Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 18:26 +0300, Kerem Erciyes wrote: > Well seems I have a problem. When I enable the imap_acl plugin dovecot will > not start. > > Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: > /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol > "acl_mailbox_right_lookup" Looks like you didn't already have acl plugin enabled, so add it too. Hmm. Maybe these plugins could have a "dependency" setting that complains about missing dependencies or adds them automatically.. > Do you think this is related to mbox instead of maildir setup that we have. > If so, I think I will start by converting to maildirs from mbox and then go > on testing the ACL and Shared Namespace setups. I think that would be a good idea in any case. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
Hi, Well seems I have a problem. When I enable the imap_acl plugin dovecot will not start. Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol "acl_mailbox_right_lookup" FCouldn't load required plugins Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /usr/local/etc/dovecot.conf Do you think this is related to mbox instead of maildir setup that we have. If so, I think I will start by converting to maildirs from mbox and then go on testing the ACL and Shared Namespace setups. Regards, Kerem On Tue, Oct 6, 2009 at 5:37 PM, Timo Sirainen wrote: > On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > > I don't think I've ever tried shared mailboxes with mbox format before, > no > > > idea if it even works.. > > > > > > Is there any way to trace ACL commands isssued by the client? Or should > they > > pop up in debug log if ACLs are active? > > http://wiki.dovecot.org/Debugging/Rawlog could be useful. > > -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > I don't think I've ever tried shared mailboxes with mbox format before, no > > idea if it even works.. > > > Is there any way to trace ACL commands isssued by the client? Or should they > pop up in debug log if ACLs are active? http://wiki.dovecot.org/Debugging/Rawlog could be useful. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
Am 06.10.2009 um 16:04 schrieb Kerem Erciyes: a08 login "*" "*" a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in a09 MYRIGHTS a09 BAD Error in IMAP command MYRIGHTS: Unknown command. a10 GETACL "INBOX" a10 BAD Error in IMAP command GETACL: Unknown command. Add 'imap_acl' to the plugins section to activate it: mail_plugins: imap_acl Regards Thomas
Re: [Dovecot] Debugging IMAP ACLs
Hi Timo, On Tue, Oct 6, 2009 at 4:39 PM, Timo Sirainen wrote: > On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote: > > mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u >> > > I don't think I've ever tried shared mailboxes with mbox format before, no > idea if it even works.. Is there any way to trace ACL commands isssued by the client? Or should they pop up in debug log if ACLs are active? I tried via telnet to issue imap acl commands and all I could get to work was NAMESPACE command. I think you are right, and ACLs are not supported with mbox, or there is something wrong with my setup. Yet I can see the namespace defined in the configuration via NAMESPACE command. telnet localhost 143 Trying 127.0.0.1... Connected to localhost Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Kupyazilim IMAPS/POP3S Server - Dovecot ready. a05 CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA STARTTLS AUTH=PLAIN AUTH=LOGIN a05 OK Capability completed. a08 login "*" "*" a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in a09 MYRIGHTS a09 BAD Error in IMAP command MYRIGHTS: Unknown command. a10 GETACL "INBOX" a10 BAD Error in IMAP command GETACL: Unknown command. a11 SETACL Inbox "pr...@***.com" +s a11 BAD Error in IMAP command SETACL: Unknown command. a13 NAMESPACE * NAMESPACE (("" "/")) (("shared/" "/")) NIL a13 OK Namespace completed. > > > namespace: >> type: shared >> separator: / >> prefix: shared/%%u/ >> location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u >> > > This doesn't really look right. Should probably be more like: > > location = > mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/vmail/shared/%%u > > Sorry, my bad at 3:00 AM. It is fixed now. -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] Debugging IMAP ACLs
On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote: mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u I don't think I've ever tried shared mailboxes with mbox format before, no idea if it even works.. namespace: type: shared separator: / prefix: shared/%%u/ location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u This doesn't really look right. Should probably be more like: location = mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/ vmail/shared/%%u
[Dovecot] Debugging IMAP ACLs
Hello, I upgraded my server to 1.2.4 and now I'm trying to implement ACL support to use with Bynari Insight Connector. Starting out with the wiki page on shared namespaces from http://wiki.dovecot.org/SharedMailboxes/Shared I tried to implement shared mailbox support so that my customers can enjoy more exhange-like qualities with outlook. However I am not sure if the ACLs or Shared Namespaces are really working. I sure would like some help debugging ACL requests by clients, and the configuration I did. Thanks, Kerem Here is the run down of my configuration, if I have screwed up somewhere. *dovecot -n* # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 6.2-STABLE i386 base_dir: /var/run/dovecot/ log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-debug.log protocols: imap imaps pop3 pop3s disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_greeting: Kupyazilim IMAPS/POP3S Server - Dovecot ready. verbose_proctitle: yes first_valid_uid: 100 first_valid_gid: 6 mail_privileged_group: mail mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%u/ location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u list: children lda: postmaster_address: postmas...@kupyazilim.com.tr mail_plugins: quota log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: plain login user: nobody passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: prefetch socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: mail master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: mail plugin: acl_shared_dict: proxy::acl dict: quota: maildir:storage=10240:messages=1000 trash: /usr/local/etc/trash.conf acl: mysql:/usr/local/etc/dovecot-dict-sql.conf * cat /usr/local/etc/dovecot-acl.conf * # mail_location copied from dovecot.conf for reference only # # mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u # note: it is %d/%u here but only %u in dovecot-sql.conf # You need to create also a private namespace: namespace private { separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { separator = / prefix = shared/%%u/ #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u subscriptions = no list = children } # Set ACL to SQL Server and Reference sql-dictionary # Table implemented in mysql:/postfix/user_shares plugin { acl_shared_dict = proxy::acl } dict { acl = mysql:/usr/local/etc/dovecot-dict-sql.conf } *cat /usr/local/etc/dovecot-dict-sql.conf * map { pattern = shared/shared-boxes/user/$to/$from table = user_shares value_field = dummy fields { from_user = $from to_user = $to } } -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83