Re: [Dovecot] how to disable quota for second namespace?
Am 20.09.2011 17:36, schrieb Udo Lembke:
Hi all,
I have a second namespace as archive, where no quota should be active
(work with type = shared).
But if I change the type to private the quota will allways count.
Hi,
for reference only (if someone find this post) with help in the
irc-channel I got the right configuration:
plugin {
quota = maildir:User quota:ns=
quota2 = maildir:Archiv quota:ns=archiv/%u/
}
plugin {
quota_rule = *:storage=500M
quota_rule2 = Trash:storage=+100M
quota_rule3 = Sent:storage=+50M
quota_rule4 = ns=archiv/%u/:ignore
}
The :ns= do the right trick!
Here the result:
doveadm quota get -u t...@example.com
Quota name
Type Value Limit %
User quota
STORAGE 95132 204800 46
User quota
MESSAGE6423 - 0
Archiv quota
STORAGE 3290972 - 0
Archiv quota
MESSAGE 136950 - 0
Udo
[Dovecot] how to disable quota for second namespace?
Hi all,
I have a second namespace as archive, where no quota should be active
(work with type = shared).
But if I change the type to private the quota will allways count.
My dovecot version is the 2.0.13.
I have tried things like this:
plugin {
quota_rule = *:storage=500M
quota_rule2 = Trash:storage=+100M
quota_rule3 = Sent:storage=+50M
quota_rule4 = ns=archiv/%u/:ignore
}
It's also doesn't work with quota_rule4 = archiv/%u/:ignore
The namespace:
namespace {
type = private
separator = /
prefix = archiv/%u/
location =
maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs
inbox = no
hidden = no
subscriptions = no
list = yes
}
Even if I define the namespace for quota I see the quota-value also in
the root:
plugin {
quota = maildir:User quota
quota2 = maildir:Archiv quota:ns=archiv/%u/
}
doveadm quota get -u t...@example.com
Quota name
Type Value Limit %
User quota
STORAGE 1587135 512000 309
User quota
MESSAGE 13346 - 0
Archiv quota
STORAGE 1359379 - 0
Archiv quota
MESSAGE 10577 - 0
du -ks /var/data/mail/example.com/test
234364 /var/data/mail/example.com/test
du -ks /var/data/archiv/example.com/test
1383792 /var/data/archiv/example.com/test
Now is the big question, how can I reach such an output?
doveadm quota get -u t...@example.com
Quota name
Type Value Limit %
User quota
STORAGE 227756 512000 44
User quota
MESSAGE2769 - 0
Archiv quota
STORAGE 1359379 - 0
Archiv quota
MESSAGE 10577 - 0
I can't believe that's only possible with a shared namespace, or?
Any hints are welcome.
Best regards
Udo
Re: [Dovecot] Public Mailbox ACLs
Hi Tom,
sorry that I can't help you, but i have the same issue ( see thread
[Dovecot] Problems with acl and shared namespace ).
With a slightly different config (separator / and so on) but the same
result - the public mailboxes are full accessible also from unauthorized
accounts.
I have also no answer to my questions - so i hope one of us get an answer.
BTW. which dovecot version do you use? I use 2.0.13 - perhaps i should
try 1.x? But i want to use new software on the new mailserver...
Udo
Am 06.07.2011 10:12, schrieb Tom Clark:
Hi,
I've tried doing the following still with no luck.
namespace {
type = public
separator = .
prefix = Shared.
location = maildir:/var/spool/maildir:INDEX=~/Maildir/Shared
subscriptions = no
}
This allows everyone still to see Shared on subscriptions. Does anyone know
how to stop this??
Tom
...
Re: [Dovecot] Public Mailbox ACLs
Hi Tom,
are the ACLs working for you as namespace-type shared, or public?
The non-reconiced ACLs are on type public at my installation (all user
can access all folders).
I had already in 20-imap.conf:
protocol imap {
mail_plugins = $mail_plugins acl imap_acl
...
and in 10-mail.conf:
mail_plugins = acl autocreate quota
OK, acl are doubled, but i hope that's no problem.
Udo
Am 06.07.2011 13:49, schrieb Tom Clark:
Hi Udo,
I'm using 2.0.8. I've managed to get the ACLs working by adding:
mail_plugins = acl
protocol imap {
mail_plugins = $mail_plugins imap_acl
}
To the bottom of 10-mail.conf in /etc/dovecot/conf.d/ (not sure if this is
technically the right place. It may be better adding them to the plugins
file).
Then added the dovecot-acl files into the subdirectories.
The only problem I'm having is that I can't get dovecot to NOT display the
top level shared folders.
Tom
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, Am 06.07.2011 14:38, schrieb Tom Clark: Hi Udo, My folders are public mailboxes rather than shared. Why don't you copy your namespace and dovecot-acl files here and we'll have a look at them? i like to do so - and during copy/paste i found the issue!! Jul 06 15:06:41 imap(te...@example.org): Debug: acl vfile: reading file /var/data/public/kunde_2/dovecot-acl ... Jul 06 15:06:41 imap(te...@example.org): Debug: acl vfile: reading file /var/data/archiv/example.org/test4/public/kunde_2/dovecot-acl ... Jul 06 15:06:41 imap(te...@example.org): Debug: acl: No lookup right to mailbox: public/kunde_2 This came throug one link ( /var/data/archiv/example.org/test4/public - /var/data/public ) I removed the link and now i can't see the public-folders below the users archiv-area. But below the public-namespace the ACLs now working!! BTW. i think also with links should ACLs working. Thanks. Udo
Re: [Dovecot] Problems with acl and shared namespace [solved]
The problem with not reconiced acl-files are solved. It's an bad idea to use a link from one shared/public area to another. Am 05.07.2011 12:47, schrieb Udo Lembke: ... The public shared area are symlinked below the archiv-area: ls -lsa archiv/example.org/test4/ insgesamt 16 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:40 . 4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:27 .. 4 drwx-- 2 dovecot dovecot 4096 5. Jul 11:27 archiv 4 -rw--- 1 dovecot dovecot 108 5. Jul 11:40 dovecot-acl-list 0 lrwxrwxrwx 1 rootroot 16 5. Jul 11:27 public - /var/data/public After removing the link, the list command show the right result: The problem is, that the acls are not reconiced - the acl should forbid an access, but access is possible. This show the telnet imap-session: . list * * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / Spam * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / public * LIST (\Noselect \HasChildren) / archiv/te...@example.org * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_2 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_2/Kundenmails * LIST (\Noselect \HasChildren) / archiv/te...@example.org/public/kunde_3 * LIST (\HasNoChildren) / archiv/te...@example.org/public/kunde_3/Kundenmails * LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv . OK List completed. . list * * LIST (\HasNoChildren) / Drafts * LIST (\HasNoChildren) / Spam * LIST (\HasNoChildren) / Sent * LIST (\HasNoChildren) / Trash * LIST (\HasNoChildren) / INBOX * LIST (\Noselect \HasChildren) / public * LIST (\Noselect \HasChildren) / archiv/te...@example.org * LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv . OK List completed. Udo
Re: [Dovecot] share an IMAP folder ?
Am 06.07.2011 16:19, schrieb Matt Rude: ... Johan, How are your users sharing there folders in Roundcube? Are you running a plugin or is there native support that I'm just not seeing? Thanks -Matt Hi, Personal Settings - Folder But you have to allow the folders via ACL-file (dovecot-acl) see http://wiki.dovecot.org/ACL Udo
Re: [Dovecot] Public Mailbox ACLs
Hi Tom, any hints in the dovecot-log if you enable verbose logging? info_log_path = /var/log/dovecot.log auth_verbose = yes auth_debug = yes mail_debug = yes And how looks your acl-files? Udo Am 06.07.2011 16:39, schrieb Tom Clark: Hi Udo, Glad you got it working. I decided to do the list test. This is what I'm getting as a user not allowed access to the shared folders: 02 LIST * * LIST (\HasNoChildren) . Drafts * LIST (\HasNoChildren) . Trash * LIST (\HasChildren) . INBOX * LIST (\HasChildren) . Shared.System * LIST (\HasChildren) . Shared.Support 02 OK List completed. As you can see I can list Shared.System and Shared.Support which is what I don't want! Tom
Re: [Dovecot] Problems with acl and shared namespace
Hi,
i'm answer myself to give other people an hint which has an similar
problem (or better say similar none experiences with dovecot).
Am 30.06.2011 12:01, schrieb Udo Lembke:
Hi,
i'm a dovecot-newbie and also new at this mailinglist.
I'm try to configure an mailserver with dovecot2, postfix and
postfixadmin. At this time i struggle with acl and shared namespace.
...
At this time i'm know a little bit more (it's allways good to read the
doku).
I change my layout to: privat mailbox, privat archive area and public
shared area (because of trouble to see shared folder from other accounts).
The public shared area are symlinked below the archiv-area:
ls -lsa archiv/example.org/test4/
insgesamt 16
4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:40 .
4 drwx-- 3 dovecot dovecot 4096 5. Jul 11:27 ..
4 drwx-- 2 dovecot dovecot 4096 5. Jul 11:27 archiv
4 -rw--- 1 dovecot dovecot 108 5. Jul 11:40 dovecot-acl-list
0 lrwxrwxrwx 1 rootroot 16 5. Jul 11:27 public - /var/data/public
The problem is, that the acls are not reconiced - the acl should forbid
an access, but access is possible.
This show the telnet imap-session:
. list *
* LIST (\HasNoChildren) / Drafts
* LIST (\HasNoChildren) / Spam
* LIST (\HasNoChildren) / Sent
* LIST (\HasNoChildren) / Trash
* LIST (\HasNoChildren) / INBOX
* LIST (\Noselect \HasChildren) / public
* LIST (\Noselect \HasChildren) / archiv/te...@example.org
* LIST (\Noselect \HasChildren) / archiv/te...@example.org/public
* LIST (\Noselect \HasChildren) /
archiv/te...@example.org/public/kunde_2
* LIST (\HasNoChildren) /
archiv/te...@example.org/public/kunde_2/Kundenmails
* LIST (\Noselect \HasChildren) /
archiv/te...@example.org/public/kunde_3
* LIST (\HasNoChildren) /
archiv/te...@example.org/public/kunde_3/Kundenmails
* LIST (\Noselect \HasNoChildren) / archiv/te...@example.org/archiv
. OK List completed.
During the listing i got the the error:
Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to
mailbox: public/kunde_2
Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to
mailbox: public/kunde_2/Kundenmails
Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to
mailbox: public/kunde_3
Jul 05 12:21:41 imap(te...@example.org): Debug: acl: No lookup right to
mailbox: public/kunde_3/Kundenmails
This ist right, but why was the mailboxes showed (and also full accessible)?
The acl-files:
cat public/dovecot-acl
#anyone lr
cat public/kunde_2/dovecot-acl
user=ulem...@example.org lrwstipeka
user=te...@example.org lrwstipeka
cat public/kunde_2/Kundenmails/dovecot-acl
user=te...@example.org akeilprwts
user=ulem...@example.org akeilprwts
cat public/kunde_3/dovecot-acl
user=ulem...@example.org lrwstipeka
user=te...@example.org lrwstipeka
anyone
The acl-entry in the config:
plugin {
acl = vfile
}
# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
acl_shared_dict = file:/var/data/dovecot/shared-mailboxes/%u
}
I have read, that acl_shared_dict with an sql-backend work better like
vfile. Use anybody normal vfile for that?
The public-namespace:
namespace {
type = public
separator = /
prefix = public/
location =
maildir:/var/data/public:INDEX=/var/data/indexes/public/%u:LAYOUT=fs
inbox = no
hidden = no
subscriptions = no
list = yes
}
The other config should the same like in the first post.
Any hint?
Best regards
Udo (perhaps i stick to cyrus)
[Dovecot] Problems with acl and shared namespace
Hi,
i'm a dovecot-newbie and also new at this mailinglist.
I'm try to configure an mailserver with dovecot2, postfix and
postfixadmin. At this time i struggle with acl and shared namespace.
My goal is, that every user get an archive-area on an separate storage
without quota (quota isn't running yet).
With:
namespace {
type = private
separator = /
prefix = archiv/%u/
location =
maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs
inbox = no
subscriptions = yes
list = yes
}
I see the folder, but i can't subscribe them (with thunderbird, or
roundcube). With roundcube i can add a new folder below - so i use the trick
autocreate5 = archiv/%u/archiv
autosubscribe5 = archiv/%u/archiv
This is as workaround ok - or is this a must be?.
But the user should also be able to share parts of the archiv-mailbox
with other users (partly on different domains).
If i change the type of namespace to shared, i can't access the
archiv-folder.
The logfile shows problems with the acl (but also with private namespace):
Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace : type=shared,
prefix=archiv/t...@example.com/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes
location=maildir:/var/data/archiv/example.com/test:INDEX=/var/data/indexes/archiv/t...@example.com:LAYOUT=fs
Jun 30 11:15:11 imap(t...@example.com): Debug: fs:
root=/var/data/archiv/example.com/test,
index=/var/data/indexes/archiv/t...@example.com, control=, inbox=
Jun 30 11:15:11 imap(t...@example.com): Debug: acl: initializing backend
with data: vfile
Jun 30 11:15:11 imap(t...@example.com): Debug: acl: acl username =
t...@example.com
Jun 30 11:15:11 imap(t...@example.com): Debug: acl: owner = 0
Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: Global ACL
directory: (none)
Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace : Using
permissions from /var/data/mail/example.com/test: mode=0700 gid=-1
Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: file
/var/data/archiv/example.com/test/dovecot-acl not found
Jun 30 11:15:11 imap(t...@example.com): Debug: autocreate: Failed to
create mailbox archiv: Permission denied
Jun 30 11:15:11 imap(t...@example.com): Debug: Namespace
archiv/t...@example.com/: Using permissions from
/var/data/archiv/example.com/test: mode=0700 gid=-1
Jun 30 11:15:11 imap(t...@example.com): Debug: acl vfile: file
/var/data/mail/example.com/test/dovecot-acl not found
I'm wondering about ...dovecot-acl not found because dovecot create an
file dovecot-acl-list :
# ls -l /var/data/archiv/example.com/test/
drwx-- 5 dovecot dovecot 4096 30. Jun 10:30 archiv
-rw--- 1 dovecot dovecot0 30. Jun 10:30 dovecot-acl-list
Must the acl first initialized? My first try fails also:
doveadm acl set -u t...@example.com archiv/t...@example.com/archiv
t...@example.com lrw
doveadm(t...@example.com): Fatal: Invalid ID: t...@example.com
Not clear for me, what kind of id doveadm needs...
I use 2.0.13 for testing. I put my config at the end of the mail.
I'm happy if someone can hit me in the right direction, where i make the
mistake.
Best regards
Udo
# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.39-2.slh.1-aptosid-amd64 x86_64 Debian wheezy/sid
auth_debug = yes
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
auth_verbose_passwords = plain
first_valid_gid = 119
first_valid_uid = 110
info_log_path = /var/log/dovecot.log
last_valid_uid = 119
lda_mailbox_autocreate = yes
mail_debug = yes
mail_gid = 119
mail_plugins = acl autocreate quota
mail_uid = 110
mbox_very_dirty_syncs = yes
namespace {
inbox = yes
list = yes
location =
maildir:/var/data/mail/%d/%n:INDEX=/var/data/indexes/mail/%u:LAYOUT=fs
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
inbox = no
list = yes
location =
maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs
prefix = archiv/%u/
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_shared_dict = file:/var/data/dovecot/shared-mailboxes
autocreate = Trash
autocreate2 = Spam
autocreate3 = Drafts
autocreate4 = Sent
autocreate5 = archiv/%u/archiv
autosubscribe = Trash
autosubscribe2 = Spam
autosubscribe3 = Drafts
autosubscribe4 = Sent
autosubscribe5 = archiv/%u/archiv
quota = dict:User quota::proxy::quota
quota_rule2 = Trash:storage=+55M
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap lmtp pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postdrop
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = dovecot
mode = 0660
user = dovecot
}
}
service dict {
unix_listener dict {
group = dovecot
mode = 0660
user = dovecot
}
}
service imap-login {
inet_listener imap {
port = 143
}
