Re: [Dovecot] ACL with IMAP proxying
It worked! Thanks a lot for your help and have a wonderful day! On Fri, Jan 6, 2012 at 1:57 PM, Timo Sirainen wrote: > Another possibility: http://wiki2.dovecot.org/PostLoginScripting > > and set MASTER_USER environment. > > On Fri, 2012-01-06 at 13:55 +0100, Alexis Lelion wrote: > > Thanks Timo. > > I'm actually using a packaged version of Dovecot 2.0 from Debian, so I > > can't apply the patch easily right now. > > I'll try do build dovecot this weekend and see if it solves the issue. > > > > Cheers > > > > Alexis > > > > On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen wrote: > > > > > On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > > > > > > > Thanks for your prompt answer, I wasn't expecting an answer that > soon ;-) > > > > I just tried your workaround, and actually, master_user is properly > set > > > to > > > > the username, but then is overriden with the proxy login again : > > > > > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > mail=maildir:/var/vmail/domain/user > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/quota=dirsize:storage=0 > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/master_user=user > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/master_user=proxy > > > > > > I thought it would have been the other way around.. See if > > > http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > > > > > > > Is there any other flag I can set to avoid this? (Something like Y > for > > > the > > > > password)? > > > > > > Nope. > > > > > > > > > > > >
Re: [Dovecot] ACL with IMAP proxying
Another possibility: http://wiki2.dovecot.org/PostLoginScripting and set MASTER_USER environment. On Fri, 2012-01-06 at 13:55 +0100, Alexis Lelion wrote: > Thanks Timo. > I'm actually using a packaged version of Dovecot 2.0 from Debian, so I > can't apply the patch easily right now. > I'll try do build dovecot this weekend and see if it solves the issue. > > Cheers > > Alexis > > On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen wrote: > > > On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > > > > > Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) > > > I just tried your workaround, and actually, master_user is properly set > > to > > > the username, but then is overriden with the proxy login again : > > > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > mail=maildir:/var/vmail/domain/user > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > plugin/quota=dirsize:storage=0 > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > plugin/master_user=user > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > plugin/master_user=proxy > > > > I thought it would have been the other way around.. See if > > http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > > > > > Is there any other flag I can set to avoid this? (Something like Y for > > the > > > password)? > > > > Nope. > > > > > >
Re: [Dovecot] ACL with IMAP proxying
Thanks Timo. I'm actually using a packaged version of Dovecot 2.0 from Debian, so I can't apply the patch easily right now. I'll try do build dovecot this weekend and see if it solves the issue. Cheers Alexis On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen wrote: > On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > > > Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) > > I just tried your workaround, and actually, master_user is properly set > to > > the username, but then is overriden with the proxy login again : > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > mail=maildir:/var/vmail/domain/user > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/quota=dirsize:storage=0 > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/master_user=user > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/master_user=proxy > > I thought it would have been the other way around.. See if > http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > > > Is there any other flag I can set to avoid this? (Something like Y for > the > > password)? > > Nope. > > >
Re: [Dovecot] ACL with IMAP proxying
On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) > I just tried your workaround, and actually, master_user is properly set to > the username, but then is overriden with the proxy login again : > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > mail=maildir:/var/vmail/domain/user > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > plugin/quota=dirsize:storage=0 > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > plugin/master_user=user > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > plugin/master_user=proxy I thought it would have been the other way around.. See if http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > Is there any other flag I can set to avoid this? (Something like Y for the > password)? Nope.
Re: [Dovecot] ACL with IMAP proxying
Hi Timo, Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy Is there any other flag I can set to avoid this? (Something like Y for the password)? Alexis On Fri, Jan 6, 2012 at 12:48 PM, Timo Sirainen wrote: > On Fri, 2012-01-06 at 12:36 +0100, Alexis Lelion wrote: > > The thing is that when the ACLs are checked, it actually doesn't give > > the user login, but the master login, which is useless. > > Yes, this is intentional. > > > Is there a way to use the first part of destuser as it is done when > > fetching info from the userdb? > > You should be able to work around this with modifying userdb's query: > > user_query = select '%n' AS master_user, ... > > >
Re: [Dovecot] ACL with IMAP proxying
On Fri, 2012-01-06 at 12:36 +0100, Alexis Lelion wrote: > The thing is that when the ACLs are checked, it actually doesn't give > the user login, but the master login, which is useless. Yes, this is intentional. > Is there a way to use the first part of destuser as it is done when > fetching info from the userdb? You should be able to work around this with modifying userdb's query: user_query = select '%n' AS master_user, ...
[Dovecot] ACL with IMAP proxying
Hello,
I'm trying to use ACLs to restrict subscription on public mailboxes, but
I went into trouble.
My setup is made of two servers, and users are shared between them via a
proxy. User authentication is done with LDAP, and credentials aren't
shared between the mailservers. Instead, the proxies are using master
password.
The thing is that when the ACLs are checked, it actually doesn't give
the user login, but the master login, which is useless.
Is there a way to use the first part of destuser as it is done when
fetching info from the userdb?
Any help is appreciated,
Thansk!
Alexis
--
ACL bug logs :
104184 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: acl
username = proxy
104185 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: owner
= 0
104186 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl vfile:
Global ACL directory: (none)
104187 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: Namespace
: type=public, prefix=Shared., sep=., inbox=no,hidden=no, list=yes,
subscriptions=no location=maildir:/var/vmail/domain/Shared
--
Output of "dovecot -n"
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.3 ext3
auth_debug = yes
auth_master_user_separator = *
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
first_valid_uid = 150
lmtp_proxy = yes
login_trusted_networks = mail01.ip
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%n
mail_nfs_storage = yes
mail_plugins = acl
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location = maildir:/var/vmail/%d/%n
prefix =
separator = .
type = private
}
namespace {
location = maildir:/var/vmail/domain/Shared
prefix = Shared.
separator = .
subscriptions = no
type = public
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
recipient_delimiter = +
sieve_after = /var/lib/dovecot/sieve/after.d/
sieve_before = /var/lib/dovecot/sieve/pre.d/
sieve_dir = /var/vmail/%d/%n/sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
}
postmaster_address = user@domain
protocols = " imap lmtp sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service lmtp {
inet_listener lmtp {
address = mail02.ip
port = 24
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
ssl = required
ssl_cert =
