Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 18:26 +0300, Kerem Erciyes wrote: > Well seems I have a problem. When I enable the imap_acl plugin dovecot will > not start. > > Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: > /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol > "acl_mailbox_right_lookup" Looks like you didn't already have acl plugin enabled, so add it too. Hmm. Maybe these plugins could have a "dependency" setting that complains about missing dependencies or adds them automatically.. > Do you think this is related to mbox instead of maildir setup that we have. > If so, I think I will start by converting to maildirs from mbox and then go > on testing the ACL and Shared Namespace setups. I think that would be a good idea in any case. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
Hi, Well seems I have a problem. When I enable the imap_acl plugin dovecot will not start. Edlopen(/usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so) failed: /usr/local/lib/dovecot/imap/lib02_imap_acl_plugin.so: Undefined symbol "acl_mailbox_right_lookup" FCouldn't load required plugins Error: imap dump-capability process returned 89 Fatal: Invalid configuration in /usr/local/etc/dovecot.conf Do you think this is related to mbox instead of maildir setup that we have. If so, I think I will start by converting to maildirs from mbox and then go on testing the ACL and Shared Namespace setups. Regards, Kerem On Tue, Oct 6, 2009 at 5:37 PM, Timo Sirainen wrote: > On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > > I don't think I've ever tried shared mailboxes with mbox format before, > no > > > idea if it even works.. > > > > > > Is there any way to trace ACL commands isssued by the client? Or should > they > > pop up in debug log if ACLs are active? > > http://wiki.dovecot.org/Debugging/Rawlog could be useful. > > -- Kerem Erciyes Sistem Danismani http://proje.keremerciyes.com kerem.erci...@gmail.com +90 532 737 05 83
Re: [Dovecot] Debugging IMAP ACLs
On Tue, 2009-10-06 at 17:04 +0300, Kerem Erciyes wrote: > > I don't think I've ever tried shared mailboxes with mbox format before, no > > idea if it even works.. > > > Is there any way to trace ACL commands isssued by the client? Or should they > pop up in debug log if ACLs are active? http://wiki.dovecot.org/Debugging/Rawlog could be useful. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Debugging IMAP ACLs
Am 06.10.2009 um 16:04 schrieb Kerem Erciyes: a08 login "*" "*" a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in a09 MYRIGHTS a09 BAD Error in IMAP command MYRIGHTS: Unknown command. a10 GETACL "INBOX" a10 BAD Error in IMAP command GETACL: Unknown command. Add 'imap_acl' to the plugins section to activate it: mail_plugins: imap_acl Regards Thomas
Re: [Dovecot] Debugging IMAP ACLs
Hi Timo,
On Tue, Oct 6, 2009 at 4:39 PM, Timo Sirainen wrote:
> On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote:
>
> mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u
>>
>
> I don't think I've ever tried shared mailboxes with mbox format before, no
> idea if it even works..
Is there any way to trace ACL commands isssued by the client? Or should they
pop up in debug log if ACLs are active?
I tried via telnet to issue imap acl commands and all I could get to work
was NAMESPACE command. I think you are right, and ACLs are not supported
with mbox, or there is something wrong with my setup. Yet I can see the
namespace defined in the configuration via NAMESPACE command.
telnet localhost 143
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] Kupyazilim IMAPS/POP3S Server - Dovecot
ready.
a05 CAPABILITY
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH QUOTA STARTTLS AUTH=PLAIN AUTH=LOGIN
a05 OK Capability completed.
a08 login "*" "*"
a08 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH QUOTA] Logged in
a09 MYRIGHTS
a09 BAD Error in IMAP command MYRIGHTS: Unknown command.
a10 GETACL "INBOX"
a10 BAD Error in IMAP command GETACL: Unknown command.
a11 SETACL Inbox "pr...@***.com" +s
a11 BAD Error in IMAP command SETACL: Unknown command.
a13 NAMESPACE
* NAMESPACE (("" "/")) (("shared/" "/")) NIL
a13 OK Namespace completed.
>
>
> namespace:
>> type: shared
>> separator: /
>> prefix: shared/%%u/
>> location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u
>>
>
> This doesn't really look right. Should probably be more like:
>
> location =
> mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/vmail/shared/%%u
>
>
Sorry, my bad at 3:00 AM. It is fixed now.
--
Kerem Erciyes
Sistem Danismani
http://proje.keremerciyes.com
kerem.erci...@gmail.com
+90 532 737 05 83
Re: [Dovecot] Debugging IMAP ACLs
On Oct 6, 2009, at 7:24 AM, Kerem Erciyes wrote: mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u I don't think I've ever tried shared mailboxes with mbox format before, no idea if it even works.. namespace: type: shared separator: / prefix: shared/%%u/ location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u This doesn't really look right. Should probably be more like: location = mbox:%%h/mail:INBOX=/usr/home/vmail/%%d/%%u:INDEX=/usr/home/ vmail/shared/%%u
[Dovecot] Debugging IMAP ACLs
Hello,
I upgraded my server to 1.2.4 and now I'm trying to implement ACL support to
use with Bynari Insight Connector. Starting out with the wiki page on shared
namespaces from http://wiki.dovecot.org/SharedMailboxes/Shared I tried to
implement shared mailbox support so that my customers can enjoy more
exhange-like qualities with outlook.
However I am not sure if the ACLs or Shared Namespaces are really working. I
sure would like some help debugging ACL requests by clients, and the
configuration I did.
Thanks,
Kerem
Here is the run down of my configuration, if I have screwed up somewhere.
*dovecot -n*
# 1.2.4: /usr/local/etc/dovecot.conf
# OS: FreeBSD 6.2-STABLE i386
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-debug.log
protocols: imap imaps pop3 pop3s
disable_plaintext_auth: no
login_dir: /var/run/dovecot//login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting: Kupyazilim IMAPS/POP3S Server - Dovecot ready.
verbose_proctitle: yes
first_valid_uid: 100
first_valid_gid: 6
mail_privileged_group: mail
mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
tb-extra-mailbox-sep
imap_client_workarounds(imap): outlook-idle delay-newmail
tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: /
inbox: yes
list: yes
subscriptions: yes
namespace:
type: shared
separator: /
prefix: shared/%%u/
location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u
list: children
lda:
postmaster_address: postmas...@kupyazilim.com.tr
mail_plugins: quota
log_path: /var/log/dovecot-deliver.log
info_log_path: /var/log/dovecot-deliver.log
auth default:
mechanisms: plain login
user: nobody
passdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: prefetch
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: mail
master:
path: /var/run/dovecot/auth-master
mode: 432
user: vmail
group: mail
plugin:
acl_shared_dict: proxy::acl
dict:
quota: maildir:storage=10240:messages=1000
trash: /usr/local/etc/trash.conf
acl: mysql:/usr/local/etc/dovecot-dict-sql.conf
*
cat /usr/local/etc/dovecot-acl.conf *
# mail_location copied from dovecot.conf for reference only
#
# mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u
# note: it is %d/%u here but only %u in dovecot-sql.conf
# You need to create also a private namespace:
namespace private {
separator = /
prefix =
#location defaults to mail_location.
inbox = yes
}
namespace shared {
separator = /
prefix = shared/%%u/
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
location = mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u
subscriptions = no
list = children
}
# Set ACL to SQL Server and Reference sql-dictionary
# Table implemented in mysql:/postfix/user_shares
plugin {
acl_shared_dict = proxy::acl
}
dict {
acl = mysql:/usr/local/etc/dovecot-dict-sql.conf
}
*cat /usr/local/etc/dovecot-dict-sql.conf *
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
--
Kerem Erciyes
Sistem Danismani
http://proje.keremerciyes.com
kerem.erci...@gmail.com
+90 532 737 05 83
