Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part). So I suggest update in the wiki: n.b. If you have dots . in your usernames (like `name.surname` or `n...@example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. on http://master.wiki2.dovecot.org/SharedMailboxes/Shared
Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Am 23.04.2014 08:50, schrieb Frantisek Kucera: P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part). So I suggest update in the wiki: n.b. If you have dots . in your usernames (like `name.surname` or `n...@example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. on http://master.wiki2.dovecot.org/SharedMailboxes/Shared i am not sure here ,what you try to goal i have users with dots ( like test.exam...@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a): Am 23.04.2014 08:50, schrieb Frantisek Kucera: So I suggest update in the wiki: n.b. If you have dots . in your usernames (like `name.surname` or `n...@example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. i am not sure here ,what you try to goal i have users with dots ( like test.exam...@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested And you have separator = . ? I am afraid that this can't work, because if e-mail client requests folder e.g. shared.n...@example.com.some.folder Dovecot is not able to guess where the username ends and where starts folder name. But if separator is / and the client requests shared/n...@example.com/some/folder it is no problem to extract username from it and look it up in the database. (setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users) Franta
Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Am 23.04.2014 09:23, schrieb Frantisek Kucera: Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a): Am 23.04.2014 08:50, schrieb Frantisek Kucera: So I suggest update in the wiki: n.b. If you have dots . in your usernames (like `name.surname` or `n...@example.com`) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in such cases. i am not sure here ,what you try to goal i have users with dots ( like test.exam...@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested And you have separator = . ? I am afraid that this can't work, because if e-mail client requests folder e.g. shared.n...@example.com.some.folder Dovecot is not able to guess where the username ends and where starts folder name. But if separator is / and the client requests shared/n...@example.com/some/folder it is no problem to extract username from it and look it up in the database. (setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users) Franta i have separator = / why you wanna use different ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a): i have separator = / why you wanna use different ? I don't insist on the dot :-) And I also see / as better and more meaningful separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed with it until I hit on this issue. Franta
Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Am 23.04.2014 10:17, schrieb Frantisek Kucera: Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a): i have separator = / why you wanna use different ? I don't insist on the dot :-) And I also see / as better and more meaningful separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed with it until I hit on this issue. Franta Ok, i understand Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
[Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Hello, I have Dovecot configured for multiple domains (usernames are u...@domain.tld) and I wanted to enable shared mailboxes. But there is some problem - if I share a folder, other user can't see it. In the log I foud: Apr 22 19:21:02 veverka dovecot: imap(u...@veverka.tld): Error: Couldn't create namespace 'shared.' for user petr: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u Apr 22 19:21:02 veverka dovecot: imap(u...@veverka.tld): Error: Couldn't create namespace 'shared.' for user emclient@veverka: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u Which is weird because the user name is petr.surname not only petr and the domain is veverka.tld not only veverka. So I turned on SQL logging on my PostgreSQL and saw that Dovecot executes these queries: 2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'petr' AND domena = '' 2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'emclient' AND domena = 'veverka' The first username was petr.surn...@veverka.tld and the second one was emcli...@veverka.tld so it seems that it was truncated right after first . dot and I afraid that this is a bug. Then it is obvious that Dovecot can't find the home directory and complains in log (as mentioned above). I found workaround – I had . configured as namespace separator so I reconfigured it to / slash and now mailbox sharing works! But I think that it should work also with . dot separator and the values should not be truncated in SQL queries. I tried also using '%u' in my SQL and its value was also truncated. Values in dovecot-acl a shared-mailboxes files seem to be ok. BTW: I have also another server with only one domain and simple user names (no dots) and there the mailbox sharing works – but now it seems that it works only accidentally. This might lead to hardly debuggable problems if someone has usernames with and without dots – mailbox sharing will work for some users but for some not. My old configuration: password_query = SELECT * FROM dovecot_heslo WHERE login = '%n' AND domena = '%d' user_query = SELECT * FROM dovecot_uzivatel WHERE login = '%n' AND domena = '%d' iterate_query = SELECT login AS username, domena AS domain FROM dovecot_uzivatel namespace { type = shared separator = . prefix = shared.%%u. location = maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = yes list = children } Had to be reconfigured to: separator = / prefix = shared/%%u/ Used version: # dovecot --version 2.1.7 # uname -a Linux veverka 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Regards, Franta P.S. If you have similar problem and have to switch from . to / separators, don't forget to update your Sieve scripts (with fileinto). And sometimes also reconfiguration of the client is needed (e.g. NGImap4ConnectionStringSeparator in SOGo; and Kontact/KMail stopped working and I had to recreate the account in this client).
[Dovecot] Shared mailboxes / IMAP folder performance
Hello, how performant is an IMAP shared folder / mailbox if it contains 2 million mails? Is it possible two have such a quantity of mails in a shared folder? Is it possible to search that shared folder for mails in a fast way? Regards Sebastian
Re: [Dovecot] Shared mailboxes / IMAP folder performance
Am 21.01.2014 17:31, schrieb Sebastian Schlatow: Hello, how performant is an IMAP shared folder / mailbox if it contains 2 million mails? Is it possible two have such a quantity of mails in a shared folder? Is it possible to search that shared folder for mails in a fast way? Regards Sebastian there might no ultimate answer for this ,cause it might not depend on the number of mails only, there might be other complex setup stuff involved, at the end with which client you like to search, why not simply test it with a test server, shouldnt take much time Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Shared mailboxes / IMAP folder performance
Am 21.01.2014 17:51, schrieb Robert Schetterer: Am 21.01.2014 17:31, schrieb Sebastian Schlatow: Hello, how performant is an IMAP shared folder / mailbox if it contains 2 million mails? Is it possible two have such a quantity of mails in a shared folder? Is it possible to search that shared folder for mails in a fast way? Regards Sebastian there might no ultimate answer for this ,cause it might not depend on the number of mails only, there might be other complex setup stuff involved, at the end with which client you like to search, why not simply test it with a test server, shouldnt take much time Best Regards MfG Robert Schetterer Thanks for your quick reply. As a client Thunderbird, Evolution and Outlook should be used. In rare cases maybe mobile clients on iOS and Android. So it is principle possible to have it performant? I asked because I wanted to know if it makes sense to setup a test system for that.
Re: [Dovecot] Shared mailboxes / IMAP folder performance
Am 21.01.2014 18:09, schrieb Sebastian Schlatow: Am 21.01.2014 17:51, schrieb Robert Schetterer: Am 21.01.2014 17:31, schrieb Sebastian Schlatow: Hello, how performant is an IMAP shared folder / mailbox if it contains 2 million mails? Is it possible two have such a quantity of mails in a shared folder? Is it possible to search that shared folder for mails in a fast way? Regards Sebastian there might no ultimate answer for this ,cause it might not depend on the number of mails only, there might be other complex setup stuff involved, at the end with which client you like to search, why not simply test it with a test server, shouldnt take much time Best Regards MfG Robert Schetterer Thanks for your quick reply. As a client Thunderbird, Evolution and Outlook should be used. In rare cases maybe mobile clients on iOS and Android. So it is principle possible to have it performant? I asked because I wanted to know if it makes sense to setup a test system for that. speculate ,in an ideal dove server setup, the clients will get your bottlenecks Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] shared mailboxes and indexes
Timo Sirainen t...@iki.fi wrote: On 27.11.2012, at 3.24, Sven Hartge wrote: For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Wouldn't you still need the target users host because this will be dynamic depending on the target user? imapc_host = director Is this director intended to be a 'magic' string or the hostname of the director? Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] shared mailboxes and indexes
El 23/11/12 08:07, Timo Sirainen escribió: On 16.11.2012, at 12.11, Angel L. Mateo wrote: We are deploying shared mailboxes in our mail system. We are running 2.1.9 and mail backend is maildir. As described at http://wiki.dovecot.org/SharedMailboxes/Shared when shared namespace is configured as namespace shared { separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children } each user accessing this folder has its own index, stored in ~/Maildir/shared/%%u/shared mailbox, hasn't it? Right. Our mail is store in NFS disks so we are very concerned about indexes optimizations (we had performance problems until we got all of our indexes and nfs tunned). So, is there any way so those indexes could be shared for all users (and they always would be updated). If you don't need per-user flags you can just remove the per-user INDEX. If you want per-user flags and want to share indexes, you need the new INDEXPVT option that exists in v2.2 or as a patch to v2.1: http://dovecot.org/patches/2.1/private-index.diff Regarding this... if we'd use dbox instead of maildir, indexes are a really important part of the mailbox and they can't be re-constructed when they are outdated. So, how do shared mailboxes work with dbox backend? Do I have to configure indexes in any particular way? INDEXPVT is a requirement with dbox if you want per-user flags. BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. Oh... sad to read this. I have multiple backend server behind a director one. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
Re: [Dovecot] shared mailboxes and indexes
On 23.11.2012, at 17.53, Sven Hartge wrote: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup. This was me. It works (with one minor quirk, more on this later) in my current test setup like so: a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Note: You CANNOT have ACLs activated on the users-servers, because this will interfere with the permissions of ht IMAPShared namespace, rendering the mailboxes located in there unavailable for your users. And some way to disable ACLs for shared namespaces that use imapc. Not sure what would be a nice way of doing this. The attached patch contains these two changes. The first one I could commit immediately. The second one probably would need to be configurable somehow (maybe a generic disable_acls=yes setting for namespace?) diff Description: Binary data Now the mentioned quirk: Because all connections on the shared-server are made to the same user shared and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value. I set mine to 1000 just to be sure. --- But: I have NOT configured login_trusted_networks, so this may be my error in that case. I don't think that setting helps.
Re: [Dovecot] shared mailboxes and indexes
On 27.11.2012, at 3.00, Timo Sirainen wrote: Now the mentioned quirk: Because all connections on the shared-server are made to the same user shared and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value. I set mine to 1000 just to be sure. --- But: I have NOT configured login_trusted_networks, so this may be my error in that case. I don't think that setting helps. But something like this should help: remote 10.0.0.0/8 { mail_max_userip_connections = 0 }
Re: [Dovecot] shared mailboxes and indexes
Timo Sirainen t...@iki.fi wrote: On 23.11.2012, at 17.53, Sven Hartge wrote: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup. This was me. It works (with one minor quirk, more on this later) in my current test setup like so: a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Wouldn't you still need the target users host because this will be dynamic depending on the target user? Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] shared mailboxes and indexes
On 27.11.2012, at 3.24, Sven Hartge wrote: For implementing shared mailboxes between all user servers, I think what would need to be developed is: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared Somehow being able to set imapc_user = %%u where %%u expands to the shared namespace's username. Or maybe setting the imapc_user automatically to that when accessing it via type=shared namespace. Wouldn't you still need the target users host because this will be dynamic depending on the target user? imapc_host = director Also the database of which users have mailboxes shared to others would need to be something that all the servers can access. Either via NFS or with SQL backend.
Re: [Dovecot] shared mailboxes and indexes
Il 23/11/2012 08:07, Timo Sirainen ha scritto: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. I'm not happy to hear that, so if today we are running one dovecot server with shared mailbox enabled and tomorrow we will switch to a more complex installation with Director we will be unable to still provide shared mailbox to our customers? -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: [Dovecot] shared mailboxes and indexes
On 23.11.2012, at 13.27, Alessio Cecchi wrote: Il 23/11/2012 08:07, Timo Sirainen ha scritto: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. I'm not happy to hear that, so if today we are running one dovecot server with shared mailbox enabled and tomorrow we will switch to a more complex installation with Director we will be unable to still provide shared mailbox to our customers? You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup.
Re: [Dovecot] shared mailboxes and indexes
Timo Sirainen t...@iki.fi wrote: On 23.11.2012, at 13.27, Alessio Cecchi wrote: Il 23/11/2012 08:07, Timo Sirainen ha scritto: BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes.. I'm not happy to hear that, so if today we are running one dovecot server with shared mailbox enabled and tomorrow we will switch to a more complex installation with Director we will be unable to still provide shared mailbox to our customers? You can't reliably do it if the mailboxes are accessed directly via NFS. The current idea to solve this is to use imapc backend with master users, so the actual mailbox access for each user is always done by only one server. I think someone already managed to configure such a setup. This was me. It works (with one minor quirk, more on this later) in my current test setup like so: a) 1 to X user-servers with the users mailboxes on them b) 1 shared-server with the shared mailboxes on them On the user-servers I have namespace like this: namespace { list = yes location = imapc:~/imapc-shared prefix = IMAPShared/ separator = / subscriptions = no type = public } and a userdb like this: userdb { args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = uid=virtmail gid=virtmail home=/srv/mail/%2MLn/%Ln/ imapc_password=%w quota_rule2=Trash:ignore driver = ldap } Note the imapc_password=%w in the default_fields. This is needed to pass the users login-password to the shared-server. The imapc proxy code is configured like this: imapc_host = m-st-sh-01.example.com imapc_master_user = %u imapc_user = shared This uses the original user as the master-user and a fixed user with the original users password to login into the shared-server. Note: You CANNOT have ACLs activated on the users-servers, because this will interfere with the permissions of ht IMAPShared namespace, rendering the mailboxes located in there unavailable for your users. The shared-storage then uses a static passdb for the user shared: passdb { args = user=shared password=complicatedpasswordhere driver = static } and a static userdb for the virtual-user: userdb { args = uid=virtmail gid=virtmail home=/srv/mail/%Ln driver = static } and additional a passdb for the master users: passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap master = yes pass = yes } which are pulled from LDAP, just like on the user-servers. Now the mentioned quirk: Because all connections on the shared-server are made to the same user shared and are coming from very few IPs (the 1 to X user-servers), you need to set a very high mail_max_userip_connections value. I set mine to 1000 just to be sure. --- But: I have NOT configured login_trusted_networks, so this may be my error in that case. And, a second quirk: You can only offer admin-provided shared folders, your users CANNOT share folders themselves, because there is quite some manual work involved in creating and setting them up on the central shared-server. For example: To provide a Mailbox with the Name Test.3 in IMAPShared I need the following directory structure on m-st-sh-01.example.com: /srv/mail/shared/mdbox/mailboxes/Test.3/ In .../Test.3/ there is the dbox-Mails folder with the indexes and other meta information. The admin needs to create the dovecot-acl file to configure the access permissions: root@m-st-sh-01:/srv/mail/shared/mdbox/mailboxes/Test.3/dbox-Mails# cat dovecot-acl user=gbgr14 lrwstipek user=bbgr99 lrwstipek The users are then able to see those folders as IMAPShared/Test.3/, subscriptions are managed inside the users own subscription file on their respective home server, while flages and tags are shared. Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: [Dovecot] shared mailboxes and indexes
On 16.11.2012, at 12.11, Angel L. Mateo wrote: We are deploying shared mailboxes in our mail system. We are running 2.1.9 and mail backend is maildir. As described at http://wiki.dovecot.org/SharedMailboxes/Shared when shared namespace is configured as namespace shared { separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children } each user accessing this folder has its own index, stored in ~/Maildir/shared/%%u/shared mailbox, hasn't it? Right. Our mail is store in NFS disks so we are very concerned about indexes optimizations (we had performance problems until we got all of our indexes and nfs tunned). So, is there any way so those indexes could be shared for all users (and they always would be updated). If you don't need per-user flags you can just remove the per-user INDEX. If you want per-user flags and want to share indexes, you need the new INDEXPVT option that exists in v2.2 or as a patch to v2.1: http://dovecot.org/patches/2.1/private-index.diff Regarding this... if we'd use dbox instead of maildir, indexes are a really important part of the mailbox and they can't be re-constructed when they are outdated. So, how do shared mailboxes work with dbox backend? Do I have to configure indexes in any particular way? INDEXPVT is a requirement with dbox if you want per-user flags. BTW. Do you have multiple Dovecot backend servers? Director works only when you're not using shared mailboxes..
[Dovecot] shared mailboxes and indexes
Hello, We are deploying shared mailboxes in our mail system. We are running 2.1.9 and mail backend is maildir. As described at http://wiki.dovecot.org/SharedMailboxes/Shared when shared namespace is configured as namespace shared { separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children } each user accessing this folder has its own index, stored in ~/Maildir/shared/%%u/shared mailbox, hasn't it? Our mail is store in NFS disks so we are very concerned about indexes optimizations (we had performance problems until we got all of our indexes and nfs tunned). So, is there any way so those indexes could be shared for all users (and they always would be updated). Regarding this... if we'd use dbox instead of maildir, indexes are a really important part of the mailbox and they can't be re-constructed when they are outdated. So, how do shared mailboxes work with dbox backend? Do I have to configure indexes in any particular way? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
Re: [Dovecot] Shared Mailboxes in a multi domain environment
Il 17/09/2012 14:44, Timo Sirainen ha scritto: So, why don't provide a way to restrict shared mailboxes also for dict in SQL? One way could be to add to user_shares table a column domains which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a WHERE %n = domain for the SELECT. If you don't include %d as part of the shared namespace prefix you already restrict the users sharing within same domain, no need for extra SQL WHEREs. Good, after change my shared namespace from namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } to namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ ## =- change %u to %n separator = / subscriptions = no type = shared } shared mailboxes have become available only inside the same domains. Thanks! -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
[Dovecot] Shared Mailboxes in a multi domain environment
Hi, I would like to enable mailbox sharing for my users. I'm using dovecot 2.1.9 with vpopmail authentication. For security reason shared mailboxes should be available only for users of the same domain. Dovecot's wiki suggest to enable acl like this: plugin { # assumes mailboxes are in /var/mail/%d/%n: acl_shared_dict = file:/var/mail/%d/shared-mailboxes.db } but in vpopmail, and also in many others configuration, mailboxes are, for example, in /var/mail/nas1/%d, /var/mail/nas2/%d and so on, so it's difficult to restrict shared mailboxes available only for the same domain. A trick could be set acl_shared_dict to /var/mail/%d-shared-mailboxes.db, but I don't know if it's safe on an NFS environment. So, why don't provide a way to restrict shared mailboxes also for dict in SQL? One way could be to add to user_shares table a column domains which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a WHERE %n = domain for the SELECT. Are there other possible solutions? Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: [Dovecot] Shared Mailboxes in a multi domain environment
On 17.9.2012, at 10.09, Alessio Cecchi wrote: I would like to enable mailbox sharing for my users. I'm using dovecot 2.1.9 with vpopmail authentication. For security reason shared mailboxes should be available only for users of the same domain. Dovecot's wiki suggest to enable acl like this: plugin { # assumes mailboxes are in /var/mail/%d/%n: acl_shared_dict = file:/var/mail/%d/shared-mailboxes.db } but in vpopmail, and also in many others configuration, mailboxes are, for example, in /var/mail/nas1/%d, /var/mail/nas2/%d and so on, so it's difficult to restrict shared mailboxes available only for the same domain. A trick could be set acl_shared_dict to /var/mail/%d-shared-mailboxes.db, but I don't know if it's safe on an NFS environment. As long as all the servers have access to the file it doesn't matter where it is. You could even do something like /var/mail/nas1/shared-dict/%d.db So, why don't provide a way to restrict shared mailboxes also for dict in SQL? One way could be to add to user_shares table a column domains which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a WHERE %n = domain for the SELECT. If you don't include %d as part of the shared namespace prefix you already restrict the users sharing within same domain, no need for extra SQL WHEREs.
Re: [Dovecot] Shared mailboxes with dovecot problem service=lib-storage
On 28.3.2012, at 11.57, Tomislav Mihalicek wrote: Could someone explain what this strings mean in dovecot 2.1.3 debug log? Mar 27 11:18:11 cartman dovecot: auth: Debug: master in: USER 1 te...@example.net service=lib-storage Mar 27 11:18:11 cartman dovecot: auth: Debug: master in: USER 2 te...@example.net service=lib-storage Dovecot is asking a user's home directory via userdb lookup. Looks like your userdb isn't returning a home directory. There should be an error message about it?
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
On 09/08/2011 03:07 PM, Timo Sirainen wrote: On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote: yes, my virtual users have separate directories for home and mail. Their locations are stored in ldap attributes (with random generated paths), so a flat scheme like /var/maildr/%%u isn't valid. Sorry, you're out of luck with that kind of a setup. Only the %%h can look up a home directory from LDAP. Maybe some day in future there will be other variables that can be looked up. and how to I might configure dovecot to use the mail directory as a subdirectory of the home directory? this way all lookups for home (with %%h fetched from ldap) will return the correct locationand mail will be in (i.e.) ~/mailSubDir is this configuration possible?
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote: and how to I might configure dovecot to use the mail directory as a subdirectory of the home directory? this way all lookups for home (with %%h fetched from ldap) will return the correct locationand mail will be in (i.e.) ~/mailSubDir is this configuration possible? In the main dovecot.conf: mail_location = maildir:~/mailSubDir In the ldap-config: user_attrs = homeFilter=home -jf
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
(I'm sorry for breaking the thread with each mail) On 09/09/2011 10:04 AM, Jan-Frode Myklebust wrote: On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote: and how to I might configure dovecot to use the mail directory as a subdirectory of the home directory? this way all lookups for home (with %%h fetched from ldap) will return the correct locationand mail will be in (i.e.) ~/mailSubDir is this configuration possible? In the main dovecot.conf: mail_location = maildir:~/mailSubDir In the ldap-config: user_attrs = homeFilter=home and which is the value for the location directive in namespace declaration ?? namespace { list = children location = maildir:%%h/mailSubDir:INDEX=~/mailSubDIr/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } with the above conf. no shared folders are seen by tests users and afaik %%h is retrieved from ldap. this is that I had done until now: # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. . login user001 secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME . create INBOX.docs-user001 . OK Create completed. . setacl INBOX.docs-user001 user002 lr . OK Setacl complete. . logout * BYE Logging out . OK Logout completed. Connection closed by foreign host. # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. . login user002 secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME . create INBOX.docs-user002 . OK Create completed. . setacl INBOX.docs-user002 user001 lr . OK Setacl complete. . logout * BYE Logging out . OK Logout completed. Connection closed by foreign host. # cat /var/maildir/shared-mailboxes shared/shared-boxes/user/user002/user001 1 shared/shared-boxes/user/user002/user002 1 shared/shared-boxes/user/user001/user001 1 shared/shared-boxes/user/user001/user002 1 # cat /var/maildir/vol04/4/46/user001/.docs-user001/dovecot-acl user=user002 lr # cat /var/maildir/vol05/4/40/user002/.docs-user002/dovecot-acl user=user001 lr # telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. . login user001 secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in . namespace * NAMESPACE ((INBOX. .)) ((shared. .)) NIL . OK Namespace completed. . list shared. * . OK List completed. /--/ # grep ^[^#] /etc/dovecot/dovecot-ldap.conf.ext uris = ldap://ldap.example.com dn = cn=testuser,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home user_filter = ((objectClass=CourierMailAccount)(uid=%u)) pass_filter = ((objectClass=CourierMailAccount)(uid=%u)) # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ disable_plaintext_auth = no mail_debug = yes mail_fsync = always mail_gid = 5000 mail_location = maildir:~/mailSubDir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { inbox = yes location = prefix = INBOX. separator = . } namespace { list = children location = maildir:%%h/mailSubDir:INDEX=~/mailSubDir/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/maildir/shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service lmtp { inet_listener lmtp { port = 24 } unix_listener lmtp { user = vmail } } ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { mail_plugins = acl }
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
and for the time that user001 execute the imap 'list' command, this is the log trace in dovecot: Sep 9 13:09:12 imap1 dovecot: imap(user001): Debug: Namespace : type=shared, prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/mailSubDir:INDEX=~/mailSubDir/shared/%u Sep 9 13:09:12 imap1 dovecot: imap(user001): Debug: shared: root=/var/run/dovecot/, index=, control=, inbox=, alt= [...] Sep 9 13:10:44 imap1 dovecot: auth: Debug: master in: USER 1 user002 service=lib-storage Sep 9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): user search: base=dc=example,dc=com scope=subtree filter=((objectClass=CourierMailAccount)(uid=user002)) fields=mailbox,homeFilter Sep 9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): result: mailbox(mail=maildir:/var/maildir/%$)=vol05/4/40/user002 homeFilter(home)=/var/mailfilter/vol05/4/40/user002 Sep 9 13:10:44 imap1 dovecot: auth: Debug: master out: USER 1 user002 mail=maildir:/var/maildir/vol05/4/40/user002 home=/var/mailfilter/vol05/4/40/user002 Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: auth input: user002 mail=maildir:/var/maildir/vol05/4/40/user002 home=/var/mailfilter/vol05/4/40/user002 Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: maildir++: root=/var/mailfilter/vol05/4/40/user002/mailSubDir, index=/var/mailfilter/vol04/4/46/user001/mailSubDir/shared/user002, control=, inbox=/var/mailfilter/vol05/4/40/user002/mailSubDir, alt= Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: initializing backend with data: vfile Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: acl username = user001 Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: owner = 0 Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl vfile: Global ACL directory: (none) Sep 9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: Mailbox not in dovecot-acl-list: shared.user002.INBOX
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
Hello, On 09/07/2011 07:22 PM, Timo Sirainen wrote: On 6.9.2011, at 14.27, mailing lists wrote: At this point I need shared mailboxes but since user mail/home locations are ldap attributes, how is it supposed I must configure this for shared mailboxes? for the users' mail/home directories I set this line: user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home Are home dirs and mail dirs related in any way? The only way you can get it working is by using home dirs, e.g.: user_attrs = mailbox=home=/var/maildir/%$ yes, my virtual users have separate directories for home and mail. Their locations are stored in ldap attributes (with random generated paths), so a flat scheme like /var/maildr/%%u isn't valid. for typical (virtual) users the location returned looks like: Sep 8 12:48:33 imap1 dovecot: auth: Debug: ldap(user012,::1): result: mailbox(mail=maildir:/var/maildir/%$)=vol06/1/15/user012 homeFilter(home)=/var/mailfilter/vol06/1/15/user012 ... Sep 8 12:54:50 imap1 dovecot: imap(user012): Debug: maildir++: root=/var/maildir/vol06/1/15/user012, index=, control=, inbox=/var/maildir/vol06/1/15/user012, alt= Then in dovecot.conf: mail_location = maildir:~/ namespace { type = shared separator = / prefix = shared/%%u/ subscriptions = no list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u this is that I see in logs and not shared folders are seen by imap clients: Sep 8 12:57:11 imap1 dovecot: imap(user012): Debug: Namespace : type=shared, prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u Sep 8 12:57:11 imap1 dovecot: imap(user012): Debug: shared: root=/var/run/dovecot/, index=, control=, inbox=, alt= Sep 8 12:57:11 imap1 dovecot: imap(user012): Debug: acl: initializing backend with data: vfile I fail to understand how %%u is retrieved from ldap... /--/ # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ disable_plaintext_auth = no mail_debug = yes mail_fsync = always mail_gid = 5000 mail_location = maildir:~/ mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { inbox = yes location = prefix = INBOX. separator = . } namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared.%%u. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/maildir/shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol imap { mail_max_userip_connections = 100 mail_plugins = acl imap_acl autocreate }
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote: yes, my virtual users have separate directories for home and mail. Their locations are stored in ldap attributes (with random generated paths), so a flat scheme like /var/maildr/%%u isn't valid. Sorry, you're out of luck with that kind of a setup. Only the %%h can look up a home directory from LDAP. Maybe some day in future there will be other variables that can be looked up.
Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
On 6.9.2011, at 14.27, mailing lists wrote: I spend a couple of days configurating a new installation of dovecot 2.0.14 with virtual accounts and NFS storage for maildir home/mail directories. At this point I need shared mailboxes but since user mail/home locations are ldap attributes, how is it supposed I must configure this for shared mailboxes? for the users' mail/home directories I set this line: user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home Are home dirs and mail dirs related in any way? The only way you can get it working is by using home dirs, e.g.: user_attrs = mailbox=home=/var/maildir/%$ Then in dovecot.conf: mail_location = maildir:~/ namespace { type = shared separator = / prefix = shared/%%u/ subscriptions = no list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u Of course, if you're already now using separate home dirs for some stuff, this won't really work.
[Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap
Hello, I spend a couple of days configurating a new installation of dovecot 2.0.14 with virtual accounts and NFS storage for maildir home/mail directories. At this point I need shared mailboxes but since user mail/home locations are ldap attributes, how is it supposed I must configure this for shared mailboxes? for the users' mail/home directories I set this line: user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home creating a namespace like the below one for shared mbx throw a lot of errors: namespace { type = shared separator = / prefix = shared/%%u/ subscriptions = no list = children #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = mailbox=mail=maildir:/var/maildir/%$ } I would like to hear if anyone has this configuration running. Thank you. /--/ uris = ldap://ldap.example.com dn = cn=user,ou=People,dc=example,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = yes ldap_version = 3 base = dc=example,dc=com deref = never scope = subtree user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home user_filter = ((objectClass=CourierMailAccount)(uid=%u)) pass_filter = ((objectClass=CourierMailAccount)(uid=%u)) # dovecot -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain base_dir = /var/run/dovecot/ disable_plaintext_auth = no mail_debug = yes mail_fsync = always mail_gid = 5000 mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = acl mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mmap_disable = yes namespace { list = children location = mailbox=mail=maildir:/var/maildir/%$ prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { inbox = yes location = prefix = INBOX. separator = . } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol imap { mail_max_userip_connections = 100 mail_plugins = acl imap_acl autocreate }
Re: [Dovecot] shared mailboxes
On Wed, 2011-08-03 at 01:33 +0300, Vasil Mikhalenya wrote: 1. How to create a public mailbox - with per user seen flag. In my configuration this flag is shared Currently this is possible only with Maildir (by creating dovecot-shared file). 2. How to share one user mailbox with other users and set up acl. In Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox user2 all ). What way there is to do this in dovecot. doveadm acl set It was no problem with shared mailboxes in cyrus, but I need maildir support. Hmm? Looks like you're using mdbox..: mail_location = mdbox:/var/mail/%1n/%n
[Dovecot] shared mailboxes
Hi all, I've read all documentation that I could find, but I can not understand 2 simple things 1. How to create a public mailbox - with per user seen flag. In my configuration this flag is shared 2. How to share one user mailbox with other users and set up acl. In Cyrus it was very easy( cyradm sam mailbox user1 lrs or sam mailbox user2 all ). What way there is to do this in dovecot. It was no problem with shared mailboxes in cyrus, but I need maildir support. Thank you. # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2 ext3 auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 8 last_valid_uid = 8 mail_debug = yes mail_location = mdbox:/var/mail/%1n/%n mail_plugins = acl mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mdbox_preallocate_space = yes namespace { hidden = no inbox = yes list = yes location = prefix = separator = / type = private } namespace { list = children location = mdbox:/var/mail/%%1n/%%n prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace { location = maildir:/var/mail/public prefix = public/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { driver = pam } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap sieve pop3 service auth { unix_listener auth-client { group = mail mode = 0660 user = Debian-exim } unix_listener auth-userdb { group = mail mode = 0600 user = mail } user = $default_internal_user } service imap-login { process_min_avail = 6 service_count = 0 } ssl_ca = /etc/ssl/private/CA.crt ssl_cert = /etc/ssl/private/w.crt ssl_key = /etc/ssl/private/w.key syslog_facility = local0 userdb { args = uid=mail gid=mail home=/var/mail/%1n/%n allow_all_users=yes driver = static } userdb { args = uid=mail gid=mail home=/var/mail/%1n/%n dovecot driver = passwd } protocol lda { mail_plugins = acl sieve } protocol imap { mail_plugins = acl acl imap_acl } -- Best regards, Vasil Mikhalenya
[Dovecot] Shared mailboxes and acl
Hello, I've finally upgrade to dovecot 2.0.12 and I'm doing some test with shared mailboxes and acl. I've read http://wiki2.dovecot.org/SharedMailboxes/Shared and changed the dovecot config as recommended, I'm using Horde/IMP as imap_acl client Seems that the acl files in user mailbox where updated correctly. I've defined also a shared mailbox dictionary and if I've understood right from the wiki page this file is supposed to be also updated with the imap_acl commands, is this right? In my case this file is never updated, I don't know if this file must have any special format or is a simple text file. Any help will be appreciated Regards Juan C. Blanco
Re: [Dovecot] Shared mailboxes and acl
On 07/05/2011 18:32, Juan C. Blanco wrote: Hello, I've finally upgrade to dovecot 2.0.12 and I'm doing some test with shared mailboxes and acl. I've read http://wiki2.dovecot.org/SharedMailboxes/Shared and changed the dovecot config as recommended, I'm using Horde/IMP as imap_acl client Seems that the acl files in user mailbox where updated correctly. I've defined also a shared mailbox dictionary and if I've understood right from the wiki page this file is supposed to be also updated with the imap_acl commands, is this right? In my case this file is never updated, I don't know if this file must have any special format or is a simple text file. Solved, finally it was a permission problem, I've setup the shared mailbox dict in /var/lib/dovecot/shaed-mailboxes and even I've granted permission to this file to the vamil user there was a problem creating the dotlock when updating the file. I have had to create a directory there and change the owner of it to vmail As I've debug active I was losing the error in the log file. Regards Juan C. Blanco Any help will be appreciated Regards Juan C. Blanco
[Dovecot] Shared mailboxes in dovecot
Hi, i hve a requirement of setting up two folders which should be shared only to selected users only. Pls note that my users are virtual and reside on mysql db. im using maildir as storage. lets assume user A wants to share a folder named shared with user B only. how can i get this done? Regards Jay
Re: [Dovecot] Shared mailboxes in dovecot
Jay Mobile wrote on 11/02/2010: Hi, i hve a requirement of setting up two folders which should be shared only to selected users only. Pls note that my users are virtual and reside on mysql db. im using maildir as storage. lets assume user A wants to share a folder named shared with user B only. how can i get this done? Regards Jay you can find more informations in the Wiki. See: http://wiki2.dovecot.org/SharedMailboxes/Shared http://wiki2.dovecot.org/ACL (These informations are for Dovecot 2.x). You must define a namespace (shared) and create the appropriate acls. An acl looks like user=u...@example.com rl This acl (filename: dovecot-acl) can be stored in the folder you would like to share which means that user u...@example.com can read and list the mailbox. Some IMAP clients supports shared folders so if you configure Dovecot correctly you can manage this within your client software but you can also do this manually. -- Daniel
Re: [Dovecot] Shared mailboxes in dovecot
On 2010-11-02 2:58 AM, Jay Mobile wrote: i hve a requirement of setting up two folders which should be shared only to selected users only. snip lets assume user A wants to share a folder named shared with user B only. how can i get this done? That's about as basic as it gets... did you read the wiki? What exactly are you having trouble with? v1.2: http://wiki.dovecot.org/SharedMailboxes/Shared v2.0: http://wiki2.dovecot.org/SharedMailboxes/Shared -- Best regards, Charles
Re: [Dovecot] Shared mailboxes with dovecot.
On Thu, 2010-08-26 at 16:13 +0300, Mihajlin Evgenij wrote: Hi, first of all for forgive me for my english. I have several questions. 1. There are 2 user/passwd databases in my setup - ldap and mysql. when i login into one user with telnet 127.0.0.1 143 and share inbox to some users - records in dict-file apears? but if i delete some acls - records indict-file stays same. Probably a bug. 2. I see in error.log such errors. can somebody explain what do dovecot list shared folder (what files is looking for, how it see variables %u and %%u, ...) Aug 26 15:44:19 imap(j...@badmltd.dn.ua): Error: Namespace 'shared//': mkdir(/var/run/dovecot/user-not-found/@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) It looks as if it's trying to access an empty user's (@badmltd.dn.ua) mailbox (shared//, it typically should access shared/username/box or something). One annoying thing here is that it even gives this error message when client attempts to access invalid mailboxes. Should fix it some day. Aug 26 15:44:53 imap(ad...@badmltd.dn.ua): Error: Namespace 'shared/shared/': mkdir(/var/run/dovecot/user-not-found/sha...@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) Again, it's trying to access sha...@badmltd.dn.ua user's mails. That user probably doesn't exist either? How are you trying to access these mailboxes? With an imap client? Try testing first by talking IMAP protocol directly and only after that works try IMAP clients. http://wiki2.dovecot.org/TestInstallation gives some commands. Basically you should get these working: a select shared/username/mailbox b list shared/*
Re: [Dovecot] Shared mailboxes with dovecot.
On Thu, 2010-08-26 at 16:13 +0300, Mihajlin Evgenij wrote: mail_location = maildir:/var/spool/vmail/domains/%d/%n/Maildir namespace { location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u These don't match. You're now using home dir in one but not the other. user_attrs = =home=/var/spool/vmail/domains/%d/%n,=mail=/var/spool/vmail/domains/%d/%n/Maildir Also you're here overriding mail_location. To make this simple: - Remove mail=.. from user_attrs - Set mail_location = maildir:~/Maildir
[Dovecot] Shared mailboxes with dovecot.
Hi, first of all for forgive me for my english. I have several questions. 1. There are 2 user/passwd databases in my setup - ldap and mysql. when i login into one user with telnet 127.0.0.1 143 and share inbox to some users - records in dict-file apears? but if i delete some acls - records indict-file stays same. 2. I see in error.log such errors. can somebody explain what do dovecot list shared folder (what files is looking for, how it see variables %u and %%u, ...) Aug 26 15:44:19 imap(j...@badmltd.dn.ua): Error: Namespace 'shared//': mkdir(/var/run/dovecot/user-not-found/@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) Aug 26 15:44:53 imap(ad...@badmltd.dn.ua): Error: Namespace 'shared/shared/': mkdir(/var/run/dovecot/user-not-found/sha...@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) Aug 26 15:44:56 imap(t...@badmltd.dn.ua): Error: Namespace 'shared/shared/': mkdir(/var/run/dovecot/user-not-found/sha...@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) Aug 26 15:46:36 imap(j...@badmltd.dn.ua): Error: Namespace 'shared//': mkdir(/var/run/dovecot/user-not-found/@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) Aug 26 15:48:04 imap(j...@badmltd.dn.ua): Error: Namespace 'shared//': mkdir(/var/run/dovecot/user-not-found/@badmltd.dn.ua) failed: Permission denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, euid is not dir owner) *debug.log*** Aug 26 15:48:03 auth: Debug: master out: USER 1 j...@badmltd.dn.ua home=/var/spool/vmail/domains/badmltd.dn.ua/jack uid=47 gid=12 Aug 26 15:48:03 imap: Debug: Loading modules from directory: /usr/lib/dovecot Aug 26 15:48:03 imap: Debug: Module loaded: /usr/lib/dovecot/lib01_acl_plugin.so Aug 26 15:48:03 imap: Debug: Module loaded: /usr/lib/dovecot/lib02_imap_acl_plugin.so Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: Effective uid=47, gid=12, home=/var/spool/vmail/domains/badmltd.dn.ua/jack Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: maildir++: root=/var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir, index=, control=, inbox=/var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: initializing backend with data: vfile Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: acl username = j...@badmltd.dn.ua Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: owner = 1 Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: Global ACL directory: (null) Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: Namespace : type=shared, prefix=shared/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: shared: root=/var/run/dovecot, index=, control=, inbox= Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: initializing backend with data: vfile Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: acl username = j...@badmltd.dn.ua Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl: owner = 0 Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: Global ACL directory: (null) Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir/.Trash/dovecot-acl not found Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir/.BB4EQgQ,BEAEMAQyBDsENQQ9BD0ESwQ1-/dovecot- acl not found Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir/.Sent/dovecot-acl not found Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir/.BCcENQRABD0EPgQyBDgEOgQ4-/dovecot- acl not found Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: acl vfile: file /var/spool/vmail/domains/badmltd.dn.ua/jack/Maildir/dovecot-acl not found Aug 26 15:48:03 auth: Debug: master in: USER1 za...@badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: sql(za...@badmltd.dn.ua): SELECT home, uid, gid FROM users WHERE id = 'zakaz' AND active = 'Y' Aug 26 15:48:03 auth: Debug: master out: USER 1 za...@badmltd.dn.ua home=/var/spool/vmail/domains/badmltd.dn.ua/zakaz uid=47 gid=12 Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: auth input: za...@badmltd.dn.ua home=/var/spool/vmail/domains/badmltd.dn.ua/zakaz uid=47 gid=12 Aug 26 15:48:03 imap(j...@badmltd.dn.ua): Debug: maildir++: root=/var/spool/vmail/domains/badmltd.dn.ua/zakaz/Maildir,
Re: [Dovecot] Shared mailboxes with dovecot.
Again, what does mean this strings? Aug 26 15:48:03 auth: Debug: master in: USER1 za...@badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: master in: USER2 t...@badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: master in: USER2 t...@badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: master out: USER 2 t...@badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: master in: USER3 @badmltd.dn.ua service=lib-storage Aug 26 15:48:03 auth: Debug: master out: NOTFOUND 3 Why does dovecot iterates it?
Re: [Dovecot] Shared mailboxes errors
On Tue, 03 Aug 2010 23:16:38 +0200 Leander S. wrote: Hi Nikita Koshikov, when I googled for my SERVERBUG which I'm having right now I found your configuration. I'm trying to make use of the antispam plugin as you do. Unfortunately I'm always getting a [SERVERBUG] error mesage with my MTC when I try moving mails. The antispam debug.log doesn't really tell a lot of more: ### Dovecot AntiSpam ### # mail signature (used with any backend requiring a signature) #antispam_signature = X-Spam-Status #antispam_signature_missing = move antispam_mail_sendmail = /usr/local/bin/sa-learn antispam_mail_sendmail_args = --username=%u;--debug;all antispam_mail_spam = --spam antispam_mail_notspam = --ham antispam_mail_tmpdir = /tmp antispam_spam = Spam antispam_unsure = Virus antispam_trash = Trash First of all - what OS is this ? BSD ? And how did you install your spamassassin (ports\compiling from source)? Show your local.cf file (/etc/mail/spamassassin or /usr/local/etc/mail/spamassasin). After reading perldoc Mail::SpamAssassin::Conf add to your local.cf for debugging: bayes_file_mode 0777 bayes_path /tmp/.spamassassin/bayes Create folder /tmp/.spamassassin and set permitions 777. Restart spamd with dovecot and try it. I also read through the sa-learn script but wasn't able to figure out where this number 9 is coming from ;/ ... SIGKILL 9 Term Kill signal - but where from ?! sa-learn has lots of die() function, this should be enough for raising SIGKILL. Do you maybe have any idea? I tried different Dovecot versions already - alwys the same ... Might there maybe somethign wrong with my syntax? Any way - thanks a lot in advance regards If you stuck after all, remember that sa-learn has -D key, it generate tons of output. Create wrapper and run sa-learn with -D keyword from dovecot, save result and have fun.
[Dovecot] Shared mailboxes errors
Hello list, I'm implementing shared mailboxes on live system and after enabling acl plugin I got errors in my log: Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: shared/shared-boxes/anyone/ I have no clue why this happening, users don't know about new functionality they just use imap as before. Also dict database begin to fill up by records like: select * from user_shares; u...@domain.com|ad...@domain.com|1 But user don't use setacl command. Searching for the list gave http://www.dovecot.org/list/dovecot/2009-April/038664.html , but question seemed still open. So, can someone give point how to fix\avoid this ? One more question, on live system it's hard to debug dovecot with mail_debug=yes for all users, can this option be turn on for individual user? or maybe mail_debug stream can be redirected also for individual user ? dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-gentoo-r4 i686 Gentoo Base System release 1.12.13 log_path: /var/log/dovecot/dovecot-error.log info_log_path: /var/log/dovecot/dovecot.log protocols: imaps pop3s managesieve ssl_cert_file: /etc/ssl/dovecot/imaps.crt ssl_key_file: /etc/ssl/dovecot/imaps.key login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_greeting: Server ready. login_processes_count(default): 50 login_processes_count(imap): 50 login_processes_count(pop3): 5 login_processes_count(managesieve): 5 login_max_processes_count: 2048 max_mail_processes: 2048 mail_max_userip_connections(default): 25 mail_max_userip_connections(imap): 25 mail_max_userip_connections(pop3): 10 mail_max_userip_connections(managesieve): 10 first_valid_uid: 8 last_valid_uid: 8 first_valid_gid: 12 last_valid_gid: 12 mail_drop_priv_before_exec: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota trash expire zlib autocreate virtual antispam acl imap_acl mail_plugins(imap): quota imap_quota trash expire zlib autocreate virtual antispam acl imap_acl mail_plugins(pop3): quota virtual mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: / location: maildir:~/data inbox: yes list: yes subscriptions: yes namespace: type: private separator: / prefix: Company/ location: virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++ hidden: yes list: yes namespace: type: shared separator: / prefix: shared/%%u/ location: maildir:%%h/data:INDEX=%h/shared/%%u list: children lda: postmaster_address: postmas...@domain.com hostname: mail.domain.com mail_plugins: quota trash expire sieve virtual acl quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot/dovecot-deliver.log info_log_path: /var/log/dovecot/dovecot-deliver.log auth default: mechanisms: plain login default_realm: domain.com cache_size: 10240 cache_negative_ttl: 0 user: dovecot_auth username_format: %Lu master_user_separator: * worker_max_count: 50 passdb: driver: passwd-file args: /etc/dovecot/passdb/master.pwd master: yes passdb: driver: passwd-file args: /etc/dovecot/passdb/users.pwd passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: prefetch userdb: driver: passwd-file args: /etc/dovecot/passdb/users.pwd userdb: driver: ldap args: /etc/dovecot/dovecot-userdb-ldap.conf socket: type: listen client: path: /var/run/dovecot/auth-client mode: 432 user: mail group: dovecot_auth master: path: /var/run/dovecot/auth-master mode: 384 user: mail group: mail plugin: quota_warning: storage=90%% /etc/dovecot/plugins/quota_warning.sh 90 quota: maildir:Mailbox quota quota_rule: *:storage=500M quota_rule2: Trash:storage=10%% acl: vfile:/etc/dovecot/acl:cache_secs=3600 acl_shared_dict: proxy::acl trash: /etc/dovecot/plugins/dovecot-trash.conf expire: Trash 30 Spam 30 expire_dict: proxy::expire autocreate: Drafts autocreate2: Sent autocreate3: Spam
Re: [Dovecot] Shared mailboxes errors
On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote: Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: shared/shared-boxes/anyone/ I think the wiki sql configuration was written/tested by someone who got the same errors, but ignored them.. You need to provide also a mapping for this. Maybe something like: map { pattern = shared/shared-boxes/anyone/$from table = anyone_shares value_field = dummy fields { from_user = $from } } or maybe to your existing table (just don't have a user called anyone): map { pattern = shared/shared-boxes/user/anyone/$from table = user_shares value_field = dummy fields { from_user = $from } } I have no clue why this happening, users don't know about new functionality they just use imap as before. Also dict database begin to fill up by records like: select * from user_shares; u...@domain.com|ad...@domain.com|1 But user don't use setacl command. I think the dict is rebuilt sometimes when ACLs change (or if dovecot-acl-list file is rebuilt for some other reason). This code isn't really optimized yet and it might be rebuilding them unnecessarily..
Re: [Dovecot] Shared mailboxes errors
On Thu, 17 Jun 2010 14:57:08 +0100 Timo Sirainen wrote: On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote: Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: shared/shared-boxes/anyone/ I think the wiki sql configuration was written/tested by someone who got the same errors, but ignored them.. You need to provide also a mapping for this. Maybe something like: map { pattern = shared/shared-boxes/anyone/$from table = anyone_shares value_field = dummy fields { from_user = $from } } or maybe to your existing table (just don't have a user called anyone): map { pattern = shared/shared-boxes/user/anyone/$from table = user_shares value_field = dummy fields { from_user = $from } } Thanks for your reply, Timo. Is any documentation avail about mapping or can you describe it briefly here ?
Re: [Dovecot] Shared mailboxes
On Tue, May 18, 2010 at 08:07:57AM -0300, Marcio Merlone wrote: Em 14-05-2010 12:45, spamv...@googlemail.com escreveu: can anyone give me a hind how to setup shared mailboxes. I've already created the shared and private namespace. But ive no idea how to share a mailbox. Thunderbird and most other Clients seem not to support the setacl command. Yeah, I found that too. My solution was to learn IMAP, telnet in, and run the SETACL commands myself. Matthew
Re: [Dovecot] Shared mailboxes
On 18.5.2010, at 13.10, Matthew Sackman wrote: But ive no idea how to share a mailbox. Thunderbird and most other Clients seem not to support the setacl command. Yeah, I found that too. My solution was to learn IMAP, telnet in, and run the SETACL commands myself. Yes, that's currently the best solution. For v2.0 perhaps I'll create doveadm acl set command. That would still work in a similar way though, so it's not all that much better than IMAP.
Re: [Dovecot] Shared mailboxes
On 2010-05-18 7:16 AM, Timo Sirainen wrote: On 18.5.2010, at 13.10, Matthew Sackman wrote: But ive no idea how to share a mailbox. Thunderbird and most other Clients seem not to support the setacl command. Yeah, I found that too. My solution was to learn IMAP, telnet in, and run the SETACL commands myself. Yes, that's currently the best solution. For v2.0 perhaps I'll create doveadm acl set command. That would still work in a similar way though, so it's not all that much better than IMAP. The good news is Thunderbird is implementing this now: https://bugzilla.mozilla.org/show_bug.cgi?id=522954 Not sure if there is a build available for testing though... Hopefully they will implement it 'correctly' (according to RFCs)... -- Best regards, Charles
Re: [Dovecot] Shared mailboxes
Em 14-05-2010 12:45, spamv...@googlemail.com escreveu: can anyone give me a hind how to setup shared mailboxes. I've already created the shared and private namespace. But ive no idea how to share a mailbox. Thunderbird and most other Clients seem not to support the setacl command. so do i have to create a plaintext file with user=theldapuseriwanttosharemybox rw ? It seems no one uses shared folder, or people don't like questions about that. If you find the answer somewhere pls mail the list for the records of searches. -- Marcio Merlone
[Dovecot] Shared mailboxes
Hi.. can anyone give me a hind how to setup shared mailboxes. I've already created the shared and private namespace. But ive no idea how to share a mailbox. Thunderbird and most other Clients seem not to support the setacl command. so do i have to create a plaintext file with user=theldapuseriwanttosharemybox rw ? thx Hans
Re: [Dovecot] Shared mailboxes unix permissions
On Wed, 2010-03-31 at 19:40 +0200, Thomas Hummel wrote: Everything gets created with the permission I was expecting, except : -rw--- 1 doveimap doveshared 8 Mar 31 18:47 /courriel/meta/doveimap/dovecot-uidvalidity -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4 This has been fixed in v2.0. But they're not all that important, so you can probably just ignore them. -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /var/dovecot-test/dict/shared-mailboxes This file is created only once. You can change its permissions and they're preserved afterward. But yeah, its initial permissions should be taken from parent directory. Fixed in v2.0: http://hg.dovecot.org/dovecot-2.0/rev/b3947e64546a signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes unix permissions
On Wed, Mar 31, 2010 at 07:40:29PM +0200, Thomas Hummel wrote: Hello Timo, I'm running dovecot-1.2.11/Maildir and plan to migrate to single UID mailboxes some day, but for now, I've got system users and I'm testing permissions handling in order to set up shared mailboxes. The private namespace mailboxes location is location = maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot-test/indexes/%1u/%u I've . created a 'doveshared' unix group . added 'mail_access_groups = doveshared' . chmod/chgrp the maildir and control dirs like this : drwxrws--- 7 doveimap doveshared 4096 Mar 31 18:47 /courriel/boites/doveimap drwxrws--- 5 doveimap doveshared 4096 Mar 31 18:47 /courriel/meta/doveimap [which were empty] . added 'acl_shared_dict = file:/var/dovecot-test/dict/shared-mailboxes' with drwxrwxs-- 2 root doveshared 512 Mar 31 18:44 /var/dovecot-test/dict [which were empty] Everything gets created with the permission I was expecting, except : -rw--- 1 doveimap doveshared 8 Mar 31 18:47 /courriel/meta/doveimap/dovecot-uidvalidity -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4 and -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /var/dovecot-test/dict/shared-mailboxes I can't see the explanation in http://wiki.dovecot.org/SharedMailboxes/Permissions and the 'dovecot-shared' file doesn't help (besides, my understanding is that in 1.2x, it's for backward compatibility reason). Any idea ? Timo ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes unix permissions
On Fri, Apr 09, 2010 at 11:17:26AM +0200, Thomas Hummel wrote: and the 'dovecot-shared' file doesn't help (besides, my understanding is that in 1.2x, it's for backward compatibility reason). Which makes me wonder : does the dovecot-shared file still control, with 1.2x/Maildir/shared namespaces/ where the flags are stored (in other words, can we have shared-mailboxes with private \Seen flags for instance) ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
[Dovecot] Shared mailboxes unix permissions
Hello Timo, I'm running dovecot-1.2.11/Maildir and plan to migrate to single UID mailboxes some day, but for now, I've got system users and I'm testing permissions handling in order to set up shared mailboxes. The private namespace mailboxes location is location = maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot-test/indexes/%1u/%u I've . created a 'doveshared' unix group . added 'mail_access_groups = doveshared' . chmod/chgrp the maildir and control dirs like this : drwxrws--- 7 doveimap doveshared 4096 Mar 31 18:47 /courriel/boites/doveimap drwxrws--- 5 doveimap doveshared 4096 Mar 31 18:47 /courriel/meta/doveimap [which were empty] . added 'acl_shared_dict = file:/var/dovecot-test/dict/shared-mailboxes' with drwxrwxs-- 2 root doveshared 512 Mar 31 18:44 /var/dovecot-test/dict [which were empty] Everything gets created with the permission I was expecting, except : -rw--- 1 doveimap doveshared 8 Mar 31 18:47 /courriel/meta/doveimap/dovecot-uidvalidity -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4 and -rw--- 1 doveimap doveshared 0 Mar 31 18:44 /var/dovecot-test/dict/shared-mailboxes I can't see the explanation in http://wiki.dovecot.org/SharedMailboxes/Permissions and the 'dovecot-shared' file doesn't help (besides, my understanding is that in 1.2x, it's for backward compatibility reason). Any idea ? Thanks -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] shared mailboxes, mkdir_parents problem
Leo Unglaub leo.unglaub at gmail.com writes: Hi Friends, i have a little problem with my Dovecot installation. The normal installation works very well and now i have to configurate dovecot that all member from a domain can access all mailboxes from this domain. mail_location: maildir:/var/mail/%d/%n namespace: type: shared separator: / prefix: shared/mitarbeiter/%%n/ location: maildir:/var/mails/e-c-o.at/%%n:INDEX=/tmp/%%n Hallo Leo What i have seen is, that the path in maillocations points to /var/mail/../.. the path in the shared maildir point to / var/mail(s)/../.. that doesn't work
Re: [Dovecot] shared mailboxes, mkdir_parents problem
On Mon, 2010-03-22 at 14:38 +0100, Leo Unglaub wrote: 2010-03-18 10:03:04 IMAP(unglaub): Error: mkdir_parents(/var/mails/e-c-o.at/kirchmeir) failed: Permission denied .. mail_location: maildir:/var/mail/%d/%n .. location: maildir:/var/mails/e-c-o.at/%%n:INDEX=/tmp/%%n /var/mail/ vs. /var/mails/? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] shared mailboxes, mkdir_parents problem
Leo Unglaub leo.unglaub at gmail.com writes: Hi Friends, i have a little problem with my Dovecot installation. The normal installation works very well and now i have to configurate dovecot that all member from a domain can access all mailboxes from this domain. I configurate the shared namespace and set the IMAP ACL Flag but i can't abonement the other mailboxes. How did you do this? Edit the file or with GETACL SETACL? Have you the shared Folder visible? What Mailclient you use? Have you subscreibe the Folder to the Listbox?
Re: [Dovecot] Shared mailboxes basics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Mar 2010, Thomas Hummel wrote: Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? I tried to hack some magic into Dovecot v1.2, in order to use system users with the default 0700 perms and ACLs. My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group doveshared, then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere. In fact, I was not able to find a reliable way to get the Unix-permissions right for new mails. Maybe this was because I didn't set .dovecot-shared or the Unix-permission of the Maildir base directory right. I also got fchown() errors for shared mailboxes with write access to non-owners. Because of this I dropped the idea to use system users with ACLs. Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working reliable, when mails are dropped with Deliver and APPEND, and when the MUA creates new (sub-)folders? Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6c3nL+Vh58GPL/cAQIjBgf+IS5agBER7xrbNiHtxe+UPq3Xm4coeGAH DAYsvhATIDoc26knA/NAaCf2ypH+QmddelhIkFhPy+JRLa9qmWd69W9/FRw8x8pe Cpauds/Lwh/iH+apybECB4z5sQ6NZPYZoHJeEidKI/MZeaFnULO2ZDBVcSLK5X14 SmZC2Ji4plz8QPIRa671ZkTmAItViTBho8KTIDny/eJdFX6Acz0L6kLLUek7LrhW 4WpJCPfJ4+lTJE5Zjr7INZiX/2QXW7wp24/sq1j2C9Sd0fZawN3J45a3AKtcx1QW LsfXH1J6FpvaLfNg+uIesYxwuACwbeWoMm0CZLyjgPnfXOGLErECuA== =5dks -END PGP SIGNATURE-
Re: [Dovecot] Shared mailboxes basics
On 22.3.2010, at 11.25, Steffen Kaiser wrote: On Fri, 19 Mar 2010, Thomas Hummel wrote: Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? I tried to hack some magic into Dovecot v1.2, in order to use system users with the default 0700 perms and ACLs. My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group doveshared, then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere. Yes, this is what I originally meant with it's more difficult for system users. In fact, I was not able to find a reliable way to get the Unix-permissions right for new mails. Maybe this was because I didn't set .dovecot-shared or the Unix-permission of the Maildir base directory right. The new files copy the permissions from the mailbox's root directory (and when mailbox directory is created, its permissions are copied from maildir root). So you should basically do something like: find /mails -type d | chgrp doveshared find /mails -type d | chmod 0770 I also got fchown() errors for shared mailboxes with write access to non-owners. Well, this I'm not sure about.. I think fchown() is only called when new files are created. So I guess the process didn't belong to doveshared group? (mail_extra_groups=doveshared would help) Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working reliable, when mails are dropped with Deliver and APPEND, and when the MUA creates new (sub-)folders? It should work the same as with 0770, i.e. permissions are copied the same way.
Re: [Dovecot] Shared mailboxes basics
On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote: My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group doveshared, then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere. So basically, you get to the single UID virtual users solution but with GID, right ? Do you mean your maildirs are all in 0770 user doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working reliable, when mails are dropped with Deliver and APPEND, and when the MUA creates new (sub-)folders? Well, it was still a theorical question. I haven't really tried anything yet. Also, I'm not using deliver (I know I should) but procmail. But since for me mail_location is not accessible for users by anything else than IMAP, loose permissions may not be such a critical issue... Besides, I was thinking of creating as many groups (similar in purpose to your doveshared one) as needs to share a mailbox, if and only if I could somehow restrict (politically I mean) the use of shared mailboxes to privileged users (for instance a unit chief and his assistant, ...). Not really scalable I'm afraid though -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Mon, 2010-03-22 at 11:05 +0100, Thomas Hummel wrote: On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote: My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group doveshared, then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere. Oh, I got mixed you two up in my previous reply :) So basically, you get to the single UID virtual users solution but with GID, right ? Do you mean your maildirs are all in 0770 user doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? You don't need to put all users into doveshared group. You just need to set mail_extra_groups=doveshared, so only Dovecot processes have such extra access. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Mar 2010, Timo Sirainen wrote: their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? I don't have any other access than IMAP. You don't need to put all users into doveshared group. You just need to set mail_extra_groups=doveshared, so only Dovecot processes have such extra access. Ah, OK, that's worth trying. My problems actually were related to the problem that either new messages or new folders were not chgrp()'ed to doveshared. However, my idea was to selectively chgrp shared folders only. I will dig again into this problem eventually, currently I ditched my test server. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6dpGL+Vh58GPL/cAQLLXQf/dYbKnm8w+C7rOK2wAyEMxjko/ITp9TjJ 4bFH4cT/lD9KN3Rt6q2tg1f6kTbA9ROGUdAmZ1892eUh83xy58D02nNnjGZ/1Wvj hrcopEqFqWnNSSZAYfuNPcmDLz4tqBT3sknuxavI95hOmb+AMuizC7rWEWpO3SqQ 69P+tqEiqwZeY4fuAfNVnaKU5vDU5I+XloBuVyv/dUVzC2H6oOldSsS5Lwx32aNR 3diXnR1g3g+f/x5AscwoVDhleQGifircOfId2pZMY3r5ZmF1Wl9fI7Psv0rp+B3q R0EKq0j+4PdpSVRNiqhMQsR2UVF0FdoB3dC0fpZdK/OvnTA/VOMGCw== =5Pgl -END PGP SIGNATURE-
Re: [Dovecot] Shared mailboxes basics
On Mon, Mar 22, 2010 at 02:47:45PM +0200, Timo Sirainen wrote: Do you mean your maildirs are all in 0770 user doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? You don't need to put all users into doveshared group. You just need to set mail_extra_groups=doveshared, so only Dovecot processes have such extra access. You lost me again : what's the use of the userdb acl_groups extra-field then ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
[Dovecot] shared mailboxes, mkdir_parents problem
Hi Friends, i have a little problem with my Dovecot installation. The normal installation works very well and now i have to configurate dovecot that all member from a domain can access all mailboxes from this domain. I configurate the shared namespace and set the IMAP ACL Flag but i can't abonement the other mailboxes. I get a error in the logs: 2010-03-18 10:03:04 IMAP(unglaub): Info: maildir: data=/var/mails/e-c-o.at/kirchmeir:INDEX=/var/mails/e-c-o.at/shared/mitarbeiter/kirchmeir 2010-03-18 10:03:04 IMAP(unglaub): Info: maildir++: root=/var/mails/e-c-o.at/kirchmeir, index=/var/mails/e-c-o.at/shared/mitarbeiter/kirchmeir, control=, inbox=/var/mails/e-c-o.at/kirchmeir 2010-03-18 10:03:04 IMAP(unglaub): Info: acl: initializing backend with data: vfile:/etc/dovecot-acl 2010-03-18 10:03:04 IMAP(unglaub): Info: acl: acl username = unglaub 2010-03-18 10:03:04 IMAP(unglaub): Info: acl: owner = 0 2010-03-18 10:03:04 IMAP(unglaub): Info: acl vfile: Global ACL directory: /etc/dovecot-acl 2010-03-18 10:03:04 IMAP(unglaub): Info: acl vfile: file /etc/dovecot-acl//.DEFAULT not found 2010-03-18 10:03:04 IMAP(unglaub): Info: Namespace shared/mitarbeiter/kirchmeir/: Permission lookup failed from /var/mails/e-c-o.at/kirchmeir 2010-03-18 10:03:04 IMAP(unglaub): Info: Namespace shared/mitarbeiter/kirchmeir/: Using permissions from /var/mails/e-c-o.at/kirchmeir: mode=0700 gid=-1 2010-03-18 10:03:04 IMAP(unglaub): Error: mkdir_parents(/var/mails/e-c-o.at/kirchmeir) failed: Permission denied In this case the User ungl...@e-c-o.at try to access the mailbox kirchm...@e-c-o.at. My config looks like this: mail:~# dovecot -n # 1.2.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.30-bpo.1-amd64 x86_64 Debian 5.0.4 ext3 log_path: /var/log/dovecot/dovecot.log log_timestamp: %Y-%m-%d %H:%M:%S disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_uid: 501 mail_gid: 501 mail_location: maildir:/var/mail/%d/%n mail_debug: yes maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_plugins: acl imap_acl namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/mitarbeiter/%%n/ location: maildir:/var/mails/e-c-o.at/%%n:INDEX=/tmp/%%n list: children lda: postmaster_address: postmas...@e-c-o.at mail_plugins: acl auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/dovecot/dovecot-deliver-errors.log info_log_path: /var/log/dovecot/dovecot-deliver.log auth default: default_realm: e-c-o.at passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: dovecot-data group: dovecot-data plugin: acl: vfile:/etc/dovecot-acl acl_shared_dict: file:/var/mail/%d/shared-mailboxes.db Do you have any idea why my setup isn't working correct? My users are stored in a LDAP (openLDAP) Server and the login works very well. For completion i post the LDAP-File to. mail:~# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf hosts = 192.168.1.230 dn = cn=ldapadmin,dc=e-c-o,dc=net dnpass = ldap_version = 3 base = ou=smbUser,ou=dc,ou=at,dc=e-c-o,dc=net scope = subtree user_filter = ((objectClass=posixAccount)(uid=%n)) user_attrs = mail=mail pass_filter = ((objectClass=posixAccount)(uid=%n)) pass_attrs = uid=user,userPassword=password,\ homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid default_pass_scheme = CRYPT Thank you very much. Greetings from Austria Leo
Re: [Dovecot] Shared mailboxes basics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Mar 2010, Thomas Hummel wrote: On Mon, Mar 22, 2010 at 02:47:45PM +0200, Timo Sirainen wrote: Do you mean your maildirs are all in 0770 user doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? You don't need to put all users into doveshared group. You just need to set mail_extra_groups=doveshared, so only Dovecot processes have such extra access. You lost me again : what's the use of the userdb acl_groups extra-field then ? acl_groups is for the logical ACLs in Dovecot and is just a name, it relates to nothing in the Unix world. mail_extra_groups= is an Unix group, the Dovecot processes gets as secondary group. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6dy67+Vh58GPL/cAQJGtQgAttzmmE6hOamBLfedG1IJNJaHrxXbYnvZ 3lRsg+h0pNzzRG21Pvcu2zsfYkT6Y8FZbR9yB57cE1qQ3kPyk+ZztN2d6UAozbVL SDFG+tMpKQqHRR4zaj9zLUpd8SE81Zceo0tga8zVTiGtAWFrTu9vWuzQP9HsrWRO lssxuvbGt3Vq4iAcR2tP3cZXCJP/jlKW+rSbbgGVTz1tJ6DvTkHL47CsZdwRE1Qk usf7hNbDtoBLzUrQcoWFwBNSrD27JOPksEP2ulAf9UQFed9MJ7ekB6EYnVuxgtO9 sJ6btiWlx595x3OukGoet0EZF68x9PdwOvPZbrsO6U1hxcr+H8wQxg== =ElAf -END PGP SIGNATURE-
Re: [Dovecot] Shared mailboxes basics
On Mon, 2010-03-22 at 14:34 +0100, Thomas Hummel wrote: You lost me again : what's the use of the userdb acl_groups extra-field then ? That only adds user to given ACL groups for ACL plugin's checks. ACL plugin deals only with virtual permissions, acl_groups has nothing to do with filesystem permissions. If user doesn't already have enough filesystem permissions to access some mailbox, ACL plugin won't grant them either. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Mon, Mar 22, 2010 at 03:40:23PM +0200, Timo Sirainen wrote: On Mon, 2010-03-22 at 14:34 +0100, Thomas Hummel wrote: You lost me again : what's the use of the userdb acl_groups extra-field then ? That only adds user to given ACL groups for ACL plugin's checks. ACL plugin deals only with virtual permissions, acl_groups has nothing to do with filesystem permissions. If user doesn't already have enough filesystem permissions to access some mailbox, ACL plugin won't grant them either. Ok. So basically, independently of ACL groups, the idea is to . chgrp all maildirs to some unix group (doveshared) . chmod 0770 those maildirs . add that group to mail_extra_groups . so dovecot would be able to access any shared mailboxes (from anyone to anyone) correct ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Mon, 2010-03-22 at 14:56 +0100, Thomas Hummel wrote: So basically, independently of ACL groups, the idea is to . chgrp all maildirs to some unix group (doveshared) . chmod 0770 those maildirs . add that group to mail_extra_groups . so dovecot would be able to access any shared mailboxes (from anyone to anyone) correct ? Yes. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Mon, Mar 22, 2010 at 03:59:02PM +0200, Timo Sirainen wrote: Yes. Ok, I was complicating things then : I was using the system_groups_user extra-field and a secondary doveshared unix group. But the question now is when to use mail_extra_groups and when to use the system_groups_user extra-field ? As I see it now, system_groups_user gives finer grain control since it's on a user basis. -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Thu, Mar 18, 2010 at 05:50:44PM +0100, Thomas Hummel wrote: But isn't a client like Thunderbird (3.0.3) supposed to . show me the #shared (even if no one shares mailboxes to me) folder (because of list = yes )? . let me share, let's say the .sous.arbo mailbox ? If yes, how ? Or should I first pre-set some acl files ??? For now, it says : This is a personnal mail folder. It is not shared. I made some progress and managed to share a mailbox with my setup but : a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. b) For things to work, I had to set up loose permissions on the maildirs and the shared-mailbox file. I've read on this list (from the 1.2 beta days) that it is supposed to be easier with virtual user (as opposed to system users) : why ? mailboxes end up being on the filesystem anyway... In fact, I don't really understand the difference between virtual and system users...Aren't they seen as almost the same for dovecot ? c) What's weird also is if I put a dovecot-acl file in a maildir I want to share, TB does not see it. But if I telnet and issue the SETACL command which end up generating the same dovecot-acl file, TB then sees the shared mailbox... Timo ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 17:27 +0100, Thomas Hummel wrote: a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. b) For things to work, I had to set up loose permissions on the maildirs and the shared-mailbox file. I've read on this list (from the 1.2 beta days) that it is supposed to be easier with virtual user (as opposed to system users) : why ? mailboxes end up being on the filesystem anyway... In fact, I don't really understand the difference between virtual and system users...Aren't they seen as almost the same for dovecot ? Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) c) What's weird also is if I put a dovecot-acl file in a maildir I want to share, TB does not see it. But if I telnet and issue the SETACL command which end up generating the same dovecot-acl file, TB then sees the shared mailbox... Yes, because SETACL updates also the shared-mailbox file, which contains information about what mailboxes are visible to who. Without that, Dovecot would have to look through all users all mailboxes to see if there happens to be any dovecot-acl files that contains rules for current user, which of course would be really slow. Maybe for v2.0 I could add doveadm acl command to help with these things. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Thanks for your answer Timo. a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. Ouch! What known UA does support it ? What's the point of supporting only GETACL ? I guess this means that if users run this client, shared mailboxes have to be managed by an administrator, right ? Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? Thanks. -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Yes, because SETACL updates also the shared-mailbox file, which contains information about what mailboxes are visible to who. Without that, Dovecot would have to look through all users all mailboxes to see if there happens to be any dovecot-acl files that contains rules for current user, which of course would be really slow. Get it. So I guess the recommended method to make the share mailboxes visible is to talk IMAP (through telnet for instance) and not trying to suppose anything about the shared-mailbox file format and try to hack it directly, right ? -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 22:09 +0100, Thomas Hummel wrote: On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote: Thanks for your answer Timo. a) I wonder if TB even support the SETACL command since I don't see how I can modify an ACL through the TB UI. It doesn't. Ouch! What known UA does support it ? Mulberry, Kolab, some webmail plugins maybe. What's the point of supporting only GETACL ? I guess it just shows nicely what mailboxes are shared. I guess this means that if users run this client, shared mailboxes have to be managed by an administrator, right ? Or some custom web interface. Yes, they're basically the same. But in that context easier for virtual users means easier if all your users use the same uid, since most people use the same uid for virtual users.. (I don't think wiki confuses these two things?) Ok, but I still don't quite get it : if you use the same UID, doesn't this somehow equates giving something like 777 modes in the system user case ? (I mean on an OS level, problems related to such loose permission are the same and, if in 777, permissions are no longer a problem for dovecot) ? Pretty much. But 0777 permissions are somewhat worse for security than just giving a single shared uid 0700 permissions. :) So there's nothing magical about virtual users making this easier. It's just that most people wouldn't like using 0777/0666 permissions for all mails.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Shared mailboxes basics
On Fri, 2010-03-19 at 22:14 +0100, Thomas Hummel wrote: Get it. So I guess the recommended method to make the share mailboxes visible is to talk IMAP (through telnet for instance) and not trying to suppose anything about the shared-mailbox file format and try to hack it directly, right ? Right. Note that you could also do things like: printf 1 setacl blah\n2 logout\n | dovecot --exec-mail imap (assuming environment is setup properly, USER=username being the most important) signature.asc Description: This is a digitally signed message part
[Dovecot] Shared mailboxes basics
Hello Timo, I'm trying to set up shared mailboxes with dovecot-1.2.11/Maildir. I previsouly used public namespaces with 1.1+ to somehow implement them but I'm looking at the real ones now. I've read the Wiki but I'm still confused or not 100% sure about the following (basic) points : 1. Namespaces prefixes My understanding is that a namespace prefix is just an escape mechanism for the client to access the mailboxes this namespace holds. So the real location is _only_ defined by the location directive, independently of what the prefix is. So, for example, If you've got : prefix=foo/bar/ location=maildir:/some/folder/%u mailboxes are physically in /some/folder/%u, not in /foo/bar/some/folder/%u or something am I correct ? 2. Other Users mailboxes RFC234 states that shared mailboxes (which they call Other Users mailboxes) are mailboxes from the Personal Namespaces of other users. Dovecot's Wiki takes as an example : # User's private mail location. mail_location = maildir:~/Maildir # You need to create also a private namespace: namespace private { separator = / prefix = #location defaults to mail_location. inbox = yes } namespace shared { separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children } and states : This creates a shared/ namespace under which each user's mailboxes are. My understanding is that # User's private mail location. mail_location = maildir:~/Maildir and location = maildir:%%h/Maildir implies that mailboxes in both the private and the shared/ namespace are physically in the same location (under the $HOME/Maildir directory of the user who shares his mailbox) . Am I correct ? I tried the following set up : namespace private { separator = / location = maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot-test/indexes/%1u/%u inbox = yes hidden = no list = yes subscriptions = yes } namespace shared { separator = / prefix = #shared/%%u/ location = maildir:/courriel/boites/%%u:INDEX=/var/dovecot-test/indexes/%1u/%u/shared/%%u subscriptions = no list = yes # will try children later } the user doveimap has the following mailboxes : # pwd /courriel/boites # ls -l doveimap total 64 drwx-- 5 doveimap Invites 4096 Oct 23 13:38 .Trash drwxr-xr-x 5 doveimap Invites 4096 Oct 27 17:00 .sous drwxr-xr-x 5 doveimap Invites 4096 Oct 27 17:00 .sous.arbo drwxr-xr-x 5 doveimap Invites 4096 Oct 27 17:00 .sous.arbo.rescence drwx-- 5 doveimap Invites 4096 Oct 23 13:43 .testcopy drwx-- 2 doveimap Invites 4096 Mar 15 17:08 cur drwx-- 2 doveimap Invites 4096 Mar 15 17:07 new drwx-- 2 doveimap Invites 4096 Mar 15 17:07 tmp I can perform for instance : * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot test ready. x login doveimap x OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in 1 setacl INBOX dovepop rl 1 OK Setacl complete. But isn't a client like Thunderbird (3.0.3) supposed to . show me the #shared (even if no one shares mailboxes to me) folder (because of list = yes )? . let me share, let's say the .sous.arbo mailbox ? If yes, how ? Or should I first pre-set some acl files ??? For now, it says : This is a personnal mail folder. It is not shared. Thanks -- Thomas Hummel | Institut Pasteur hum...@pasteur.fr | Pôle informatique - systèmes et réseau
[Dovecot] Shared mailboxes do not support subfolders
Hi, I'm currently running Dovecot 1.2.8 with dbox mailboxes. I've configured the use of shared mailboxes. I'm able to only see the top-level mailboxes: e.g. Inbox LogWatch Trash Sent but not LogWatch/Server1 LogWatch/Server2 Is this a know limitation of a bug? Rgds, N.
Re: [Dovecot] Shared mailboxes do not support subfolders
On December 28, 2009 4:44:45 PM +0100 Nick Rosier nick+dove...@bunbun.be wrote: Hi, I'm currently running Dovecot 1.2.8 with dbox mailboxes. I've configured the use of shared mailboxes. I'm able to only see the top-level mailboxes: e.g. Inbox LogWatch Trash Sent but not LogWatch/Server1 LogWatch/Server2 Is this a know limitation of a bug? If by shared you mean public, subfolders (with maildir) works for me.
Re: [Dovecot] Shared mailboxes do not support subfolders
Frank Cusack wrote: On December 28, 2009 4:44:45 PM +0100 Nick Rosier nick+dove...@bunbun.be wrote: Hi, I'm currently running Dovecot 1.2.8 with dbox mailboxes. I've configured the use of shared mailboxes. I'm able to only see the top-level mailboxes: e.g. Inbox LogWatch Trash Sent but not LogWatch/Server1 LogWatch/Server2 Is this a know limitation of a bug? If by shared you mean public, subfolders (with maildir) works for me. Shared as in user-shared mailboxes. I think it was a mailclient (TB) problem. After subscribing from webmail (roundcube) I'm able to see them. I will do some more testing to see if I can reproduce. N.
Re: [Dovecot] Shared mailboxes do not support subfolders
On December 29, 2009 12:06:06 AM +0100 Nick Rosier nick+dove...@bunbun.be wrote: Shared as in user-shared mailboxes. I think it was a mailclient (TB) problem. After subscribing from webmail (roundcube) I'm able to see them. I will do some more testing to see if I can reproduce. Did you read the bottom of http://wiki.dovecot.org/ACL? Maybe the dovecot-acl-list file needed to be refreshed and somehow this happened.
[Dovecot] shared mailboxes using namespaces in 1.2
Hi! I've been using shared mailbox trees using maildir, unix permissions and separate namespaces per shared tree since dovecot 1.0. However now that I've upgraded to 1.2.8, I cannot create subfolders anymore. The server responds with NO Invalid mailbox name: test/testsub. The hierarchy separator for the namespaces is / because I am mixing maildir and mbox namespaces and list=yes. The details: I am using a post-login script (attached) that detects all subfolders of /var/spool/mail/Shared for which the current user has at least read access. For every subfolder, it creates a separate namespace with the prefix Shared/mailboxname. The shared mailbox trees are in maildir format. If one of those namespace-prefixes is e.g. Shared/sharedmailbox/, I am able to create Shared/sharedmailbox/test but trying to create Shared/sharedmailbox/test/testsub will fail with the above error. If I set the herarchy separator to '.' even creating Shared/sharedmailbox/test will fail. Any hints? Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria # 1.2.8: /etc/dovecot.conf # OS: Linux 2.6.27.12-170.2.5.fc10.i686.PAE i686 Fedora release 10 (Cambridge) login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login first_valid_uid: 100 mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_drop_priv_before_exec(default): yes mail_drop_priv_before_exec(imap): yes mail_drop_priv_before_exec(pop3): no mail_executable(default): /usr/local/sbin/dovecot-post-login.pl /usr/libexec/dovecot/imap mail_executable(imap): /usr/local/sbin/dovecot-post-login.pl /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 namespace: type: private separator: / location: mbox:~/mail:INBOX=/var/mail/%u inbox: yes list: yes subscriptions: yes lda: postmaster_address: postmas...@strike.wu-wien.ac.at auth default: mechanisms: plain gssapi passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On Mon, 2009-11-23 at 17:03 +0100, Alexander 'Leo' Bergolth wrote: However now that I've upgraded to 1.2.8, I cannot create subfolders anymore. The server responds with NO Invalid mailbox name: test/testsub. The hierarchy separator for the namespaces is / because I am mixing maildir and mbox namespaces and list=yes. The details: I am using a post-login script (attached) that detects all subfolders of /var/spool/mail/Shared for which the current user has at least read access. For every subfolder, it creates a separate namespace with the prefix Shared/mailboxname. The shared mailbox trees are in maildir format. Are you setting the hierarchy separator in environment for the other created namespaces? It sounds like you aren't. Looking at logs with mail_debug=yes would verify. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On 11/23/2009 06:28 PM, Timo Sirainen wrote: On Mon, 2009-11-23 at 17:03 +0100, Alexander 'Leo' Bergolth wrote: However now that I've upgraded to 1.2.8, I cannot create subfolders anymore. The server responds with NO Invalid mailbox name: test/testsub. The hierarchy separator for the namespaces is / because I am mixing maildir and mbox namespaces and list=yes. The details: I am using a post-login script (attached) that detects all subfolders of /var/spool/mail/Shared for which the current user has at least read access. For every subfolder, it creates a separate namespace with the prefix Shared/mailboxname. The shared mailbox trees are in maildir format. Are you setting the hierarchy separator in environment for the other created namespaces? It sounds like you aren't. Looking at logs with mail_debug=yes would verify. Yes, I am. I am using $ENV{NAMESPACE_${nr}_SEP}= /; ... in the post-login script. The debug log says: 8 Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes Nov 23 19:10:15 strike dovecot: IMAP(leo): mbox: data=~/mail:INBOX=/var/mail/leo Nov 23 19:10:15 strike dovecot: IMAP(leo): fs: root=/home/leo/mail, index=, control=, inbox=/var/mail/leo Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no Nov 23 19:10:15 strike dovecot: IMAP(leo): maildir: data=/var/spool/mail/Shared/spamrep:CONTROL=~/Maildir/control/Shared/spamrep:INDEX=~/Maildir/index/Share d/spamrep Nov 23 19:10:15 strike dovecot: IMAP(leo): maildir++: root=/var/spool/mail/Shared/spamrep, index=/home/leo/Maildir/index/Shared/spamrep, control=/home/leo/Maildir/control/Shared/spamrep, inbox= 8 Trying to create Shared/spamrep/test/testsub fails for example... Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On Mon, 2009-11-23 at 19:19 +0100, Alexander 'Leo' Bergolth wrote: Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no See if using type=public works better. type=shared namespace is kind of a special case used to access other users' mailboxes. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On 11/23/2009 07:27 PM, Timo Sirainen wrote: On Mon, 2009-11-23 at 19:19 +0100, Alexander 'Leo' Bergolth wrote: Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no See if using type=public works better. type=shared namespace is kind of a special case used to access other users' mailboxes. Yes, thanks! type=public works fine. Another problem is that with dovecot 1.2, Thunderbird shows Shared (the folder that contains all of my dynamically added namespaces) as a real folder, not grey and italic as before. When selecting it, the following message pops up: The current command did not succeed. The mail server responded: [NONEXISTENT] Mailbox doesn't exist: Shared. Before the dovecot update, Thunderbird didn't show Shared as a real folder, it was greyed out and selecting it didn't cause an IMAP SELECT command. Looking at the imap traffic, thunderbird does a 16 list % ... and dovecot returns Shared without \Noselect: * LIST (\HasChildren) / Shared Is there a way to tell dovecot that this is only the base of my namespaces and that it should include a \Noselect attribute? Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On Mon, 2009-11-23 at 21:39 +0100, Alexander 'Leo' Bergolth wrote: 16 list % ... and dovecot returns Shared without \Noselect: * LIST (\HasChildren) / Shared Is there a way to tell dovecot that this is only the base of my namespaces and that it should include a \Noselect attribute? In my tests it shows \Noselect.. So something's different with you. What does it show if you do 1 LIST Shared*? Also do you have a /var/spool/mail/Shared/spamrep/cur/ directory? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On 11/23/2009 09:51 PM, Timo Sirainen wrote: On Mon, 2009-11-23 at 21:39 +0100, Alexander 'Leo' Bergolth wrote: 16 list % ... and dovecot returns Shared without \Noselect: * LIST (\HasChildren) / Shared Is there a way to tell dovecot that this is only the base of my namespaces and that it should include a \Noselect attribute? In my tests it shows \Noselect.. So something's different with you. What does it show if you do 1 LIST Shared*? 8 1 LIST Shared* * LIST (\HasChildren) / Shared/spamrep * LIST (\HasNoChildren) / Shared/spamrep/INBOX * LIST (\HasNoChildren) / Shared/spamrep/ham * LIST (\HasNoChildren) / Shared/spamrep/spam-netreport * LIST (\HasNoChildren) / Shared/spamrep/spam * LIST (\HasNoChildren) / Shared/spamrep/tmp 8 LIST * shows: 8 [...] * LIST (\NoInferiors \Marked) / INBOX * LIST (\HasChildren) / Shared/spamrep * LIST (\HasNoChildren) / Shared/spamrep/INBOX * LIST (\HasNoChildren) / Shared/spamrep/ham [...] 8 (without Shared/) ... but LIST % shows: 8 [...] * LIST (\NoInferiors \Marked) / INBOX * LIST (\HasChildren) / Shared 1 OK List completed. 8 Also do you have a /var/spool/mail/Shared/spamrep/cur/ directory? Yes: # ls -ld /var/spool/mail/Shared/spamrep/cur drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02 /var/spool/mail/Shared/spamrep/cur I am using dovecot 1.2.8: # rpm -q dovecot dovecot-1.2.8-0_103.fc10.i386 (From ATrpms: http://atrpms.net/dist/f10/dovecot/ ) I have attached the environment captured at the end of the post-login script. Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote: Also do you have a /var/spool/mail/Shared/spamrep/cur/ directory? Yes: # ls -ld /var/spool/mail/Shared/spamrep/cur drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02 /var/spool/mail/Shared/spamrep/cur That's the reason this happens. Anything inside it? Probably not? Just rmdir it and new/ and tmp/. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On 11/23/2009 11:05 PM, Timo Sirainen wrote: On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote: Also do you have a /var/spool/mail/Shared/spamrep/cur/ directory? Yes: # ls -ld /var/spool/mail/Shared/spamrep/cur drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02 /var/spool/mail/Shared/spamrep/cur That's the reason this happens. Anything inside it? Probably not? Just rmdir it and new/ and tmp/. That did it. Many thanks! --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On 11/23/2009 11:05 PM, Timo Sirainen wrote: On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote: Also do you have a /var/spool/mail/Shared/spamrep/cur/ directory? Yes: # ls -ld /var/spool/mail/Shared/spamrep/cur drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02 /var/spool/mail/Shared/spamrep/cur That's the reason this happens. Anything inside it? Probably not? Just rmdir it and new/ and tmp/. Now that I removed the cur folder from Shared/spamrep, everything works fine. But could you shed some light on this? If Shared/spamrep/ contains cur/, new/ and tmp/, I'd suspect that dovecot should display Shared/spamrep as a folder but not Shared. Why is Shared/ also missing the \Noselect attribute? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria
Re: [Dovecot] shared mailboxes using namespaces in 1.2
On Tue, 2009-11-24 at 00:22 +0100, Alexander 'Leo' Bergolth wrote: If Shared/spamrep/ contains cur/, new/ and tmp/, I'd suspect that dovecot should display Shared/spamrep as a folder but not Shared. Why is Shared/ also missing the \Noselect attribute? I suppose it's a bug. Two-level namespace prefixes haven't been tested much. I'll see about getting it fixed. signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs
Hello! I just joined the list and will be happy to help where I can in my limited experience, but also come to the table with a question. I think there's something I'm missing regarding shared mailboxes and ACLs, so I will describe my situation and see if I am understanding correctly (running Dovecot 1.1.10). I have read over the Dovecot Wiki many times and have scoured many forums but still can't seem to find a solution. I have an IMAP mailbox that is working fine (user imapuser), so the maildir and related structure is in: /home/imapuser/Maildir I have another IMAP mailbox for another imap user, newuser1, also working fine, with maildir and related structure in: /home/newuser1/Maildir I have created a symlink under newuser1's Maildir to imapuser's Maildir so as to give newuser1 access to the things in imapusers's inbox. I have also symlinked inside the newuser1 Maildir to a folder under imapusers's inbox, let's call it MailingList, basically settiing up something like: /home/newuser1/Maildir: cur/ .imapuserinbox - /home/imapuser/Maildir .imapusermailinglist - /home/imapuser/Maildir/MailingList new/ tmp/ (... and various other Dovecot-related files, nothing ACL related.) Now, I have gotten the shared boxes to work IF I changed the permissions to be rwx for user and group on /home/imapuser/Maildir/*, but this makes procmail (and .procmailrc) unhappy and it starts sending things to mbox files (old system) instead of sending them on to the Maildir. So that doesn't seem to work. Which led me to ACLs. Now, I've tried (after enabling the two appropriate lines in dovecot.conf and restarting dovecot, etc) both per-directory ACL files and global ACLs, and while I can get some things to *change* as viewed by my mail client, I can't seem to create consistent behavior. I know that's fairly vague, but it's like I'll change something in the global ACL and folders are affected that I wouldn't anticipate, based on what I'm understanding of ACLs. So, in the example above, if I enable global ACLs, what names do I use to refer to those shared boxes I'm trying to access? Do I use the link name I made, .imapuserinbox or .imapusermailinglist (without leading periods), like /etc/dovecot/acls/imapuserinbox, or is it based off of the original dir name? Like do I need something like /etc/dovecot/acls/MailingList ? What about the inbox I'm sharing in /home/imapuser/Maildir, how do I reference that? Is there a way to do it without affecting or changing permissions of other IMAP users and inboxes on the same system? One thing I am receiving consistently in the error logs is: mail dovecot: IMAP(newuser1): stat(/home/newuser1/Maildir/.imapuserinbox/tmp) failed: Permission denied (euid=152(newuser1) egid=100(usergroup) UNIX perms seem ok, ACL problem?) So it seems if I get the ACL stuff right, I will be in business. Any ideas?? Thanks for any help anyone can give!! Dave
Re: [Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs
Hello! I think, if you keep maildirs by different uid then you must change file permissons to permit access to shared maildir. I don`t now about procmail delivery options, but in dovecots deliver - if you create in shared maildir file called dovecot-shared, than deliver will keep permissions like this file. After long experiments i choose dovecots v1.2 shared maildir scheme with imap acls. Best Regards! Michael 27.10.2009 22:51, Dave пишет: Hello! I just joined the list and will be happy to help where I can in my limited experience, but also come to the table with a question. I think there's something I'm missing regarding shared mailboxes and ACLs, so I will describe my situation and see if I am understanding correctly (running Dovecot 1.1.10). I have read over the Dovecot Wiki many times and have scoured many forums but still can't seem to find a solution. I have an IMAP mailbox that is working fine (user imapuser), so the maildir and related structure is in: /home/imapuser/Maildir I have another IMAP mailbox for another imap user, newuser1, also working fine, with maildir and related structure in: /home/newuser1/Maildir I have created a symlink under newuser1's Maildir to imapuser's Maildir so as to give newuser1 access to the things in imapusers's inbox. I have also symlinked inside the newuser1 Maildir to a folder under imapusers's inbox, let's call it MailingList, basically settiing up something like: /home/newuser1/Maildir: cur/ .imapuserinbox - /home/imapuser/Maildir .imapusermailinglist - /home/imapuser/Maildir/MailingList new/ tmp/ (... and various other Dovecot-related files, nothing ACL related.) Now, I have gotten the shared boxes to work IF I changed the permissions to be rwx for user and group on /home/imapuser/Maildir/*, but this makes procmail (and .procmailrc) unhappy and it starts sending things to mbox files (old system) instead of sending them on to the Maildir. So that doesn't seem to work. Which led me to ACLs. Now, I've tried (after enabling the two appropriate lines in dovecot.conf and restarting dovecot, etc) both per-directory ACL files and global ACLs, and while I can get some things to *change* as viewed by my mail client, I can't seem to create consistent behavior. I know that's fairly vague, but it's like I'll change something in the global ACL and folders are affected that I wouldn't anticipate, based on what I'm understanding of ACLs. So, in the example above, if I enable global ACLs, what names do I use to refer to those shared boxes I'm trying to access? Do I use the link name I made, .imapuserinbox or .imapusermailinglist (without leading periods), like /etc/dovecot/acls/imapuserinbox, or is it based off of the original dir name? Like do I need something like /etc/dovecot/acls/MailingList ? What about the inbox I'm sharing in /home/imapuser/Maildir, how do I reference that? Is there a way to do it without affecting or changing permissions of other IMAP users and inboxes on the same system? One thing I am receiving consistently in the error logs is: mail dovecot: IMAP(newuser1): stat(/home/newuser1/Maildir/.imapuserinbox/tmp) failed: Permission denied (euid=152(newuser1) egid=100(usergroup) UNIX perms seem ok, ACL problem?) So it seems if I get the ACL stuff right, I will be in business. Any ideas?? Thanks for any help anyone can give!! Dave -- Системный администратор ООО НПП СПЕЦСТРОЙ-СВЯЗЬ Захаренко Михаил тел. +78634 311562 доб. 478
Re: [Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs
On Tue, 2009-10-27 at 14:51 -0500, Dave wrote: Now, I have gotten the shared boxes to work IF I changed the permissions to be rwx for user and group on /home/imapuser/Maildir/*, but this makes procmail (and .procmailrc) unhappy and it starts sending things to mbox files (old system) instead of sending them on to the Maildir. So that doesn't seem to work. You'll need to set UNIX permissions in a way that it works. Which led me to ACLs. Dovecot ACLs won't get you around UNIX permission problems. One thing I am receiving consistently in the error logs is: mail dovecot: IMAP(newuser1): stat(/home/newuser1/Maildir/.imapuserinbox/tmp) failed: Permission denied (euid=152(newuser1) egid=100(usergroup) UNIX perms seem ok, ACL problem?) So it seems if I get the ACL stuff right, I will be in business. No. What that means is that there's probably a bug in the code that tries to check what permission problem you have (hopefully fixed in later version, v1.1.10 is getting a bit old). The ACL it mentions isn't Dovecot ACLs, but filesystem ACLs or perhaps SELinux or something else. I guess I should change the error message. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs
Now, I have gotten the shared boxes to work IF I changed the permissions to be rwx for user and group on /home/imapuser/Maildir/*, but this makes procmail (and .procmailrc) unhappy You'll need to set UNIX permissions in a way that it works. Thank you for the responses! OK, it seems from some reading and experimentation that procmail will bail very quickly if it doesn't like permissions on its user directories and procmailrc files, so what I discovered was that I can give EVERYTHING user and group permissions under imapuser's Maildir (either rwx or rw depending on context) but that still won't let the shared folders work... although that's part of it. Only when I change the permissions of the main imapuser folder (/home/imapuser in this example) to 770 will it work. But, that breaks procmail. As does 760 or apparently giving any write permissions to anyone besides the owner. If I change the permissions to 750, everything automagically works. I can move messages, delete, view, etc. So, I guess that is that! later version, v1.1.10 is getting a bit old). The ACL it mentions isn't Dovecot ACLs, but filesystem ACLs or perhaps SELinux or something else. I guess I should change the error message. Thanks for letting me know the difference in the ACLs mentioned in the error message, that was definitely part of my confusion!! That put me on the path to figuring it out. :) Dave
Re: [Dovecot] Shared mailboxes and INBOX
On Wed, 2009-07-29 at 17:50 +0100, Keith Edmunds wrote: namespace: type: shared separator: / prefix: security/ location: maildir:/home/securitymailbox/Maildir:INDEX=~/Maildir/securitymailbox Well, fine, if everyone really wants to have these one-mailbox namespaces, this enables them: http://hg.dovecot.org/dovecot-1.2/rev/13fa572535f0 If you don't want to patch, make the security mailbox under another namespace, e.g. shared/security. signature.asc Description: This is a digitally signed message part