Re: [Dovecot] how to disable quota for second namespace?
Am 20.09.2011 17:36, schrieb Udo Lembke: Hi all, I have a second namespace as archive, where no quota should be active (work with type = shared). But if I change the type to private the quota will allways count. Hi, for reference only (if someone find this post) with help in the irc-channel I got the right configuration: plugin { quota = maildir:User quota:ns= quota2 = maildir:Archiv quota:ns=archiv/%u/ } plugin { quota_rule = *:storage=500M quota_rule2 = Trash:storage=+100M quota_rule3 = Sent:storage=+50M quota_rule4 = ns=archiv/%u/:ignore } The :ns= do the right trick! Here the result: doveadm quota get -u t...@example.com Quota name Type Value Limit % User quota STORAGE 95132 204800 46 User quota MESSAGE6423 - 0 Archiv quota STORAGE 3290972 - 0 Archiv quota MESSAGE 136950 - 0 Udo
[Dovecot] how to disable quota for second namespace?
Hi all, I have a second namespace as archive, where no quota should be active (work with type = shared). But if I change the type to private the quota will allways count. My dovecot version is the 2.0.13. I have tried things like this: plugin { quota_rule = *:storage=500M quota_rule2 = Trash:storage=+100M quota_rule3 = Sent:storage=+50M quota_rule4 = ns=archiv/%u/:ignore } It's also doesn't work with quota_rule4 = archiv/%u/:ignore The namespace: namespace { type = private separator = / prefix = archiv/%u/ location = maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs inbox = no hidden = no subscriptions = no list = yes } Even if I define the namespace for quota I see the quota-value also in the root: plugin { quota = maildir:User quota quota2 = maildir:Archiv quota:ns=archiv/%u/ } doveadm quota get -u t...@example.com Quota name Type Value Limit % User quota STORAGE 1587135 512000 309 User quota MESSAGE 13346 - 0 Archiv quota STORAGE 1359379 - 0 Archiv quota MESSAGE 10577 - 0 du -ks /var/data/mail/example.com/test 234364 /var/data/mail/example.com/test du -ks /var/data/archiv/example.com/test 1383792 /var/data/archiv/example.com/test Now is the big question, how can I reach such an output? doveadm quota get -u t...@example.com Quota name Type Value Limit % User quota STORAGE 227756 512000 44 User quota MESSAGE2769 - 0 Archiv quota STORAGE 1359379 - 0 Archiv quota MESSAGE 10577 - 0 I can't believe that's only possible with a shared namespace, or? Any hints are welcome. Best regards Udo
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, sorry that I can't help you, but i have the same issue ( see thread [Dovecot] Problems with acl and shared namespace ). With a slightly different config (separator / and so on) but the same result - the public mailboxes are full accessible also from unauthorized accounts. I have also no answer to my questions - so i hope one of us get an answer. BTW. which dovecot version do you use? I use 2.0.13 - perhaps i should try 1.x? But i want to use new software on the new mailserver... Udo Am 06.07.2011 10:12, schrieb Tom Clark: Hi, I've tried doing the following still with no luck. namespace { type = public separator = . prefix = Shared. location = maildir:/var/spool/maildir:INDEX=~/Maildir/Shared subscriptions = no } This allows everyone still to see Shared on subscriptions. Does anyone know how to stop this?? Tom ...
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, are the ACLs working for you as namespace-type shared, or public? The non-reconiced ACLs are on type public at my installation (all user can access all folders). I had already in 20-imap.conf: protocol imap { mail_plugins = $mail_plugins acl imap_acl ... and in 10-mail.conf: mail_plugins = acl autocreate quota OK, acl are doubled, but i hope that's no problem. Udo Am 06.07.2011 13:49, schrieb Tom Clark: Hi Udo, I'm using 2.0.8. I've managed to get the ACLs working by adding: mail_plugins = acl protocol imap { mail_plugins = $mail_plugins imap_acl } To the bottom of 10-mail.conf in /etc/dovecot/conf.d/ (not sure if this is technically the right place. It may be better adding them to the plugins file). Then added the dovecot-acl files into the subdirectories. The only problem I'm having is that I can't get dovecot to NOT display the top level shared folders. Tom
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, Am 06.07.2011 14:38, schrieb Tom Clark: Hi Udo, My folders are public mailboxes rather than shared. Why don't you copy your namespace and dovecot-acl files here and we'll have a look at them? i like to do so - and during copy/paste i found the issue!! Jul 06 15:06:41 imap(te...@example.org): Debug: acl vfile: reading file /var/data/public/kunde_2/dovecot-acl ... Jul 06 15:06:41 imap(te...@example.org): Debug: acl vfile: reading file /var/data/archiv/example.org/test4/public/kunde_2/dovecot-acl ... Jul 06 15:06:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_2 This came throug one link ( /var/data/archiv/example.org/test4/public - /var/data/public ) I removed the link and now i can't see the public-folders below the users archiv-area. But below the public-namespace the ACLs now working!! BTW. i think also with links should ACLs working. Thanks. Udo
Re: [Dovecot] Problems with acl and shared namespace [solved]
The problem with not reconiced acl-files are solved. It's an bad idea to use a link from one shared/public area to another. Am 05.07.2011 12:47, schrieb Udo Lembke: ... The public shared area are symlinked below the archiv-area: ls -lsa archiv/example.org/test4/ insgesamt 16 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:40 . 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:27 .. 4 drwx-- 2 dovecot dovecot 4096 5. Jul 11:27 archiv 4 -rw--- 1 dovecot dovecot 108 5. Jul 11:40 dovecot-acl-list 0 lrwxrwxrwx 1 rootroot 16 5. Jul 11:27 public - /var/data/public After removing the link, the list command show the right result: The problem is, that the acls are not reconiced - the acl should forbid an access, but access is possible. This show the telnet imap-session: . list * * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / Spam * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / public * LIST (\Noselect \HasChildren) / archiv/te...@example.org * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_2 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_2/Kundenmails * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_3 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_3/Kundenmails * LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv . OK List completed. . list * * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / Spam * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / public * LIST (\Noselect \HasChildren) / archiv/te...@example.org * LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv . OK List completed. Udo
Re: [Dovecot] share an IMAP folder ?
Am 06.07.2011 16:19, schrieb Matt Rude: ... Johan, How are your users sharing there folders in Roundcube? Are you running a plugin or is there native support that I'm just not seeing? Thanks -Matt Hi, Personal Settings - Folder But you have to allow the folders via ACL-file (dovecot-acl) see http://wiki.dovecot.org/ACL Udo
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, any hints in the dovecot-log if you enable verbose logging? info_log_path = /var/log/dovecot.log auth_verbose = yes auth_debug = yes mail_debug = yes And how looks your acl-files? Udo Am 06.07.2011 16:39, schrieb Tom Clark: Hi Udo, Glad you got it working. I decided to do the list test. This is what I'm getting as a user not allowed access to the shared folders: 02 LIST * * LIST (\HasNoChildren) . Drafts * LIST (\HasNoChildren) . Trash * LIST (\HasChildren) . INBOX * LIST (\HasChildren) . Shared.System * LIST (\HasChildren) . Shared.Support 02 OK List completed. As you can see I can list Shared.System and Shared.Support which is what I don't want! Tom
Re: [Dovecot] Problems with acl and shared namespace
Hi, i'm answer myself to give other people an hint which has an similar problem (or better say similar none experiences with dovecot). Am 30.06.2011 12:01, schrieb Udo Lembke: Hi, i'm a dovecot-newbie and also new at this mailinglist. I'm try to configure an mailserver with dovecot2, postfix and postfixadmin. At this time i struggle with acl and shared namespace. ... At this time i'm know a little bit more (it's allways good to read the doku). I change my layout to: privat mailbox, privat archive area and public shared area (because of trouble to see shared folder from other accounts). The public shared area are symlinked below the archiv-area: ls -lsa archiv/example.org/test4/ insgesamt 16 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:40 . 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:27 .. 4 drwx-- 2 dovecot dovecot 4096 5. Jul 11:27 archiv 4 -rw--- 1 dovecot dovecot 108 5. Jul 11:40 dovecot-acl-list 0 lrwxrwxrwx 1 rootroot 16 5. Jul 11:27 public - /var/data/public The problem is, that the acls are not reconiced - the acl should forbid an access, but access is possible. This show the telnet imap-session: . list * * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / Spam * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / public * LIST (\Noselect \HasChildren) / archiv/te...@example.org * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_2 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_2/Kundenmails * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_3 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_3/Kundenmails * LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv . OK List completed. During the listing i got the the error: Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_2 Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_2/Kundenmails Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_3 Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_3/Kundenmails This ist right, but why was the mailboxes showed (and also full accessible)? The acl-files: cat public/dovecot-acl #anyone lr cat public/kunde_2/dovecot-acl user=ulem...@example.org lrwstipeka user=te...@example.org lrwstipeka cat public/kunde_2/Kundenmails/dovecot-acl user=te...@example.org akeilprwts user=ulem...@example.org akeilprwts cat public/kunde_3/dovecot-acl user=ulem...@example.org lrwstipeka user=te...@example.org lrwstipeka anyone The acl-entry in the config: plugin { acl = vfile } # To let users LIST mailboxes shared by other users, Dovecot needs a # shared mailbox dictionary. For example: plugin { acl_shared_dict = file:/var/data/dovecot/shared-mailboxes/%u } I have read, that acl_shared_dict with an sql-backend work better like vfile. Use anybody normal vfile for that? The public-namespace: namespace { type = public separator = / prefix = public/ location = maildir:/var/data/public:INDEX=/var/data/indexes/public/%u:LAYOUT=fs inbox = no hidden = no subscriptions = no list = yes } The other config should the same like in the first post. Any hint? Best regards Udo (perhaps i stick to cyrus)
[Dovecot] Problems with acl and shared namespace
Hi, i'm a dovecot-newbie and also new at this mailinglist. I'm try to configure an mailserver with dovecot2, postfix and postfixadmin. At this time i struggle with acl and shared namespace. My goal is, that every user get an archive-area on an separate storage without quota (quota isn't running yet). With: namespace { type = private separator = / prefix = archiv/%u/ location = maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs inbox = no subscriptions = yes list = yes } I see the folder, but i can't subscribe them (with thunderbird, or roundcube). With roundcube i can add a new folder below - so i use the trick autocreate5 = archiv/%u/archiv autosubscribe5 = archiv/%u/archiv This is as workaround ok - or is this a must be?. But the user should also be able to share parts of the archiv-mailbox with other users (partly on different domains). If i change the type of namespace to shared, i can't access the archiv-folder. The logfile shows problems with the acl (but also with private namespace): Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace : type=shared, prefix=archiv/t...@example.com/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:/var/data/archiv/example.com/test:INDEX=/var/data/indexes/archiv/t...@example.com:LAYOUT=fs Jun 30 11:15:11 imap(t...@example.com): Debug: fs: root=/var/data/archiv/example.com/test, index=/var/data/indexes/archiv/t...@example.com, control=, inbox= Jun 30 11:15:11 imap(t...@example.com): Debug: acl: initializing backend with data: vfile Jun 30 11:15:11 imap(t...@example.com): Debug: acl: acl username = t...@example.com Jun 30 11:15:11 imap(t...@example.com): Debug: acl: owner = 0 Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: Global ACL directory: (none) Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace : Using permissions from /var/data/mail/example.com/test: mode=0700 gid=-1 Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: file /var/data/archiv/example.com/test/dovecot-acl not found Jun 30 11:15:11 imap(t...@example.com): Debug: autocreate: Failed to create mailbox archiv: Permission denied Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace archiv/t...@example.com/: Using permissions from /var/data/archiv/example.com/test: mode=0700 gid=-1 Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: file /var/data/mail/example.com/test/dovecot-acl not found I'm wondering about ...dovecot-acl not found because dovecot create an file dovecot-acl-list : # ls -l /var/data/archiv/example.com/test/ drwx-- 5 dovecot dovecot 4096 30. Jun 10:30 archiv -rw--- 1 dovecot dovecot0 30. Jun 10:30 dovecot-acl-list Must the acl first initialized? My first try fails also: doveadm acl set -u t...@example.com archiv/t...@example.com/archiv t...@example.com lrw doveadm(t...@example.com): Fatal: Invalid ID: t...@example.com Not clear for me, what kind of id doveadm needs... I use 2.0.13 for testing. I put my config at the end of the mail. I'm happy if someone can hit me in the right direction, where i make the mistake. Best regards Udo # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.39-2.slh.1-aptosid-amd64 x86_64 Debian wheezy/sid auth_debug = yes auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes auth_verbose_passwords = plain first_valid_gid = 119 first_valid_uid = 110 info_log_path = /var/log/dovecot.log last_valid_uid = 119 lda_mailbox_autocreate = yes mail_debug = yes mail_gid = 119 mail_plugins = acl autocreate quota mail_uid = 110 mbox_very_dirty_syncs = yes namespace { inbox = yes list = yes location = maildir:/var/data/mail/%d/%n:INDEX=/var/data/indexes/mail/%u:LAYOUT=fs prefix = separator = / subscriptions = yes type = private } namespace { inbox = no list = yes location = maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs prefix = archiv/%u/ separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_shared_dict = file:/var/data/dovecot/shared-mailboxes autocreate = Trash autocreate2 = Spam autocreate3 = Drafts autocreate4 = Sent autocreate5 = archiv/%u/archiv autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Drafts autosubscribe4 = Sent autosubscribe5 = archiv/%u/archiv quota = dict:User quota::proxy::quota quota_rule2 = Trash:storage=+55M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postdrop mode = 0660 user = postfix } unix_listener auth-userdb { group = dovecot mode = 0660 user = dovecot } } service dict { unix_listener dict { group = dovecot mode = 0660 user = dovecot } } service imap-login { inet_listener imap { port = 143 }