgAvKFsSKxMdt82a/1p52bikwkje4YoqGjK
>>> duStP9qG2AtkkRPbbNc8JWki20xixyW7XagIP39dGwd+yNVlkMZAVna0KGIFNUwk
>>> 9eVC1lMPax9lc0kq7Fw+EqwpPtFwuGe41eAsyP3JE51VlEbnA74oPGadJJe/6cM8
>>> /3sMCxXC9PlxgoKhwFoqggnEeH0Dx6wkHqXsLT3lCnSwtQHX8ZaKlRkEaVBvTVvO
>>> ogu/9V/RZH6mhiVdlcYEDXDNoAZ7dh7ZgLqI2nCJm1AoTjpAyjnskhFT+1l5sOC0
>>> +tEb7Rfl7zAp+eJy6X9RaX9nuDzIGSTRfHBeTV9rMVXrz005FYHZpg==
>>> =uU9/
>>> -END PGP SIGNATURE-

Re: Shared mailboxes not showing up in shared namespace

2016-07-02 Thread Marti Markov 
I don’t seem to have that install on my Debian machine.

But I have done this:

1 LIST "" %
* LIST (\HasNoChildren) "/" confirmed-spam
* LIST (\HasChildren) "/" Archive
* LIST (\HasNoChildren \Sent) "/" Sent
* LIST (\HasChildren \Trash) "/" Trash
* LIST (\HasNoChildren) "/" Spam
* LIST (\HasChildren) "/" Archives
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren \Junk) "/" Junk
* LIST (\HasNoChildren) "/" Unwanted
* LIST (\HasNoChildren) "/" confirmed-ham
* LIST (\Noselect \HasChildren) "/" Public
* LIST (\Noselect \HasNoChildren) "/" Shared
* LIST (\HasNoChildren) "/" INBOX
1 OK List completed.
7 LIST * *
* LIST (\HasNoChildren) "/" confirmed-spam
* LIST (\HasChildren) "/" Archive
* LIST (\HasNoChildren) "/" Archive/2015
* LIST (\HasNoChildren \Sent) "/" Sent
* LIST (\HasChildren \Trash) "/" Trash
* LIST (\HasNoChildren) "/" Trash/Junk
* LIST (\HasNoChildren) "/" Spam
* LIST (\HasChildren) "/" Archives
* LIST (\HasNoChildren) "/" Archives/2015
* LIST (\HasNoChildren) "/" Archives/2011
* LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren \Junk) "/" Junk
* LIST (\HasNoChildren) "/" Unwanted
* LIST (\HasNoChildren) "/" confirmed-ham
* LIST (\Noselect \HasChildren) "/" Public
* LIST (\HasNoChildren) "/" Public/office3
* LIST (\HasNoChildren) "/" Public/office4
* LIST (\Noselect \HasNoChildren) "/" Shared
* LIST (\HasNoChildren) "/" INBOX
7 OK List completed.

By connecting using `openssl` from a remote machine.

> On 1 Jul 2016, at 09:02, Steffen Kaiser  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Thu, 30 Jun 2016, Marti Markov wrote:
> 
>> I think I have configured everything correctly but for some reason I can’t 
>> get a list of the shared mailboxes to show up.
>> 
>> When I run:
>> 
>> doveadm acl debug -u m.markov Shared/d.marteva/INBOX
>> 
>> 
>> doveadm(m.markov): Info: User d.marteva found from ACL shared dict
>> doveadm(m.markov): Info: Mailbox Shared/d.marteva/INBOX is visible in LIST
> 
> did you've tried:
> 
> http://wiki2.dovecot.org/PreAuth
> 
> /usr/local/libexec/dovecot/imap -u m.markov
> 1 LIST "" "*"
> 2 LOGOUT
> 
> ?
> 
> Maybe the client does not list them.
> 
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQEVAwUBV3Yjqnz1H7kL/d9rAQIoSQgAvKFsSKxMdt82a/1p52bikwkje4YoqGjK
> duStP9qG2AtkkRPbbNc8JWki20xixyW7XagIP39dGwd+yNVlkMZAVna0KGIFNUwk
> 9eVC1lMPax9lc0kq7Fw+EqwpPtFwuGe41eAsyP3JE51VlEbnA74oPGadJJe/6cM8
> /3sMCxXC9PlxgoKhwFoqggnEeH0Dx6wkHqXsLT3lCnSwtQHX8ZaKlRkEaVBvTVvO
> ogu/9V/RZH6mhiVdlcYEDXDNoAZ7dh7ZgLqI2nCJm1AoTjpAyjnskhFT+1l5sOC0
> +tEb7Rfl7zAp+eJy6X9RaX9nuDzIGSTRfHBeTV9rMVXrz005FYHZpg==
> =uU9/
> -END PGP SIGNATURE-

Shared mailboxes not showing up in shared namespace

2016-06-30 Thread Marti Markov 
Hi, 

I think I have configured everything correctly but for some reason I can’t get 
a list of the shared mailboxes to show up.

When I run:

doveadm acl debug -u m.markov Shared/d.marteva/INBOX


doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() 
failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined 
symbol: fts_backend_rescan (this is usually intentional, so just ignore this 
message)
doveadm(m.markov): Debug: Added userdb setting: plugin/=yes
doveadm(m.markov): Debug: Effective uid=1000, gid=1000, 
home=/home/vmail/domain.com/m.markov
doveadm(m.markov): Debug: Namespace inbox: type=private, prefix=, sep=/, 
inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
doveadm(m.markov): Debug: maildir++: 
root=/home/vmail/domain.com/m.markov/Maildir, index=, indexpvt=, control=, 
inbox=/home/vmail/domain.com/m.markov/Maildir, alt=
doveadm(m.markov): Debug: acl: initializing backend with data: vfile
doveadm(m.markov): Debug: acl: acl username = m.mar...@domain.com
doveadm(m.markov): Debug: acl: owner = 1
doveadm(m.markov): Debug: acl vfile: Global ACLs disabled   
  [ Read 8 lines ]
doveadm(m.markov): Debug: Namespace : type=public, prefix=Public/, sep=/, 
inbox=no, hidden=no, list=yes, subscriptions=yes 
location=maildir:/home/vmail/Public:INDEXPVT=~/Maildir/Publics
doveadm(m.markov): Debug: maildir++: root=/home/vmail/Public, index=, 
indexpvt=/home/vmail/domain.com/m.markov/Maildir/Public, control=, inbox=, 
alt=ext  ^T To Spell
doveadm(m.markov): Debug: acl: initializing backend with data: vfile
doveadm(m.markov): Debug: acl: acl username = m.mar...@domain.com
doveadm(m.markov): Debug: acl: owner = 0
doveadm(m.markov): Debug: acl vfile: Global ACLs disabled
doveadm(m.markov): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, 
inbox=no, hidden=no, list=yes, subscriptions=yes 
location=maildir:/home/vmail/domain.com/%u/Maildir:INDEXPVT=~/Maildir/shared/%u
doveadm(m.markov): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, 
control=, inbox=, alt=
doveadm(m.markov): Debug: acl: initializing backend with data: vfile
doveadm(m.markov): Debug: acl: acl username = m.mar...@domain.com
doveadm(m.markov): Debug: acl: owner = 0
doveadm(m.markov): Debug: acl vfile: Global ACLs disabled
doveadm(m.markov): Debug: maildir++: 
root=/home/vmail/domain.com/d.marteva/Maildir, index=, 
indexpvt=/home/vmail//d.marteva/Maildir/shared/d.marteva, control=, 
inbox=/home/vmail/domain.com/d.marteva/Maildir, alt=
doveadm(m.markov): Debug: acl: initializing backend with data: vfile
doveadm(m.markov): Debug: acl: acl username = d.marteva
doveadm(m.markov): Debug: acl: owner = 1
doveadm(m.markov): Debug: acl vfile: Global ACLs disabled
doveadm(m.markov): Debug: maildir++: 
root=/home/vmail/domain.com/d.marteva/Maildir, index=, 
indexpvt=/home/vmail/domain.com/m.markov/Maildir/shared/d.marteva, control=, 
inbox=/home/vmail/domain.com/d.marteva/Maildir, alt=
doveadm(m.markov): Debug: acl: initializing backend with data: vfile
doveadm(m.markov): Debug: acl: acl username = m.mar...@domain.com
doveadm(m.markov): Debug: acl: owner = 0
doveadm(m.markov): Debug: acl vfile: Global ACLs disabled
doveadm(m.markov): Info: Mailbox 'INBOX' is in namespace 'Shared/d.marteva/'
doveadm(m.markov): Info: Mailbox path: /home/vmail/domain.com/d.marteva/Maildir
doveadm(m.markov): Info: Per-user private flags in mailbox: \Seen
doveadm(m.markov): Debug: acl vfile: reading file 
/home/vmail/domain.com/d.marteva/Maildir/dovecot-acl
doveadm(m.markov): Info: User m.mar...@domain.com has rights: lookup read write 
create
doveadm(m.markov): Info: Mailbox found from dovecot-acl-list
doveadm(m.markov): Info: User d.marteva found from ACL shared dict
doveadm(m.markov): Info: Mailbox Shared/d.marteva/INBOX is visible in LIST


Here is how I have defined the namespace:

namespace {
  type = shared
  separator = /
  prefix = Shared/%%u/
  # a) Per-user seen flags. Maildir indexes are shared. (INDEXPVT requires 
v2.2+)
  location = 
maildir:/home/vmail/domain.com/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
  # b) Per-user seen flags. Maildir indexes are not shared. If users have 
direct filesystem level access to their mails, this is a safer option:
  #location = 
maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u:INDEXPVT=~/Maildir/shared/%%u
  subscriptions = yes
#  list = children
list=yes
}

And here is the ACL config:

plugin {
  #acl = vfile:/etc/dovecot/global-acls:cache_secs=300
  acl = vfile
}

# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
  #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
  acl_shared_dict = file:/home/vmail/domain.com/shared-mailboxes2
#acl_lookup_dict = file:/home/vmail/domain.com/shared-mailboxes
}


Any suggestions?

Re: Setting up public mailboxes - user not found

2016-03-19 Thread Marti Markov 
Hey, 

I actually went with the method suggested by Steffen Kaiser of creating a 
separate userdb because I use LDAP and I have an OU which contains all the 
public mailboxes and was just easier. I setup the userdb like so:

userdb {
  args = /etc/dovecot/dovecot-ldap-shared_mailboxes.conf.ext
  driver = ldap
  override_fields = mail=maildir:/home/vmail/Public/.%n
}

Now when I send an email to offi...@xxx.com I don’t get any errors and it 
delivers the message to the offi...@xxx.com:

root@mail:~# ls /home/vmail/Public/.office3/new/
1458427035.M781836P21781.mail.xxx.com,S=2571,W=2630  
1458427705.M750112P23338.mail.xxx.com,S=2501,W=2559


But from any mail client I try I don’t seem to be able to list anything in the 
Public directory. 

Am I missing something in the configuration?


Here is the public namespace configuration:

namespace {
  list = yes
  location = maildir:/home/vmail/Public:INDEXPVT=~/Maildir/Public
  prefix = Public/
  separator = /
  subscriptions = yes
  type = public
}

> On 17 Mar 2016, at 08:35, Burckhard Schmidt  wrote:
> 
> hello Marti,
> 
> Am 17.03.2016 um 06:18 schrieb Marti Markov:
>> First of all thanks for the reply Burckhard.
>> When you say:
>>> You can use a "normal" user who has a sieve script:
> 
> Normal user that's an account with one or more email aliasses.
> So this "user" can receive emails like any other user. This I called "normal" 
> user. But this ist not of interest in our case.
> So you don't get an "user not found".
> 
> Next you will add an appropriate email alias to the account if necessary (our 
> accounts are cryptic).
> 
> Now you have an account/user and you can write a sieve script for that user 
> to deliver all emails into one public folder or into different folders. 
> Public subfolders are possible too, if you like or are able to distinguish 
> incomming emails.
> 
> In your case it is not necessary to have an user/account "office3". This name 
> you would only use in that sieve script with "fileinto".
> 
> Regards!
> 
> Burckhard
> 
>> what would that user be in my case? office3? Because I don’t really see how 
>> it will solve the problem of getting the error 550 user not found when 
>> making the LDAP search.
>> 
>>> On 10 Mar 2016, at 08:50, Burckhard Schmidt  
>>> wrote:
>>> 
>>> Am 09.03.2016 um 20:02 schrieb Marti Markov:
>>>> Hi all,
>>>> 
>>>> This is the first time I use the dovecot mail list so I’m sorry if I 
>>>> forget something.
>>>> 
>>>> My problem is that for some reason I can get public mailboxes to work. I 
>>>> have setup the directory Public, the folders and the cur,tmp and new 
>>>> folder in them:
>>>> 
>>>> Public
>>>> |
>>>> |- .office3
>>>>   |
>>>>   |- cur
>>>>   |- tmp
>>>>   |- new
>>>>   |- dovecot-acl
>>>> 
>>>> 
>>>> Here is my dovecot conf:
>>>> 
>>> 
>>>> namespace {
>>>>   list = yes
>>>>   location = maildir:/home/vmail/xxx.com/Public:INDEXPVT=~/Maildir/Public
>>>>   prefix = Public/
>>>>   separator = /
>>>>   subscriptions = yes
>>>>   type = public
>>>> }
>>> 
>>> You can use a "normal" user who has a sieve script:
>>> require ...
>>> any filter if necessary
>>> fileinto "Public";
>>> discard;
>>> ...
>>> 
>>> "Public" is your prefix
>>> I have several subfolder so I use: fileinto "Public/subfolder1";
>>> 
>>> You would have
>>> /home/vmail/xxx.com/Public/subfolder1
>>> with cur new tmp
>>> and a file "dovecot-acl" containing anyone lrs
>>> 
>>> --
>>> Burckhard Schmidt
>> 
> 
> 
> -- 
> Mit freundlichen Grüßen --- Burckhard Schmidt
> 
> Abteilung Systemsoftware und Kommunikation
> ZE Computer- und Medienservice der Humboldt-Universität zu Berlin
> Postanschrift: Unter den Linden 6, 10099 Berlin
> Standort:  Rudower Chaussee 26; 12489 Berlin
> Tel.:  +49-30-2093-70058  Fax: +49-30-2093-70199
> Mail:  bschm...@cms.hu-berlin.de <mailto:bschm...@cms.hu-berlin.de>

Re: Dovecot stops responding when I update SSL certificate

2016-03-09 Thread Marti Markov 
Try diff-ing the two files (postfix vs dovecot) to see if any problem can be 
found there. (If you are still interested :D)


> On 10 Mar 2016, at 01:41, HotSlots Webmaster  
> wrote:
> 
> Time to put an end to this saga...
> 
> I had an issue that Dovecot refused to serve an updated SSL certificate - one 
> that Postfix had no issue with. Though I quadruple-checked that the cert file 
> and private key file were correct, in the end I simply directed both cert and 
> key files to the file I was using for Postfix (which had both the cert and 
> private key). That worked. Darned if I know what it didn't like about the 
> other files, but I'm back in business with the new cert.  Thanks for the 
> responsiveness from Aki.
> 
> Steve L

Setting up public mailboxes - user not found

2016-03-09 Thread Marti Markov 
Hi all,

This is the first time I use the dovecot mail list so I’m sorry if I forget 
something. 

My problem is that for some reason I can get public mailboxes to work. I have 
setup the directory Public, the folders and the cur,tmp and new folder in them:

Public
|
|- .office3
  |
  |- cur 
  |- tmp
  |- new
  |- dovecot-acl


Here is my dovecot conf:


# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14.32--grs-ipv6-64 x86_64  
auth_default_realm = xxx.com
auth_mechanisms = plain login
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_plugins = acl
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location = maildir:/home/vmail/xxx.com/Public:INDEXPVT=~/Maildir/Public
  prefix = Public/
  separator = /
  subscriptions = yes
  type = public
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/dovecot.sieve
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@xxx.com
protocols = " imap lmtp sieve"
service auth {
  unix_listener auth-client {
group = Debian-exim
mode = 0660
user = Debian-exim
  }
}
service imap-login {
  inet_listener imap {
port = 0
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
mode = 0666
  }
}
ssl = required
ssl_cert =  for Debian-exim:107
Mar  9 19:50:44 mail spamd[21021]: spamd: clean message (-1.1/5.0) for 
Debian-exim:107 in 0.5 seconds, 1611 bytes.
Mar  9 19:50:44 mail spamd[21021]: spamd: result: . -1 - 
BAYES_00,HTML_MESSAGE,RDNS_NONE,TVD_SPACE_RATIO 
scantime=0.5,size=1611,user=Debian-exim,uid=107,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=56531,mid=,bayes=0.00,autolearn=no
 autolearn_force=no
Mar  9 19:50:44 mail spamd[9510]: prefork: child states: II
Mar  9 19:50:44 mail dovecot: lmtp(14554): Connect from local
Mar  9 19:50:44 mail dovecot: auth: Debug: master in: 
USER#0111#011offi...@xxx.com#011service=lmtp
Mar  9 19:50:44 mail dovecot: auth: Debug: ldap(offi...@xxx.com): user search: 
base=ou=people,dc=xxx,dc=com scope=subtree 
filter=(&(objectClass=person)(uid=office3)) fields=(all)
Mar  9 19:50:44 mail dovecot: auth: Debug: ldap(offi...@xxx.com): no fields 
returned by the server
Mar  9 19:50:44 mail dovecot: auth: ldap(offi...@xxx.com): unknown user
Mar  9 19:50:44 mail dovecot: auth: Debug: userdb out: NOTFOUND#0111
Mar  9 19:50:44 mail dovecot: lmtp(14554): Disconnect from local: Successful 
quit


So as I see it LMTP tries to see if the user exists and fails because there is 
no such user (which is true, the LDAP object office3 has a different base).

I’m not sure but should Dovecot skip this and check the Public folder first 
before checking LDAP?


Another part of my setup is Exim4.


Here is the transport part:
dovecot_lmtp:
   driver = lmtp
   socket = /var/run/dovecot/lmtp
   return_path_add
   #maximum number of deliveries per batch, default 1
   batch_max = 200



And here is the auth part:

dovecot_login:
  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
# setting server_set_id might break several headers in mails sent by 
authenticated smtp. So be careful.
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
  .endif

dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
  .endif


So any tips on how to fix this would be great.