Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Robert Schetterer]

Am 23.04.2014 10:17, schrieb Frantisek Kucera:
> Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a):
>> i have
>> separator = /
>> why you wanna use different ?
> 
> I don't insist on the dot :-) And I also see "/" as better and more 
> meaningful 
> separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed 
> with it until I hit on this issue.
> 
> Franta
> 

Ok, i understand


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Frantisek Kucera]

Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a):
> i have
> separator = /
> why you wanna use different ?

I don't insist on the dot :-) And I also see "/" as better and more meaningful 
separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed 
with it until I hit on this issue.

Franta

Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Robert Schetterer]

Am 23.04.2014 09:23, schrieb Frantisek Kucera:
> Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a):
>> Am 23.04.2014 08:50, schrieb Frantisek Kucera:
>>> So I suggest update in the wiki:
 n.b. If you have dots "." in your usernames (like `name.surname` or
 `n...@example.com`) it is not possible to use dot as a
 [[Namespaces|namespace separator]]. Don't forget to use `separator = /`
 in such cases.> 
>>
>> i am not sure here ,what you try to goal
>> i have users with dots  ( like test.exam...@example.com ) in shared
>> namespace, setting acls on their imap subfolders works fine, just tested
> 
> And you have "separator = ." ? I am afraid that this can't work, because if 
> e-mail client requests folder e.g. "shared.n...@example.com.some.folder" 
> Dovecot is not able to guess where the username ends and where starts folder 
> name. But if separator is "/" and the client requests 
> "shared/n...@example.com/some/folder" it is no problem to extract username 
> from it and look it up in the database.
> 
> (setting ACLs also worked on my server, but users were not able to see shared 
> mailboxes of other users)
> 
> Franta
> 

i have

separator = /

why you wanna use different ?





Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Frantisek Kucera]

Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a):
> Am 23.04.2014 08:50, schrieb Frantisek Kucera:
> > So I suggest update in the wiki:
> >> n.b. If you have dots "." in your usernames (like `name.surname` or
> >> `n...@example.com`) it is not possible to use dot as a
> >> [[Namespaces|namespace separator]]. Don't forget to use `separator = /`
> >> in such cases.> 
> 
> i am not sure here ,what you try to goal
> i have users with dots  ( like test.exam...@example.com ) in shared
> namespace, setting acls on their imap subfolders works fine, just tested

And you have "separator = ." ? I am afraid that this can't work, because if 
e-mail client requests folder e.g. "shared.n...@example.com.some.folder" 
Dovecot is not able to guess where the username ends and where starts folder 
name. But if separator is "/" and the client requests 
"shared/n...@example.com/some/folder" it is no problem to extract username from 
it and look it up in the database.

(setting ACLs also worked on my server, but users were not able to see shared 
mailboxes of other users)

Franta

Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Robert Schetterer]

Am 23.04.2014 08:50, schrieb Frantisek Kucera:
> P.P.S. Iwas thinking about this again and it is probably not possible to 
> support this combination: dot separator + shared mailboxes + usernames with 
> dots (including the domain part).
> 
> So I suggest update in the wiki:
> 
>> n.b. If you have dots "." in your usernames (like `name.surname` or 
>> `n...@example.com`) it is not possible to use dot as a 
>> [[Namespaces|namespace separator]]. Don't forget to use `separator = /` in 
>> such cases.
> 
> on http://master.wiki2.dovecot.org/SharedMailboxes/Shared
> 

i am not sure here ,what you try to goal
i have users with dots  ( like test.exam...@example.com ) in shared
namespace, setting acls on their imap subfolders works fine, just tested



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL

[Frantisek Kucera]

P.P.S. Iwas thinking about this again and it is probably not possible to 
support this combination: dot separator + shared mailboxes + usernames with 
dots (including the domain part).

So I suggest update in the wiki:

> n.b. If you have dots "." in your usernames (like `name.surname` or 
> `n...@example.com`) it is not possible to use dot as a [[Namespaces|namespace 
> separator]]. Don't forget to use `separator = /` in such cases.

on http://master.wiki2.dovecot.org/SharedMailboxes/Shared

Re: [Dovecot] Shared mailboxes / IMAP folder performance

[Robert Schetterer]

Am 21.01.2014 18:09, schrieb Sebastian Schlatow:
> Am 21.01.2014 17:51, schrieb Robert Schetterer:
>> Am 21.01.2014 17:31, schrieb Sebastian Schlatow:
>>> Hello,
>>>
>>> how performant is an IMAP shared folder / mailbox if it contains 2
>>> million mails? Is it possible two have such a quantity of mails in a
>>> shared folder? Is it possible to search that shared folder for mails in
>>> a fast way?
>>>
>>> Regards
>>> Sebastian
>>>
>> there might no ultimate answer for this ,cause it might not depend on
>> the number of mails only, there might be other complex setup stuff
>> involved, at the end with which client you like to search, why not
>> simply test it with a test server, shouldnt take much time
>>
>>
>> Best Regards
>> MfG Robert Schetterer
>>
> Thanks for your quick reply. As a client Thunderbird, Evolution and
> Outlook should be used. In rare cases maybe mobile clients on iOS and
> Android. So it is principle possible to have it performant? I asked
> because I wanted to know if it makes sense to setup a test system for that.
> 

speculate ,in an "ideal" dove server setup, the clients will get your
bottlenecks


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [Dovecot] Shared mailboxes / IMAP folder performance

[Sebastian Schlatow]

Am 21.01.2014 17:51, schrieb Robert Schetterer:
> Am 21.01.2014 17:31, schrieb Sebastian Schlatow:
>> Hello,
>>
>> how performant is an IMAP shared folder / mailbox if it contains 2
>> million mails? Is it possible two have such a quantity of mails in a
>> shared folder? Is it possible to search that shared folder for mails in
>> a fast way?
>>
>> Regards
>> Sebastian
>>
> there might no ultimate answer for this ,cause it might not depend on
> the number of mails only, there might be other complex setup stuff
> involved, at the end with which client you like to search, why not
> simply test it with a test server, shouldnt take much time
>
>
> Best Regards
> MfG Robert Schetterer
>
Thanks for your quick reply. As a client Thunderbird, Evolution and
Outlook should be used. In rare cases maybe mobile clients on iOS and
Android. So it is principle possible to have it performant? I asked
because I wanted to know if it makes sense to setup a test system for that.

Re: [Dovecot] Shared mailboxes / IMAP folder performance

[Robert Schetterer]

Am 21.01.2014 17:31, schrieb Sebastian Schlatow:
> Hello,
> 
> how performant is an IMAP shared folder / mailbox if it contains 2
> million mails? Is it possible two have such a quantity of mails in a
> shared folder? Is it possible to search that shared folder for mails in
> a fast way?
> 
> Regards
> Sebastian
> 

there might no ultimate answer for this ,cause it might not depend on
the number of mails only, there might be other complex setup stuff
involved, at the end with which client you like to search, why not
simply test it with a test server, shouldnt take much time


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: [Dovecot] shared mailboxes and indexes

[Sven Hartge]

Timo Sirainen  wrote:
> On 27.11.2012, at 3.24, Sven Hartge wrote:

>>> For implementing shared mailboxes between all user servers, I think
>>> what would need to be developed is:
>> 
 imapc_host = m-st-sh-01.example.com
 imapc_master_user = %u
 imapc_user = shared
>> 
>>> Somehow being able to set "imapc_user = %%u" where %%u expands to the
>>> shared namespace's username. Or maybe setting the imapc_user
>>> automatically to that when accessing it via type=shared namespace.
>> 
>> Wouldn't you still need the target users host because this will be
>> dynamic depending on the target user?

> imapc_host = director

Is this "director" intended to be a 'magic' string or the hostname of
the director?

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] shared mailboxes and indexes

[Timo Sirainen]

On 27.11.2012, at 3.24, Sven Hartge wrote:

>> For implementing shared mailboxes between all user servers, I think
>> what would need to be developed is:
> 
>>> imapc_host = m-st-sh-01.example.com
>>> imapc_master_user = %u
>>> imapc_user = shared
> 
>> Somehow being able to set "imapc_user = %%u" where %%u expands to the
>> shared namespace's username. Or maybe setting the imapc_user
>> automatically to that when accessing it via type=shared namespace.
> 
> Wouldn't you still need the target users host because this will be
> dynamic depending on the target user?

imapc_host = director

Also the database of which users have mailboxes shared to others would need to 
be something that all the servers can access. Either via NFS or with SQL 
backend.

Re: [Dovecot] shared mailboxes and indexes

[Sven Hartge]

Timo Sirainen  wrote:
> On 23.11.2012, at 17.53, Sven Hartge wrote:

> BTW. Do you have multiple Dovecot backend servers? Director works
> only when you're not using shared mailboxes.. 
>> 
>>> You can't reliably do it if the mailboxes are accessed directly via
>>> NFS. The current idea to solve this is to use imapc backend with
>>> master users, so the actual mailbox access for each user is always
>>> done by only one server. I think someone already managed to
>>> configure such a setup.
>> 
>> This was me.
>> 
>> It works (with one minor quirk, more on this later) in my current
>> test setup like so:
>> 
>> a) 1 to X user-servers with the users mailboxes on them 
>> b) 1 shared-server with the shared mailboxes on them

> For implementing shared mailboxes between all user servers, I think
> what would need to be developed is:

>> imapc_host = m-st-sh-01.example.com
>> imapc_master_user = %u
>> imapc_user = shared

> Somehow being able to set "imapc_user = %%u" where %%u expands to the
> shared namespace's username. Or maybe setting the imapc_user
> automatically to that when accessing it via type=shared namespace.

Wouldn't you still need the target users host because this will be
dynamic depending on the target user?

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] shared mailboxes and indexes

[Timo Sirainen]

On 27.11.2012, at 3.00, Timo Sirainen wrote:

>> Now the mentioned quirk: Because all connections on the shared-server
>> are made to the same user "shared" and are coming from very few IPs
>> (the 1 to X user-servers), you need to set a very high
>> mail_max_userip_connections value.
>> 
>> I set mine to 1000 just to be sure.
>> 
>> ---> But: I have NOT configured login_trusted_networks, so this may be
>> my error in that case.
> 
> I don't think that setting helps.

But something like this should help:

remote 10.0.0.0/8 {
  mail_max_userip_connections = 0
}

Re: [Dovecot] shared mailboxes and indexes

[Timo Sirainen]

On 23.11.2012, at 17.53, Sven Hartge wrote:

 BTW. Do you have multiple Dovecot backend servers? Director works
 only when you're not using shared mailboxes.. 
> 
>> You can't reliably do it if the mailboxes are accessed directly via
>> NFS. The current idea to solve this is to use imapc backend with
>> master users, so the actual mailbox access for each user is always
>> done by only one server. I think someone already managed to configure
>> such a setup.
> 
> This was me.
> 
> It works (with one minor quirk, more on this later) in my current test
> setup like so:
> 
> a) 1 to X user-servers with the users mailboxes on them
> b) 1 shared-server with the shared mailboxes on them

For implementing shared mailboxes between all user servers, I think what would 
need to be developed is:

> imapc_host = m-st-sh-01.example.com
> imapc_master_user = %u
> imapc_user = shared

Somehow being able to set "imapc_user = %%u" where %%u expands to the shared 
namespace's username. Or maybe setting the imapc_user automatically to that 
when accessing it via type=shared namespace.

> Note: You CANNOT have ACLs activated on the users-servers, because this
> will interfere with the permissions of ht IMAPShared namespace,
> rendering the mailboxes located in there unavailable for your users.

And some way to disable ACLs for shared namespaces that use imapc. Not sure 
what would be a nice way of doing this.

The attached patch contains these two changes. The first one I could commit 
immediately. The second one probably would need to be configurable somehow 
(maybe a generic disable_acls=yes setting for namespace?)



diff
Description: Binary data


> Now the mentioned quirk: Because all connections on the shared-server
> are made to the same user "shared" and are coming from very few IPs
> (the 1 to X user-servers), you need to set a very high
> mail_max_userip_connections value.
> 
> I set mine to 1000 just to be sure.
> 
> ---> But: I have NOT configured login_trusted_networks, so this may be
> my error in that case.

I don't think that setting helps.

Re: [Dovecot] shared mailboxes and indexes

[Angel L. Mateo]

El 23/11/12 08:07, Timo Sirainen escribió:

On 16.11.2012, at 12.11, Angel L. Mateo wrote:


We are deploying shared mailboxes in our mail system. We are running 
2.1.9 and mail backend is maildir.

As described at http://wiki.dovecot.org/SharedMailboxes/Shared when 
shared namespace is configured as

namespace shared {
  separator = /
  prefix = shared/%%u/
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  subscriptions = no
  list = children
}

each user accessing this folder has its own index, stored in 
~/Maildir/shared/%%u/, hasn't it?


Right.


Our mail is store in NFS disks so we are very concerned about indexes 
optimizations (we had performance problems until we got all of our indexes and 
nfs tunned). So, is there any way so those indexes could be shared for all 
users (and they always would be updated).


If you don't need per-user flags you can just remove the per-user INDEX. If you 
want per-user flags and want to share indexes, you need the new INDEXPVT option 
that exists in v2.2 or as a patch to v2.1: 
http://dovecot.org/patches/2.1/private-index.diff


Regarding this... if we'd use dbox instead of maildir, indexes are a 
really important part of the mailbox and they can't be re-constructed when they 
are outdated. So, how do shared mailboxes work with dbox backend? Do I have to 
configure indexes in any particular way?


INDEXPVT is a requirement with dbox if you want per-user flags.

BTW. Do you have multiple Dovecot backend servers? Director works only when 
you're not using shared mailboxes..

	Oh... sad to read this. I have multiple backend server behind a 
director one.


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337

Re: [Dovecot] shared mailboxes and indexes

[Sven Hartge]

Timo Sirainen  wrote:
> On 23.11.2012, at 13.27, Alessio Cecchi wrote:
>> Il 23/11/2012 08:07, Timo Sirainen ha scritto:

>>> BTW. Do you have multiple Dovecot backend servers? Director works
>>> only when you're not using shared mailboxes.. 
 
>> I'm not happy to hear that, so if today we are running one dovecot
>> server with shared mailbox enabled and tomorrow we will switch to a
>> more complex installation with Director we will be unable to still
>> provide shared mailbox to our customers?

> You can't reliably do it if the mailboxes are accessed directly via
> NFS. The current idea to solve this is to use imapc backend with
> master users, so the actual mailbox access for each user is always
> done by only one server. I think someone already managed to configure
> such a setup.

This was me.

It works (with one minor quirk, more on this later) in my current test
setup like so:

a) 1 to X user-servers with the users mailboxes on them
b) 1 shared-server with the shared mailboxes on them

On the user-servers I have namespace like this:

namespace {
  list = yes
  location = imapc:~/imapc-shared
  prefix = IMAPShared/
  separator = /
  subscriptions = no
  type = public
}

and a userdb like this:

userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  default_fields = uid=virtmail gid=virtmail home=/srv/mail/%2MLn/%Ln/ 
imapc_password=%w quota_rule2=Trash:ignore
  driver = ldap
}

Note the "imapc_password=%w" in the default_fields. This is needed to
pass the users login-password to the shared-server.

The imapc proxy code is configured like this:

imapc_host = m-st-sh-01.example.com
imapc_master_user = %u
imapc_user = shared

This uses the original user as the master-user and a fixed user with the
original users password to login into the shared-server.

Note: You CANNOT have ACLs activated on the users-servers, because this
will interfere with the permissions of ht IMAPShared namespace,
rendering the mailboxes located in there unavailable for your users.

The shared-storage then uses a static passdb for the user "shared":

passdb {
  args = user=shared password=complicatedpasswordhere
  driver = static
}

and a static userdb for the virtual-user:

userdb {
  args = uid=virtmail gid=virtmail home=/srv/mail/%Ln
  driver = static
}

and additional a passdb for the "master" users:

passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  master = yes
  pass = yes
}

which are pulled from LDAP, just like on the user-servers.

Now the mentioned quirk: Because all connections on the shared-server
are made to the same user "shared" and are coming from very few IPs
(the 1 to X user-servers), you need to set a very high
mail_max_userip_connections value.

I set mine to 1000 just to be sure.

---> But: I have NOT configured login_trusted_networks, so this may be
my error in that case.

And, a second quirk: You can only offer admin-provided shared folders,
your users CANNOT share folders themselves, because there is quite some
manual work involved in creating and setting them up on the central
shared-server.

For example: To provide a Mailbox with the Name "Test.3" in IMAPShared I
need the following directory structure on m-st-sh-01.example.com:

/srv/mail/shared/mdbox/mailboxes/Test.3/

In .../Test.3/ there is the dbox-Mails folder with the indexes and other
meta information. The admin needs to create the dovecot-acl file to
configure the access permissions:

root@m-st-sh-01:/srv/mail/shared/mdbox/mailboxes/Test.3/dbox-Mails# cat 
dovecot-acl 
user=gbgr14 lrwstipek
user=bbgr99 lrwstipek

The users are then able to see those folders as IMAPShared/Test.3/,
subscriptions are managed inside the users own subscription file on
their respective "home" server, while flages and tags are shared.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: [Dovecot] shared mailboxes and indexes

[Timo Sirainen]

On 23.11.2012, at 13.27, Alessio Cecchi wrote:

> Il 23/11/2012 08:07, Timo Sirainen ha scritto:
>> BTW. Do you have multiple Dovecot backend servers? Director works only when 
>> you're not using shared mailboxes.. 
> 
> I'm not happy to hear that, so if today we are running one dovecot server 
> with shared mailbox enabled and tomorrow we will switch to a more complex 
> installation with Director we will be unable to still provide shared mailbox 
> to our customers?

You can't reliably do it if the mailboxes are accessed directly via NFS. The 
current idea to solve this is to use imapc backend with master users, so the 
actual mailbox access for each user is always done by only one server. I think 
someone already managed to configure such a setup.

Re: [Dovecot] shared mailboxes and indexes

[Alessio Cecchi]

Il 23/11/2012 08:07, Timo Sirainen ha scritto:
BTW. Do you have multiple Dovecot backend servers? Director works only 
when you're not using shared mailboxes.. 


I'm not happy to hear that, so if today we are running one dovecot 
server with shared mailbox enabled and tomorrow we will switch to a more 
complex installation with Director we will be unable to still provide 
shared mailbox to our customers?


--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

Re: [Dovecot] shared mailboxes and indexes

[Timo Sirainen]

On 16.11.2012, at 12.11, Angel L. Mateo wrote:

>   We are deploying shared mailboxes in our mail system. We are running 
> 2.1.9 and mail backend is maildir.
> 
>   As described at http://wiki.dovecot.org/SharedMailboxes/Shared when 
> shared namespace is configured as
> 
> namespace shared {
>  separator = /
>  prefix = shared/%%u/
>  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
>  subscriptions = no
>  list = children
> }
> 
>   each user accessing this folder has its own index, stored in 
> ~/Maildir/shared/%%u/, hasn't it?

Right.

>   Our mail is store in NFS disks so we are very concerned about indexes 
> optimizations (we had performance problems until we got all of our indexes 
> and nfs tunned). So, is there any way so those indexes could be shared for 
> all users (and they always would be updated).

If you don't need per-user flags you can just remove the per-user INDEX. If you 
want per-user flags and want to share indexes, you need the new INDEXPVT option 
that exists in v2.2 or as a patch to v2.1: 
http://dovecot.org/patches/2.1/private-index.diff

>   Regarding this... if we'd use dbox instead of maildir, indexes are a 
> really important part of the mailbox and they can't be re-constructed when 
> they are outdated. So, how do shared mailboxes work with dbox backend? Do I 
> have to configure indexes in any particular way?

INDEXPVT is a requirement with dbox if you want per-user flags.

BTW. Do you have multiple Dovecot backend servers? Director works only when 
you're not using shared mailboxes..

Re: [Dovecot] Shared Mailboxes in a multi domain environment

[Alessio Cecchi]

Il 17/09/2012 14:44, Timo Sirainen ha scritto:

So, why don't provide a way to restrict shared mailboxes also for dict in SQL?

One way could be to add to "user_shares" table a column "domains" which is the same 
domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot 
can add a "WHERE %n = domain"  for the SELECT.

If you don't include %d as part of the shared namespace prefix you already 
restrict the users sharing within same domain, no need for extra SQL WHEREs.


Good, after change my shared namespace from

namespace {
  list = children
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  prefix = shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}


to

namespace {
  list = children
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  prefix = shared/%%n/  ## <<=- change %u to %n
  separator = /
  subscriptions = no
  type = shared
}

shared mailboxes have become available only inside the same domains.

Thanks!

--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

Re: [Dovecot] Shared Mailboxes in a multi domain environment

[Timo Sirainen]

On 17.9.2012, at 10.09, Alessio Cecchi wrote:

> I would like to enable mailbox sharing for my users. I'm using dovecot 2.1.9 
> with vpopmail authentication. For security reason shared mailboxes should be 
> available only for users of the same domain.
> 
> Dovecot's wiki suggest to enable acl like this:
> 
> plugin {
>  # assumes mailboxes are in /var/mail/%d/%n:
>  acl_shared_dict = file:/var/mail/%d/shared-mailboxes.db
> }
> 
> but in vpopmail, and also in many others configuration, mailboxes are, for 
> example, in /var/mail/nas1/%d, /var/mail/nas2/%d and so on, so it's difficult 
> to restrict shared mailboxes available only for the same domain. A trick 
> could be set acl_shared_dict to /var/mail/%d-shared-mailboxes.db, but I don't 
> know if it's safe on an NFS environment.

As long as all the servers have access to the file it doesn't matter where it 
is. You could even do something like /var/mail/nas1/shared-dict/%d.db

> So, why don't provide a way to restrict shared mailboxes also for dict in SQL?
> 
> One way could be to add to "user_shares" table a column "domains" which is 
> the same domain of the mailbox'owner and a config option, for acl, like 
> acl_only_for_same_domain =yes/no so dovecot can add a "WHERE %n = domain"  
> for the SELECT.

If you don't include %d as part of the shared namespace prefix you already 
restrict the users sharing within same domain, no need for extra SQL WHEREs.

Re: [Dovecot] Shared mailboxes with dovecot problem service=lib-storage

[Timo Sirainen]

On 28.3.2012, at 11.57, Tomislav Mihalicek wrote:

> Could someone explain what this strings mean in dovecot 2.1.3 debug log?
> 
> Mar 27 11:18:11 cartman dovecot: auth: Debug: master in: USER 1
> te...@example.net service=lib-storage
> Mar 27 11:18:11 cartman dovecot: auth: Debug: master in: USER 2
> te...@example.net service=lib-storage

Dovecot is asking a user's home directory via userdb lookup. Looks like your 
userdb isn't returning a home directory. There should be an error message about 
it?

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

and for the time that user001 execute the imap 'list' command, this is the log 
trace in dovecot:

Sep  9 13:09:12 imap1 dovecot: imap(user001): Debug: Namespace : type=shared, 
prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no 
location=maildir:%h/mailSubDir:INDEX=~/mailSubDir/shared/%u
Sep  9 13:09:12 imap1 dovecot: imap(user001): Debug: shared: 
root=/var/run/dovecot/, index=, control=, inbox=, alt=
[...]

Sep  9 13:10:44 imap1 dovecot: auth: Debug: master in: USER   1   user002 
service=lib-storage
Sep  9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): user search: 
base=dc=example,dc=com scope=subtree 
filter=(&(objectClass=CourierMailAccount)(uid=user002)) 
fields=mailbox,homeFilter
Sep  9 13:10:44 imap1 dovecot: auth: Debug: ldap(user002): result: 
mailbox(mail=maildir:/var/maildir/%$)=vol05/4/40/user002 
homeFilter(home)=/var/mailfilter/vol05/4/40/user002
Sep  9 13:10:44 imap1 dovecot: auth: Debug: master out: USER  1   user002 
mail=maildir:/var/maildir/vol05/4/40/user002    
home=/var/mailfilter/vol05/4/40/user002 
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: auth input: user002 
mail=maildir:/var/maildir/vol05/4/40/user002 
home=/var/mailfilter/vol05/4/40/user002
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: maildir++: 
root=/var/mailfilter/vol05/4/40/user002/mailSubDir, 
index=/var/mailfilter/vol04/4/46/user001/mailSubDir/shared/user002, control=, 
inbox=/var/mailfilter/vol05/4/40/user002/mailSubDir, alt= 
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: initializing backend 
with data: vfile
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: acl username = user001
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: owner = 0
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl vfile: Global ACL 
directory: (none)
Sep  9 13:10:44 imap1 dovecot: imap(user001): Debug: acl: Mailbox not in 
dovecot-acl-list: shared.user002.INBOX

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

(I'm sorry for breaking the thread with each mail) 

On 09/09/2011 10:04 AM, Jan-Frode Myklebust wrote:
> On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote:
>>
>> and how to I might configure dovecot to use the mail directory as a 
>> subdirectory of the home directory?
>>
>> this way all lookups for home (with %%h fetched from ldap) will return the 
>> correct locationand mail will be in (i.e.) ~/mailSubDir
>>
>> is this configuration possible?
> 
> In the main dovecot.conf:
> 
>     mail_location = maildir:~/mailSubDir
> 
> In the ldap-config:
> 
>     user_attrs = homeFilter=home 


and which is the value for the location directive in namespace declaration ??


namespace {
  list = children
  location = maildir:%%h/mailSubDir:INDEX=~/mailSubDIr/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}


with the above conf. no shared folders are seen by tests users and afaik %%h is 
retrieved from ldap.


this is that I had done until now:

# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user001
. OK Create completed.

. setacl INBOX.docs-user001 user002 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.
# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user002 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAME

. create INBOX.docs-user002
. OK Create completed.
. setacl INBOX.docs-user002 user001 lr
. OK Setacl complete.
. logout
* BYE Logging out 
. OK Logout completed.
Connection closed by foreign host.

 # cat /var/maildir/shared-mailboxes 
shared/shared-boxes/user/user002/user001
1
shared/shared-boxes/user/user002/user002
1
shared/shared-boxes/user/user001/user001
1
shared/shared-boxes/user/user001/user002
1

# cat /var/maildir/vol04/4/46/user001/.docs-user001/dovecot-acl 
user=user002 lr

# cat /var/maildir/vol05/4/40/user002/.docs-user002/dovecot-acl
user=user001 lr


# telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 
AUTH=PLAIN] Dovecot ready.
. login user001 secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT 
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT 
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in
. namespace
* NAMESPACE (("INBOX." ".")) (("shared." ".")) NIL
. OK Namespace completed.
. list "shared." "*"
. OK List completed.



  /--/

# grep  ^[^#] /etc/dovecot/dovecot-ldap.conf.ext

uris = ldap://ldap.example.com
dn = cn=testuser,dc=example,dc=com
dnpass = secret
sasl_bind = no
tls = no
auth_bind = yes
ldap_version = 3
base = dc=example,dc=com
deref = never
scope = subtree
user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
user_filter = (&(objectClass=CourierMailAccount)(uid=%u))
pass_filter = (&(objectClass=CourierMailAccount)(uid=%u))




# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_location = maildir:~/mailSubDir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
}
namespace {
  list = children
  location = maildir:%%h/mailSubDir:INDEX=~/mailSubDir/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/maildir/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp
service lmtp {
  inet_listener lmtp {
    port = 24
  }
  unix_listener lmtp {
    user = vmail
  }
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
p

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[Jan-Frode Myklebust]

On Fri, Sep 09, 2011 at 08:18:40AM +0100, mailing lists wrote:
> 
> and how to I might configure dovecot to use the mail directory as a 
> subdirectory of the home directory?
> 
> this way all lookups for home (with %%h fetched from ldap) will return the 
> correct locationand mail will be in (i.e.) ~/mailSubDir
> 
> is this configuration possible?

In the main dovecot.conf:

mail_location = maildir:~/mailSubDir

In the ldap-config:

user_attrs = homeFilter=home



  -jf

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

On 09/08/2011 03:07 PM, Timo Sirainen wrote:

> On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote:
> 
>> yes, my virtual users have separate directories for home and mail.
>> Their locations are stored in ldap attributes (with random generated
>> paths), so a flat scheme like /var/maildr/%%u isn't valid.
> 
> Sorry, you're out of luck with that kind of a setup. Only the %%h can
> look up a home directory from LDAP. Maybe some day in future there will
> be other variables that can be looked up.

and how to I might configure dovecot to use the mail directory as a 
subdirectory of the home directory?

this way all lookups for home (with %%h fetched from ldap) will return the 
correct locationand mail will be in (i.e.) ~/mailSubDir

is this configuration possible?

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[Timo Sirainen]

On Thu, 2011-09-08 at 12:14 +0100, mailing lists wrote:

> yes, my virtual users have separate directories for home and mail.
> Their locations are stored in ldap attributes (with random generated
> paths), so a flat scheme like /var/maildr/%%u isn't valid.

Sorry, you're out of luck with that kind of a setup. Only the %%h can
look up a home directory from LDAP. Maybe some day in future there will
be other variables that can be looked up.

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[mailing lists]

Hello,


On 09/07/2011 07:22 PM, Timo Sirainen wrote:
> On 6.9.2011, at 14.27, mailing lists wrote:
>> At this point I need shared mailboxes but since user mail/home locations are 
>> ldap attributes, how is it supposed I must configure this for shared 
>> mailboxes?
>>
>> for the users' mail/home directories I set this line:
>>
>> user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home
> 
> Are home dirs and mail dirs related in any way? The only way you can get it 
> working is by using home dirs, e.g.:

>

> user_attrs = mailbox=home=/var/maildir/%$

yes, my virtual users have separate directories for home and mail. Their 
locations are stored in ldap attributes (with random generated paths), so a 
flat scheme like /var/maildr/%%u isn't valid.


for typical (virtual) users the location returned looks like:

Sep  8 12:48:33 imap1 dovecot: auth: Debug: ldap(user012,::1): result: 
mailbox(mail=maildir:/var/maildir/%$)=vol06/1/15/user012 
homeFilter(home)=/var/mailfilter/vol06/1/15/user012

...
Sep  8 12:54:50 imap1 dovecot: imap(user012): Debug: maildir++: 
root=/var/maildir/vol06/1/15/user012, index=, control=, 
inbox=/var/maildir/vol06/1/15/user012, alt=


 

> Then in dovecot.conf:
> 
> mail_location = maildir:~/
>

>> namespace {
>>    type = shared
>>    separator = /
>>    prefix = shared/%%u/
>>    subscriptions = no
>>    list = children

>

> location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

this is that I see in  logs and not shared folders are seen by imap clients:


Sep  8 12:57:11 imap1 dovecot: imap(user012): Debug: Namespace : type=shared, 
prefix=shared.%u., sep=., inbox=no, hidden=no, list=children, subscriptions=no 
location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u
Sep  8 12:57:11 imap1 dovecot: imap(user012): Debug: shared: 
root=/var/run/dovecot/, index=, control=, inbox=, alt=
Sep  8 12:57:11 imap1 dovecot: imap(user012): Debug: acl: initializing backend 
with data: vfile


I fail to understand how %%u is retrieved from ldap...



  /--/


# dovecot -n
# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.34.7-0.7-xen x86_64 openSUSE 11.3 (x86_64) 
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
mail_debug = yes
mail_fsync = always
mail_gid = 5000
mail_location = maildir:~/
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
}
namespace {
  list = children
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/maildir/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = imap
ssl = no
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol imap {
  mail_max_userip_connections = 100
  mail_plugins = acl imap_acl autocreate
}

Re: [Dovecot] Shared Mailboxes with VirtualUsers and mail_location retrieved from ldap

[Timo Sirainen]

On 6.9.2011, at 14.27, mailing lists wrote:

> I spend a couple of days configurating a new installation of dovecot 2.0.14 
> with virtual accounts and NFS storage for maildir home/mail directories.
> 
> 
> At this point I need shared mailboxes but since user mail/home locations are 
> ldap attributes, how is it supposed I must configure this for shared 
> mailboxes?
> 
> for the users' mail/home directories I set this line:
> 
> user_attrs = mailbox=mail=maildir:/var/maildir/%$,homeFilter=home

Are home dirs and mail dirs related in any way? The only way you can get it 
working is by using home dirs, e.g.:

user_attrs = mailbox=home=/var/maildir/%$

Then in dovecot.conf:

mail_location = maildir:~/

> namespace {
>   type = shared
>   separator = /
>   prefix = shared/%%u/
>   subscriptions = no
>   list = children

location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

Of course, if you're already now using separate home dirs for some stuff, this 
won't really work.

Re: [Dovecot] shared mailboxes

[Timo Sirainen]

On Wed, 2011-08-03 at 01:33 +0300, Vasil Mikhalenya wrote:

> 1. How to create a public mailbox - with per user seen flag. In my
> configuration this flag is shared

Currently this is possible only with Maildir (by creating dovecot-shared
file).

> 2. How to share one user mailbox with other users and set up acl. In
> Cyrus it was very easy( cyradm sam mailbox user1 lrs or  sam mailbox
> user2 all ). What way there is to do this in dovecot.

doveadm acl set

> It was no problem with shared mailboxes in cyrus, but I need maildir support.

Hmm? Looks like you're using mdbox..:

> mail_location = mdbox:/var/mail/%1n/%n

Re: [Dovecot] Shared mailboxes and acl

[Juan C. Blanco]

On 07/05/2011 18:32, Juan C. Blanco wrote:

Hello, I've finally upgrade to dovecot 2.0.12 and I'm doing some test
with shared mailboxes and acl.

I've read http://wiki2.dovecot.org/SharedMailboxes/Shared and changed
the dovecot config as recommended, I'm using Horde/IMP as imap_acl client

Seems that the acl files in user mailbox where updated correctly.

I've defined also a shared mailbox dictionary and if I've understood
right from the wiki page this file is supposed to be also updated with
the imap_acl commands, is this right?

In my case this file is never updated, I don't know if this file must
have any special format or is a simple text file.


Solved, finally it was a permission problem, I've setup the shared 
mailbox dict in /var/lib/dovecot/shaed-mailboxes and even I've granted 
permission to this file to the vamil user there was a problem creating 
the dotlock when updating the file. I have had to create a directory 
there and change the owner of it to vmail


As I've debug active I was losing the error in the log file.

Regards
Juan C. Blanco



Any help will be appreciated
Regards
Juan C. Blanco

Re: [Dovecot] Shared mailboxes in dovecot

[Charles Marcus]

On 2010-11-02 2:58 AM, Jay Mobile wrote:
> i hve a requirement of setting up two folders which should be shared
> only to selected users only.



> lets assume user A wants to share a folder named shared with user B
> only. how can i get this done?

That's about as basic as it gets... did you read the wiki? What exactly
are you having trouble with?

v1.2:

http://wiki.dovecot.org/SharedMailboxes/Shared

v2.0:

http://wiki2.dovecot.org/SharedMailboxes/Shared

-- 

Best regards,

Charles

Re: [Dovecot] Shared mailboxes in dovecot

[Daniel Luttermann]

Jay Mobile wrote on 11/02/2010:

Hi,
i hve a requirement of setting up two folders which should be shared  
only to selected users only. Pls note that my users are virtual and  
reside on mysql db. im using maildir as storage. lets assume user A  
wants to share a folder named shared with user B only. how can i get  
this done?

Regards
Jay


you can find more informations in the Wiki. See:

http://wiki2.dovecot.org/SharedMailboxes/Shared
http://wiki2.dovecot.org/ACL

(These informations are for Dovecot 2.x).

You must define a namespace (shared) and create the appropriate acls.  
An acl looks like


  user=u...@example.com rl

This acl (filename: dovecot-acl) can be stored in the folder you would  
like to share which means that user "u...@example.com" can "read" and  
"list" the mailbox.


Some IMAP clients supports shared folders so if you configure Dovecot  
correctly you can manage this within your client software but you can  
also do this manually.


--
Daniel

Re: [Dovecot] Shared mailboxes with dovecot.

[Timo Sirainen]

On Thu, 2010-08-26 at 16:13 +0300, Mihajlin Evgenij wrote:
> 
> mail_location = maildir:/var/spool/vmail/domains/%d/%n/Maildir
> namespace {
>   location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u 

These don't match. You're now using home dir in one but not the other.

> user_attrs = 
> =home=/var/spool/vmail/domains/%d/%n,=mail=/var/spool/vmail/domains/%d/%n/Maildir

Also you're here overriding mail_location. To make this simple:

 - Remove "mail=.." from user_attrs
 - Set mail_location = maildir:~/Maildir

Re: [Dovecot] Shared mailboxes with dovecot.

[Timo Sirainen]

On Thu, 2010-08-26 at 16:13 +0300, Mihajlin Evgenij wrote:
> Hi, first of all for forgive me for my english.
> 
> I have several questions. 
> 1. There are 2 user/passwd databases in my setup - ldap and mysql. when i 
> login into one user with telnet 127.0.0.1 143 and share inbox to some users - 
> records in dict-file apears? but if i delete some acls  - records indict-file 
> stays same.

Probably a bug.

> 2. I see in error.log such errors. can somebody explain what do dovecot list 
> shared folder (what files is looking for, how it see variables %u and %%u, 
> ...)
> 
> Aug 26 15:44:19 imap(j...@badmltd.dn.ua): Error: Namespace 'shared//': 
> mkdir(/var/run/dovecot/user-not-found/@badmltd.dn.ua) failed: Permission 
> denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, 
> euid is not dir owner)

It looks as if it's trying to access an empty user's ("@badmltd.dn.ua")
mailbox ("shared//", it typically should access shared/username/box" or
something).

One annoying thing here is that it even gives this error message when
client attempts to access invalid mailboxes. Should fix it some day.

> Aug 26 15:44:53 imap(ad...@badmltd.dn.ua): Error: Namespace 'shared/shared/': 
> mkdir(/var/run/dovecot/user-not-found/sha...@badmltd.dn.ua) failed: 
> Permission 
> denied (euid=47(mailnull) egid=12(mail) missing +w perm: /var/run/dovecot, 
> euid is not dir owner)

Again, it's trying to access "sha...@badmltd.dn.ua" user's mails. That
user probably doesn't exist either?

How are you trying to access these mailboxes? With an imap client? Try
testing first by talking IMAP protocol directly and only after that
works try IMAP clients.

http://wiki2.dovecot.org/TestInstallation gives some commands. Basically
you should get these working:

a select shared/username/mailbox
b list "" shared/*

Re: [Dovecot] Shared mailboxes with dovecot.

[Mihajlin Evgenij]

Again, what does mean this strings?

Aug 26 15:48:03 auth: Debug: master in: USER1   za...@badmltd.dn.ua 
service=lib-storage
Aug 26 15:48:03 auth: Debug: master in: USER2   t...@badmltd.dn.ua  
service=lib-storage
Aug 26 15:48:03 auth: Debug: master in: USER2   t...@badmltd.dn.ua  
service=lib-storage
Aug 26 15:48:03 auth: Debug: master out: USER   2   t...@badmltd.dn.ua   
 service=lib-storage
 Aug 26 15:48:03 auth: Debug: master in: USER3   @badmltd.dn.ua  
 service=lib-storage
Aug 26 15:48:03 auth: Debug: master out: NOTFOUND   3

Why does dovecot iterates it? 

Re: [Dovecot] Shared mailboxes errors

[Nikita Koshikov]

On Tue, 03 Aug 2010 23:16:38 +0200
Leander S. wrote:

>   Hi  Nikita Koshikov,
> 
> when I googled for my SERVERBUG which I'm having right now I found your 
> configuration.
> I'm trying to make use of the antispam plugin as you do. Unfortunately 
> I'm always getting a [SERVERBUG] error mesage with my MTC when I try 
> moving mails. The antispam debug.log doesn't really tell a lot of more:
> 
> 
>### Dovecot AntiSpam ###
> # mail signature (used with any backend requiring a signature)
> #antispam_signature = X-Spam-Status
> #antispam_signature_missing = move
> 
> antispam_mail_sendmail = /usr/local/bin/sa-learn
> antispam_mail_sendmail_args = --username=%u;--debug;all
> antispam_mail_spam = --spam
> antispam_mail_notspam = --ham
> antispam_mail_tmpdir = /tmp
> antispam_spam = Spam
> antispam_unsure = Virus
> antispam_trash = Trash
> 

First of all - what OS is this ? BSD ? And how did you install your 
spamassassin (ports\compiling from source)?
Show your local.cf file (/etc/mail/spamassassin or 
/usr/local/etc/mail/spamassasin). 

After reading perldoc Mail::SpamAssassin::Conf add to your local.cf for 
debugging:
bayes_file_mode 0777
bayes_path /tmp/.spamassassin/bayes

Create folder /tmp/.spamassassin and set permitions 777. 
Restart spamd with dovecot  and try it.


> I also read through the sa-learn script but wasn't able to figure out 
> where this number 9 is coming from ;/
> ... SIGKILL 9 Term Kill signal - but where from ?!
> 
sa-learn has lots of die() function, this should be enough for raising SIGKILL.
> 
> 
> Do you maybe have any idea? I tried different Dovecot versions already - 
> alwys the same ... Might there maybe somethign wrong with my syntax?
> 
> 
> 
> Any way - thanks a lot in advance & regards
> 
If you stuck after all, remember that sa-learn has -D key, it generate tons of 
output. Create wrapper and run sa-learn with -D keyword from dovecot, save 
result and have fun.

Re: [Dovecot] Shared mailboxes errors

[Nikita Koshikov]

On Thu, 17 Jun 2010 14:57:08 +0100
Timo Sirainen wrote:

> On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote:
> 
> > Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: 
> > shared/shared-boxes/anyone/
> 
> I think the wiki sql configuration was written/tested by someone who got
> the same errors, but ignored them.. You need to provide also a mapping
> for this. Maybe something like:
> 
> map {
>   pattern = shared/shared-boxes/anyone/$from
>   table = anyone_shares
>   value_field = dummy
> 
>   fields {
>   from_user = $from
>   }
> }
> 
> or maybe to your existing table (just don't have a user called
> "anyone"):
> 
> map {
>   pattern = shared/shared-boxes/user/anyone/$from
>   table = user_shares
>   value_field = dummy
> 
>   fields {
>   from_user = $from
>   }
> }
> 

Thanks for your reply, Timo.

Is any documentation avail about mapping or can you describe it briefly here ?

Re: [Dovecot] Shared mailboxes errors

[Timo Sirainen]

On Thu, 2010-06-17 at 16:25 +0300, Nikita Koshikov wrote:

> Jun 17 15:50:33 dict: Error: sql dict iterate: Invalid/unmapped path: 
> shared/shared-boxes/anyone/

I think the wiki sql configuration was written/tested by someone who got
the same errors, but ignored them.. You need to provide also a mapping
for this. Maybe something like:

map {
pattern = shared/shared-boxes/anyone/$from
table = anyone_shares
value_field = dummy

fields {
from_user = $from
}
}

or maybe to your existing table (just don't have a user called
"anyone"):

map {
pattern = shared/shared-boxes/user/anyone/$from
table = user_shares
value_field = dummy

fields {
from_user = $from
}
}


> I have no clue why this happening, users don't know about new functionality 
> they just use imap as before. Also dict database begin to fill up by records 
> like:
> 
> select * from user_shares;
> u...@domain.com|ad...@domain.com|1
> 
> But user don't use setacl command.

I think the dict is rebuilt sometimes when ACLs change (or if
dovecot-acl-list file is rebuilt for some other reason). This code isn't
really optimized yet and it might be rebuilding them unnecessarily..

Re: [Dovecot] Shared mailboxes

[Charles Marcus]

On 2010-05-18 7:16 AM, Timo Sirainen wrote:
> On 18.5.2010, at 13.10, Matthew Sackman wrote:
 But ive no idea how to share a mailbox. Thunderbird and most
 other Clients seem not to support the setacl command.

>> Yeah, I found that too. My solution was to learn IMAP, telnet in,
>> and run the SETACL commands myself.

> Yes, that's currently the "best" solution. For v2.0 perhaps I'll
> create doveadm acl set command. That would still work in a similar
> way though, so it's not all that much better than IMAP.

The good news is Thunderbird is implementing this now:

https://bugzilla.mozilla.org/show_bug.cgi?id=522954

Not sure if there is a build available for testing though...

Hopefully they will implement it 'correctly' (according to RFCs)...

-- 

Best regards,

Charles

Re: [Dovecot] Shared mailboxes

[Timo Sirainen]

On 18.5.2010, at 13.10, Matthew Sackman wrote:

>>> But ive no idea how to share a mailbox.
>>> Thunderbird and most other Clients seem not to support the setacl command.
> 
> Yeah, I found that too. My solution was to learn IMAP, telnet in, and
> run the SETACL commands myself.

Yes, that's currently the "best" solution. For v2.0 perhaps I'll create doveadm 
acl set command. That would still work in a similar way though, so it's not all 
that much better than IMAP.

Re: [Dovecot] Shared mailboxes

[Matthew Sackman]

On Tue, May 18, 2010 at 08:07:57AM -0300, Marcio Merlone wrote:
> Em 14-05-2010 12:45, spamv...@googlemail.com escreveu:
> >can anyone give me a hind how to setup shared mailboxes.
> >I've already created the shared and private namespace.
> >
> >But ive no idea how to share a mailbox.
> >Thunderbird and most other Clients seem not to support the setacl command.

Yeah, I found that too. My solution was to learn IMAP, telnet in, and
run the SETACL commands myself.

Matthew

Re: [Dovecot] Shared mailboxes

[Marcio Merlone]

Em 14-05-2010 12:45, spamv...@googlemail.com escreveu:

can anyone give me a hind how to setup shared mailboxes.
I've already created the shared and private namespace.

But ive no idea how to share a mailbox.
Thunderbird and most other Clients seem not to support the setacl command.

so do i have to create a plaintext file with
"user=theldapuseriwanttosharemybox rw" ?
   


It seems no one uses shared folder, or people don't like questions about 
that. If you find the answer somewhere pls mail the list for the records 
of searches.



--
Marcio Merlone

Re: [Dovecot] Shared mailboxes unix permissions

[Timo Sirainen]

On Wed, 2010-03-31 at 19:40 +0200, Thomas Hummel wrote:

> Everything gets created with the permission I was expecting, except :
> 
>   -rw---  1 doveimap  doveshared  8 Mar 31 18:47 
> /courriel/meta/doveimap/dovecot-uidvalidity
>   -rw---  1 doveimap  doveshared  0 Mar 31 18:44 
> /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4

This has been fixed in v2.0. But they're not all that important, so you
can probably just ignore them.

>   -rw---  1 doveimap  doveshared  0 Mar 31 18:44 
> /var/dovecot-test/dict/shared-mailboxes

This file is created only once. You can change its permissions and
they're preserved afterward. But yeah, its initial permissions should be
taken from parent directory. Fixed in v2.0:
http://hg.dovecot.org/dovecot-2.0/rev/b3947e64546a



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes unix permissions

[Thomas Hummel]

On Fri, Apr 09, 2010 at 11:17:26AM +0200, Thomas Hummel wrote:

> > and the 'dovecot-shared' file doesn't help (besides, my understanding is 
> > that
> > in 1.2x, it's for backward compatibility reason).

Which makes me wonder : does the dovecot-shared file still control, with
1.2x/Maildir/shared namespaces/ where the flags are stored (in other words, can
we have shared-mailboxes with private \Seen flags for instance) ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes unix permissions

[Thomas Hummel]

On Wed, Mar 31, 2010 at 07:40:29PM +0200, Thomas Hummel wrote:
> Hello Timo,
> 
> I'm running dovecot-1.2.11/Maildir and plan to migrate to single UID mailboxes
> some day, but for now, I've got "system" users and I'm testing permissions
> handling in order to set up shared mailboxes.
> 
> The private namespace mailboxes location is
> 
>   location = 
> maildir:/courriel/boites/%u:CONTROL=/courriel/meta/%u:INDEX=/var/dovecot-test/indexes/%1u/%u
> 
> I've 
> 
>   . created a 'doveshared' unix group
>   . added 'mail_access_groups = doveshared'
>   . chmod/chgrp the maildir and control dirs like this :
> 
>  drwxrws---  7 doveimap  doveshared  4096 Mar 31 18:47 
> /courriel/boites/doveimap
>  drwxrws---  5 doveimap  doveshared  4096 Mar 31 18:47 
> /courriel/meta/doveimap
> 
>[which were empty]
> 
>   . added 'acl_shared_dict = file:/var/dovecot-test/dict/shared-mailboxes' 
> with
> 
>   drwxrwxs--  2 root  doveshared  512 Mar 31 18:44 /var/dovecot-test/dict
> 
>[which were empty]
> 
> Everything gets created with the permission I was expecting, except :
> 
>   -rw---  1 doveimap  doveshared  8 Mar 31 18:47 
> /courriel/meta/doveimap/dovecot-uidvalidity
>   -rw---  1 doveimap  doveshared  0 Mar 31 18:44 
> /courriel/meta/doveimap/dovecot-uidvalidity.4bb37be4
> 
> and
> 
>   -rw---  1 doveimap  doveshared  0 Mar 31 18:44 
> /var/dovecot-test/dict/shared-mailboxes
> 
> I can't see the explanation in
> 
>   http://wiki.dovecot.org/SharedMailboxes/Permissions
> 
> and the 'dovecot-shared' file doesn't help (besides, my understanding is that
> in 1.2x, it's for backward compatibility reason).
> 
> Any idea ?

Timo ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] shared mailboxes, mkdir_parents problem

[Timo Sirainen]

On Mon, 2010-03-22 at 14:38 +0100, Leo Unglaub wrote:
> > 2010-03-18 10:03:04 IMAP(unglaub): Error: 
> > mkdir_parents(/var/mails/e-c-o.at/kirchmeir) failed: Permission denied 
..
> > mail_location: maildir:/var/mail/%d/%n
..
> >   location: maildir:/var/mails/e-c-o.at/%%n:INDEX=/tmp/%%n

/var/mail/ vs. /var/mails/?



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes, mkdir_parents problem

[pattex]

Leo Unglaub  gmail.com> writes:

> 
> Hi Friends,
> i have a little problem with my Dovecot installation. The normal 
> installation works very well and now i have to configurate dovecot that 
> all member from a domain can access all mailboxes from this domain.

>mail_location: maildir:/var/mail/%d/%n

> namespace:
>   type: shared
>   separator: /
>   prefix: shared/mitarbeiter/%%n/
>   location: maildir:/var/mails/e-c-o.at/%%n:INDEX=/tmp/%%n

Hallo Leo 

What i have seen is, that the path in maillocations points to /var/mail/../..
the path in the shared maildir point to / var/mail(s)/../..

that doesn't work

Re: [Dovecot] shared mailboxes, mkdir_parents problem

[Pattex]

Leo Unglaub  gmail.com> writes:

> 
> Hi Friends,
> i have a little problem with my Dovecot installation. The normal 
> installation works very well and now i have to configurate dovecot that 
> all member from a domain can access all mailboxes from this domain.
> I configurate the shared namespace and set the IMAP ACL Flag but i can't 
> abonement the other mailboxes. 

How did you do this? Edit the file or with GETACL SETACL? Have you the shared 
Folder visible? What Mailclient you use? Have you subscreibe the Folder to the 
Listbox?

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Mon, Mar 22, 2010 at 03:59:02PM +0200, Timo Sirainen wrote:

> Yes.

Ok, I was complicating things then : I was using the "system_groups_user"
extra-field and a secondary "doveshared" unix group.

But the question now is when to use mail_extra_groups and when to use the
"system_groups_user" extra-field ? As I see it now, system_groups_user gives
finer grain control since it's on a user basis.

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Mon, 2010-03-22 at 14:56 +0100, Thomas Hummel wrote:
> So basically, independently of ACL groups, the idea is to 
> 
>   . chgrp all maildirs to some unix group (doveshared)
> 
>   . chmod 0770 those maildirs
> 
>   . add that group to mail_extra_groups
> 
>   . so dovecot would be able to access any shared mailboxes (from anyone to 
> anyone) 
> 
> correct ?

Yes.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Mon, Mar 22, 2010 at 03:40:23PM +0200, Timo Sirainen wrote:
> On Mon, 2010-03-22 at 14:34 +0100, Thomas Hummel wrote:
> 
> > You lost me again : what's the use of the userdb " acl_groups" extra-field 
> > then ?
> 
> That only adds user to given ACL groups for ACL plugin's checks. ACL
> plugin deals only with virtual permissions, acl_groups has nothing to do
> with filesystem permissions. If user doesn't already have enough
> filesystem permissions to access some mailbox, ACL plugin won't grant
> them either.

Ok.

So basically, independently of ACL groups, the idea is to 

  . chgrp all maildirs to some unix group (doveshared)

  . chmod 0770 those maildirs

  . add that group to mail_extra_groups

  . so dovecot would be able to access any shared mailboxes (from anyone to 
anyone) 

correct ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Mon, 2010-03-22 at 14:34 +0100, Thomas Hummel wrote:

> You lost me again : what's the use of the userdb " acl_groups" extra-field 
> then ?

That only adds user to given ACL groups for ACL plugin's checks. ACL
plugin deals only with virtual permissions, acl_groups has nothing to do
with filesystem permissions. If user doesn't already have enough
filesystem permissions to access some mailbox, ACL plugin won't grant
them either.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 22 Mar 2010, Thomas Hummel wrote:


On Mon, Mar 22, 2010 at 02:47:45PM +0200, Timo Sirainen wrote:


Do you mean your maildirs are all in 0770  doveshared ? But it still
gives too much permission in general...Especially if your users can access
their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?


You don't need to put all users into doveshared group. You just need to
set mail_extra_groups=doveshared, so only Dovecot processes have such
extra access.


You lost me again : what's the use of the userdb " acl_groups" extra-field then 
?


acl_groups is for the logical "ACL"s in Dovecot and is just a name, it 
relates to nothing in the Unix world.


mail_extra_groups= is an Unix group, the Dovecot processes gets as 
secondary group.


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBS6dy67+Vh58GPL/cAQJGtQgAttzmmE6hOamBLfedG1IJNJaHrxXbYnvZ
3lRsg+h0pNzzRG21Pvcu2zsfYkT6Y8FZbR9yB57cE1qQ3kPyk+ZztN2d6UAozbVL
SDFG+tMpKQqHRR4zaj9zLUpd8SE81Zceo0tga8zVTiGtAWFrTu9vWuzQP9HsrWRO
lssxuvbGt3Vq4iAcR2tP3cZXCJP/jlKW+rSbbgGVTz1tJ6DvTkHL47CsZdwRE1Qk
usf7hNbDtoBLzUrQcoWFwBNSrD27JOPksEP2ulAf9UQFed9MJ7ekB6EYnVuxgtO9
sJ6btiWlx595x3OukGoet0EZF68x9PdwOvPZbrsO6U1hxcr+H8wQxg==
=ElAf
-END PGP SIGNATURE-

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Mon, Mar 22, 2010 at 02:47:45PM +0200, Timo Sirainen wrote:

> > Do you mean your maildirs are all in 0770  doveshared ? But it still
> > gives too much permission in general...Especially if your users can access
> > their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that 
> > ?
> 
> You don't need to put all users into doveshared group. You just need to
> set mail_extra_groups=doveshared, so only Dovecot processes have such
> extra access.

You lost me again : what's the use of the userdb " acl_groups" extra-field then 
?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 22 Mar 2010, Timo Sirainen wrote:


their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?


I don't have any other access than IMAP.



You don't need to put all users into doveshared group. You just need to
set mail_extra_groups=doveshared, so only Dovecot processes have such
extra access.


Ah, OK, that's worth trying.

My problems actually were related to the problem that either new messages 
or new folders were not chgrp()'ed to doveshared. However, my idea was to 
selectively chgrp shared folders only. I will dig again into this problem 
eventually, currently I ditched my test server.


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBS6dpGL+Vh58GPL/cAQLLXQf/dYbKnm8w+C7rOK2wAyEMxjko/ITp9TjJ
4bFH4cT/lD9KN3Rt6q2tg1f6kTbA9ROGUdAmZ1892eUh83xy58D02nNnjGZ/1Wvj
hrcopEqFqWnNSSZAYfuNPcmDLz4tqBT3sknuxavI95hOmb+AMuizC7rWEWpO3SqQ
69P+tqEiqwZeY4fuAfNVnaKU5vDU5I+XloBuVyv/dUVzC2H6oOldSsS5Lwx32aNR
3diXnR1g3g+f/x5AscwoVDhleQGifircOfId2pZMY3r5ZmF1Wl9fI7Psv0rp+B3q
R0EKq0j+4PdpSVRNiqhMQsR2UVF0FdoB3dC0fpZdK/OvnTA/VOMGCw==
=5Pgl
-END PGP SIGNATURE-

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Mon, 2010-03-22 at 11:05 +0100, Thomas Hummel wrote:

> On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote:
> 
> > My idea was to put everybody sharing folders and everybody, who may access 
> > shared folders, into the same group "doveshared", then leverage the 
> > Unix permissions, that this group may access the folders. So I do not need 
> > to use 0777 everywhere.

Oh, I got mixed you two up in my previous reply :)

> So basically, you get to the "single UID virtual users" solution but with GID,
> right ?
> 
> Do you mean your maildirs are all in 0770  doveshared ? But it still
> gives too much permission in general...Especially if your users can access
> their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?

You don't need to put all users into doveshared group. You just need to
set mail_extra_groups=doveshared, so only Dovecot processes have such
extra access.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Mon, Mar 22, 2010 at 11:51:26AM +0200, Timo Sirainen wrote:

> > My idea was to put everybody sharing folders and everybody, who may access
> > shared folders, into the same group "doveshared", then leverage the Unix
> > permissions, that this group may access the folders. So I do not need to use
> > 0777 everywhere.

> Yes, this is what I originally meant with "it's more difficult for system 
> users".

I get it Timo. But you seem to imply that virtual user setup == single shared
UID. In such a setup, isn't it mandatory not to give access to the mailboxes
by anything else than IMAP. If so, isn't it quite the same as 0777 with a
mail_location outside of user's reach (except through IMAP) ?

You maybe would you rely on filesystem acls to have a finer grain access 
control ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote:

> My idea was to put everybody sharing folders and everybody, who may access 
> shared folders, into the same group "doveshared", then leverage the 
> Unix permissions, that this group may access the folders. So I do not need 
> to use 0777 everywhere.

So basically, you get to the "single UID virtual users" solution but with GID,
right ?

Do you mean your maildirs are all in 0770  doveshared ? But it still
gives too much permission in general...Especially if your users can access
their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?

> Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working 
> reliable, when mails are dropped with Deliver and APPEND, and when the 
> MUA creates new (sub-)folders?

Well, it was still a theorical question. I haven't really tried anything yet.
Also, I'm not using deliver (I know I should) but procmail.

But since for me mail_location is not accessible for users by anything else
than IMAP, loose permissions may not be such a critical issue...

Besides, I was thinking of creating as many groups (similar in purpose to your
doveshared one) as needs to share a mailbox, if and only if I could somehow
restrict (politically I mean) the use of shared mailboxes to "privileged" users
(for instance a unit chief and his assistant, ...). Not really scalable I'm
afraid though

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On 22.3.2010, at 11.25, Steffen Kaiser wrote:

> On Fri, 19 Mar 2010, Thomas Hummel wrote:
> 
>> Ok, but I still don't quite get it : if you use the same UID, doesn't this
>> somehow equates giving something like 777 modes in the system user case ? (I
>> mean on an OS level, problems related to such loose permission are the same
>> and, if in 777, permissions are no longer a problem for dovecot) ?
> 
> I tried to hack some magic into Dovecot v1.2, in order to use system users 
> with the default 0700 perms and ACLs.
> 
> My idea was to put everybody sharing folders and everybody, who may access 
> shared folders, into the same group "doveshared", then leverage the Unix 
> permissions, that this group may access the folders. So I do not need to use 
> 0777 everywhere.

Yes, this is what I originally meant with "it's more difficult for system 
users".

> In fact, I was not able to find a reliable way to get the Unix-permissions 
> right for new mails. Maybe this was because I didn't set ".dovecot-shared" or 
> the Unix-permission of the Maildir base directory right.

The new files copy the permissions from the mailbox's root directory (and when 
mailbox directory is created, its permissions are copied from maildir root). So 
you should basically do something like:

find /mails -type d | chgrp doveshared
find /mails -type d | chmod 0770

> I also got fchown() errors for shared mailboxes with write access to 
> non-owners.

Well, this I'm not sure about.. I think fchown() is only called when new files 
are created. So I guess the process didn't belong to doveshared group? 
(mail_extra_groups=doveshared would help)

> Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working 
> reliable, when mails are dropped with Deliver and APPEND, and when the MUA 
> creates new (sub-)folders?

It should work the same as with 0770, i.e. permissions are copied the same way.

Re: [Dovecot] Shared mailboxes basics

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 19 Mar 2010, Thomas Hummel wrote:


Ok, but I still don't quite get it : if you use the same UID, doesn't this
somehow equates giving something like 777 modes in the system user case ? (I
mean on an OS level, problems related to such loose permission are the same
and, if in 777, permissions are no longer a problem for dovecot) ?


I tried to hack some magic into Dovecot v1.2, in order to use system users 
with the default 0700 perms and ACLs.


My idea was to put everybody sharing folders and everybody, who may access 
shared folders, into the same group "doveshared", then leverage the 
Unix permissions, that this group may access the folders. So I do not need 
to use 0777 everywhere.


In fact, I was not able to find a reliable way to get the Unix-permissions 
right for new mails. Maybe this was because I didn't set ".dovecot-shared" 
or the Unix-permission of the Maildir base directory right.


I also got fchown() errors for shared mailboxes with write access to 
non-owners.


Because of this I dropped the idea to use system users with ACLs.

Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working 
reliable, when mails are dropped with Deliver and APPEND, and when the 
MUA creates new (sub-)folders?


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBS6c3nL+Vh58GPL/cAQIjBgf+IS5agBER7xrbNiHtxe+UPq3Xm4coeGAH
DAYsvhATIDoc26knA/NAaCf2ypH+QmddelhIkFhPy+JRLa9qmWd69W9/FRw8x8pe
Cpauds/Lwh/iH+apybECB4z5sQ6NZPYZoHJeEidKI/MZeaFnULO2ZDBVcSLK5X14
SmZC2Ji4plz8QPIRa671ZkTmAItViTBho8KTIDny/eJdFX6Acz0L6kLLUek7LrhW
4WpJCPfJ4+lTJE5Zjr7INZiX/2QXW7wp24/sq1j2C9Sd0fZawN3J45a3AKtcx1QW
LsfXH1J6FpvaLfNg+uIesYxwuACwbeWoMm0CZLyjgPnfXOGLErECuA==
=5dks
-END PGP SIGNATURE-

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Fri, 2010-03-19 at 22:14 +0100, Thomas Hummel wrote:

> Get it. So I guess the recommended method to "make the share mailboxes 
> visible"
> is to talk IMAP (through telnet for instance) and not trying to suppose
> anything about the shared-mailbox file format and try to hack it directly,
> right ?

Right. Note that you could also do things like:

printf "1 setacl blah\n2 logout\n" | dovecot --exec-mail imap

(assuming environment is setup properly, USER=username being the most
important)


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Fri, 2010-03-19 at 22:09 +0100, Thomas Hummel wrote:
> On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote:
> 
> Thanks for your answer Timo.
> 
> > > a) I wonder if TB even support the SETACL command since I don't see how I 
> > > can
> > >modify an ACL through the TB UI.
> > 
> > It doesn't.
> 
> Ouch! What known UA does support it ? 

Mulberry, Kolab, some webmail plugins maybe.

> What's the point of supporting only GETACL ?

I guess it just shows nicely what mailboxes are shared.

> I guess this means that if users
> run this client, shared mailboxes have to be managed by an administrator, 
> right
> ?

Or some custom web interface.

> > Yes, they're basically the same. But in that context "easier for virtual
> > users" means "easier if all your users use the same uid", since most
> > people use the same uid for virtual users.. (I don't think wiki confuses
> > these two things?)
> 
> Ok, but I still don't quite get it : if you use the same UID, doesn't this
> somehow equates giving something like 777 modes in the system user case ? (I
> mean on an OS level, problems related to such loose permission are the same
> and, if in 777, permissions are no longer a problem for dovecot) ?

Pretty much. But 0777 permissions are somewhat worse for security than
just giving a single shared uid 0700 permissions. :) So there's nothing
magical about virtual users making this easier. It's just that most
people wouldn't like using 0777/0666 permissions for all mails..


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote:

> Yes, because SETACL updates also the shared-mailbox file, which contains
> information about what mailboxes are visible to who. Without that,
> Dovecot would have to look through all users all mailboxes to see if
> there happens to be any dovecot-acl files that contains rules for
> current user, which of course would be really slow.

Get it. So I guess the recommended method to "make the share mailboxes visible"
is to talk IMAP (through telnet for instance) and not trying to suppose
anything about the shared-mailbox file format and try to hack it directly,
right ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Fri, Mar 19, 2010 at 09:11:32PM +0200, Timo Sirainen wrote:

Thanks for your answer Timo.

> > a) I wonder if TB even support the SETACL command since I don't see how I 
> > can
> >modify an ACL through the TB UI.
> 
> It doesn't.

Ouch! What known UA does support it ? 

What's the point of supporting only GETACL ? I guess this means that if users
run this client, shared mailboxes have to be managed by an administrator, right
?

> Yes, they're basically the same. But in that context "easier for virtual
> users" means "easier if all your users use the same uid", since most
> people use the same uid for virtual users.. (I don't think wiki confuses
> these two things?)

Ok, but I still don't quite get it : if you use the same UID, doesn't this
somehow equates giving something like 777 modes in the system user case ? (I
mean on an OS level, problems related to such loose permission are the same
and, if in 777, permissions are no longer a problem for dovecot) ?

Thanks.

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes basics

[Timo Sirainen]

On Fri, 2010-03-19 at 17:27 +0100, Thomas Hummel wrote:

> a) I wonder if TB even support the SETACL command since I don't see how I can
>modify an ACL through the TB UI.

It doesn't.

> b) For things to work, I had to set up loose permissions on the maildirs and
> the shared-mailbox file. I've read on this list (from the 1.2 beta days) that
> it is supposed to be easier with virtual user (as opposed to system users) :
> why ? mailboxes end up being on the filesystem anyway...
> 
> In fact, I don't really understand the difference between virtual and system
> users...Aren't they seen as almost the same for dovecot ?

Yes, they're basically the same. But in that context "easier for virtual
users" means "easier if all your users use the same uid", since most
people use the same uid for virtual users.. (I don't think wiki confuses
these two things?)

> c) What's weird also is if I put a "dovecot-acl" file in a maildir I want to
> share, TB does not see it. But if I telnet and issue the SETACL command which
> end up generating the same dovecot-acl file, TB then sees the shared 
> mailbox...

Yes, because SETACL updates also the shared-mailbox file, which contains
information about what mailboxes are visible to who. Without that,
Dovecot would have to look through all users all mailboxes to see if
there happens to be any dovecot-acl files that contains rules for
current user, which of course would be really slow.

Maybe for v2.0 I could add doveadm acl command to help with these
things.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes basics

[Thomas Hummel]

On Thu, Mar 18, 2010 at 05:50:44PM +0100, Thomas Hummel wrote:

> But isn't a client like Thunderbird (3.0.3) supposed to 
> 
>   . show me the #shared (even if no one shares mailboxes to me) "folder" 
> (because of list = yes )?
> 
>   . let me share, let's say the .sous.arbo mailbox ? If yes, how ? Or should 
> I first pre-set some acl files ???
> 
> For now, it says : "This is a personnal mail folder. It is not shared."

I made some progress and managed to share a mailbox with my setup but :

a) I wonder if TB even support the SETACL command since I don't see how I can
   modify an ACL through the TB UI.


b) For things to work, I had to set up loose permissions on the maildirs and
the shared-mailbox file. I've read on this list (from the 1.2 beta days) that
it is supposed to be easier with virtual user (as opposed to system users) :
why ? mailboxes end up being on the filesystem anyway...

In fact, I don't really understand the difference between virtual and system
users...Aren't they seen as almost the same for dovecot ?


c) What's weird also is if I put a "dovecot-acl" file in a maildir I want to
share, TB does not see it. But if I telnet and issue the SETACL command which
end up generating the same dovecot-acl file, TB then sees the shared mailbox...

Timo ?

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes do not support subfolders

[Frank Cusack]

On December 29, 2009 12:06:06 AM +0100 Nick Rosier  
wrote:

Shared as in user-shared mailboxes. I think it was a mailclient (TB)
problem. After subscribing from webmail (roundcube) I'm able  to see
them. I will do some more testing to see if I can reproduce.


Did you read the bottom of ?  Maybe the
dovecot-acl-list file needed to be refreshed and somehow this happened.

Re: [Dovecot] Shared mailboxes do not support subfolders

[Nick Rosier]

Frank Cusack wrote:
On December 28, 2009 4:44:45 PM +0100 Nick Rosier 
 wrote:

Hi,

I'm currently running Dovecot 1.2.8 with dbox mailboxes. I've configured
the use of shared mailboxes. I'm able to only see the top-level 
mailboxes:

e.g.
Inbox
LogWatch
Trash
Sent

but not
LogWatch/Server1
LogWatch/Server2

Is this a know limitation of a bug? 


If by shared you mean public, subfolders (with maildir) works for me. 
Shared as in user-shared mailboxes. I think it was a mailclient (TB) 
problem. After subscribing from webmail (roundcube) I'm able  to see 
them. I will do some more testing to see if I can reproduce.


N.

Re: [Dovecot] Shared mailboxes do not support subfolders

[Frank Cusack]

On December 28, 2009 4:44:45 PM +0100 Nick Rosier  
wrote:

Hi,

I'm currently running Dovecot 1.2.8 with dbox mailboxes. I've configured
the use of shared mailboxes. I'm able to only see the top-level mailboxes:
e.g.
Inbox
LogWatch
Trash
Sent

but not
LogWatch/Server1
LogWatch/Server2

Is this a know limitation of a bug?


If by shared you mean public, subfolders (with maildir) works for me.

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Timo Sirainen]

On Tue, 2009-11-24 at 00:22 +0100, Alexander 'Leo' Bergolth wrote:
> If Shared/spamrep/ contains cur/, new/ and tmp/, I'd suspect that
> dovecot should display Shared/spamrep as a folder but not Shared. Why is
> Shared/ also missing the \Noselect attribute?

I suppose it's a bug. Two-level namespace prefixes haven't been tested
much. I'll see about getting it fixed.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Alexander 'Leo' Bergolth]

On 11/23/2009 11:05 PM, Timo Sirainen wrote:
> On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote:
>>> Also do you have
>>> a /var/spool/mail/Shared/spamrep/cur/ directory?
>> Yes:
>> # ls -ld /var/spool/mail/Shared/spamrep/cur
>> drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02
>> /var/spool/mail/Shared/spamrep/cur
> 
> That's the reason this happens. Anything inside it? Probably not? Just
> rmdir it and new/ and tmp/.

Now that I removed the cur folder from Shared/spamrep, everything works
fine. But could you shed some light on this?

If Shared/spamrep/ contains cur/, new/ and tmp/, I'd suspect that
dovecot should display Shared/spamrep as a folder but not Shared. Why is
Shared/ also missing the \Noselect attribute?

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Alexander 'Leo' Bergolth]

On 11/23/2009 11:05 PM, Timo Sirainen wrote:
> On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote:
>>> Also do you have
>>> a /var/spool/mail/Shared/spamrep/cur/ directory?
>> Yes:
>> # ls -ld /var/spool/mail/Shared/spamrep/cur
>> drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02
>> /var/spool/mail/Shared/spamrep/cur
> 
> That's the reason this happens. Anything inside it? Probably not? Just
> rmdir it and new/ and tmp/.

That did it. Many thanks!

--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Timo Sirainen]

On Mon, 2009-11-23 at 22:56 +0100, Alexander 'Leo' Bergolth wrote:
> > Also do you have
> > a /var/spool/mail/Shared/spamrep/cur/ directory?
> 
> Yes:
> # ls -ld /var/spool/mail/Shared/spamrep/cur
> drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02
> /var/spool/mail/Shared/spamrep/cur

That's the reason this happens. Anything inside it? Probably not? Just
rmdir it and new/ and tmp/.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Alexander 'Leo' Bergolth]

On 11/23/2009 09:51 PM, Timo Sirainen wrote:
> On Mon, 2009-11-23 at 21:39 +0100, Alexander 'Leo' Bergolth wrote:
>> 16 list "" "%"
>>
>> ... and dovecot returns "Shared" without \Noselect:
>>
>> * LIST (\HasChildren) "/" "Shared"
>>
>> Is there a way to tell dovecot that this is only the base of my
>> namespaces and that it should include a \Noselect attribute?
> 
> In my tests it shows \Noselect.. So something's different with you. What
> does it show if you do 1 LIST "" "Shared*"?

 8< 
1 LIST "" "Shared*"
* LIST (\HasChildren) "/" "Shared/spamrep"
* LIST (\HasNoChildren) "/" "Shared/spamrep/INBOX"
* LIST (\HasNoChildren) "/" "Shared/spamrep/ham"
* LIST (\HasNoChildren) "/" "Shared/spamrep/spam-netreport"
* LIST (\HasNoChildren) "/" "Shared/spamrep/spam"
* LIST (\HasNoChildren) "/" "Shared/spamrep/tmp"
 8< 

LIST "" "*" shows:
 8< 
[...]
* LIST (\NoInferiors \Marked) "/" "INBOX"
* LIST (\HasChildren) "/" "Shared/spamrep"
* LIST (\HasNoChildren) "/" "Shared/spamrep/INBOX"
* LIST (\HasNoChildren) "/" "Shared/spamrep/ham"
[...]
 8< 

(without Shared/)

... but LIST "" "%" shows:
 8< 
[...]
* LIST (\NoInferiors \Marked) "/" "INBOX"
* LIST (\HasChildren) "/" "Shared"
1 OK List completed.
 8< 

> Also do you have
> a /var/spool/mail/Shared/spamrep/cur/ directory?

Yes:
# ls -ld /var/spool/mail/Shared/spamrep/cur
drwxrws--- 2 nobody spamrep 6 2009-11-23 16:02
/var/spool/mail/Shared/spamrep/cur

I am using dovecot 1.2.8:
# rpm -q dovecot
dovecot-1.2.8-0_103.fc10.i386
(From ATrpms: http://atrpms.net/dist/f10/dovecot/ )

I have attached the environment captured at the end of the post-login
script.

Thanks,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Timo Sirainen]

On Mon, 2009-11-23 at 21:39 +0100, Alexander 'Leo' Bergolth wrote:
> 16 list "" "%"
> 
> ... and dovecot returns "Shared" without \Noselect:
> 
> * LIST (\HasChildren) "/" "Shared"
> 
> Is there a way to tell dovecot that this is only the base of my
> namespaces and that it should include a \Noselect attribute?

In my tests it shows \Noselect.. So something's different with you. What
does it show if you do 1 LIST "" "Shared*"? Also do you have
a /var/spool/mail/Shared/spamrep/cur/ directory?



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Alexander 'Leo' Bergolth]

On 11/23/2009 07:27 PM, Timo Sirainen wrote:
> On Mon, 2009-11-23 at 19:19 +0100, Alexander 'Leo' Bergolth wrote:
>> Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, 
>> prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, 
>> subscriptions=no
> 
> See if using type=public works better. type=shared namespace is kind of
> a special case used to access other users' mailboxes.

Yes, thanks! type=public works fine.

Another problem is that with dovecot 1.2, Thunderbird shows "Shared"
(the folder that contains all of my dynamically added namespaces) as a
real folder, not grey and italic as before.
When selecting it, the following message pops up:
"The current command did not succeed. The mail server responded:
[NONEXISTENT] Mailbox doesn't exist: Shared."

Before the dovecot update, Thunderbird didn't show Shared as a real
folder, it was greyed out and selecting it didn't cause an IMAP "SELECT"
command.

Looking at the imap traffic, thunderbird does a

16 list "" "%"

... and dovecot returns "Shared" without \Noselect:

* LIST (\HasChildren) "/" "Shared"

Is there a way to tell dovecot that this is only the base of my
namespaces and that it should include a \Noselect attribute?

Thanks,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Timo Sirainen]

On Mon, 2009-11-23 at 19:19 +0100, Alexander 'Leo' Bergolth wrote:
> Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, 
> prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no

See if using type=public works better. type=shared namespace is kind of
a special case used to access other users' mailboxes.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Alexander 'Leo' Bergolth]

On 11/23/2009 06:28 PM, Timo Sirainen wrote:
> On Mon, 2009-11-23 at 17:03 +0100, Alexander 'Leo' Bergolth wrote:
>> However now that I've upgraded to 1.2.8, I cannot create subfolders
>> anymore. The server responds with "NO Invalid mailbox name:
>> test/testsub". The hierarchy separator for the namespaces is / because I
>> am mixing maildir and mbox namespaces and list=yes.
>>
>> The details:
>> I am using a post-login script (attached) that detects all subfolders of
>> /var/spool/mail/Shared for which the current user has at least read
>> access. For every subfolder, it creates a separate namespace with the
>> prefix Shared/. The shared mailbox trees are in maildir format.
> 
> Are you setting the hierarchy separator in environment for the other
> created namespaces? It sounds like you aren't. Looking at logs with
> mail_debug=yes would verify.

Yes, I am. I am using 
  $ENV{"NAMESPACE_${nr}_SEP"}= "/";
... in the post-login script.

The debug log says:
 8< 
Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=private, prefix=, 
sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
Nov 23 19:10:15 strike dovecot: IMAP(leo): mbox: data=~/mail:INBOX=/var/mail/leo
Nov 23 19:10:15 strike dovecot: IMAP(leo): fs: root=/home/leo/mail, index=, 
control=, inbox=/var/mail/leo
Nov 23 19:10:15 strike dovecot: IMAP(leo): Namespace: type=shared, 
prefix=Shared/spamrep/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no
Nov 23 19:10:15 strike dovecot: IMAP(leo): maildir: 
data=/var/spool/mail/Shared/spamrep:CONTROL=~/Maildir/control/Shared/spamrep:INDEX=~/Maildir/index/Share
d/spamrep
Nov 23 19:10:15 strike dovecot: IMAP(leo): maildir++: 
root=/var/spool/mail/Shared/spamrep, 
index=/home/leo/Maildir/index/Shared/spamrep, 
control=/home/leo/Maildir/control/Shared/spamrep, inbox=
 8< 

Trying to create Shared/spamrep/test/testsub fails for example...

Cheers,
--leo
-- 
e-mail   ::: Leo.Bergolth (at) wu.ac.at   
fax  ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

Re: [Dovecot] shared mailboxes using namespaces in 1.2

[Timo Sirainen]

On Mon, 2009-11-23 at 17:03 +0100, Alexander 'Leo' Bergolth wrote:
> However now that I've upgraded to 1.2.8, I cannot create subfolders
> anymore. The server responds with "NO Invalid mailbox name:
> test/testsub". The hierarchy separator for the namespaces is / because I
> am mixing maildir and mbox namespaces and list=yes.
> 
> The details:
> I am using a post-login script (attached) that detects all subfolders of
> /var/spool/mail/Shared for which the current user has at least read
> access. For every subfolder, it creates a separate namespace with the
> prefix Shared/. The shared mailbox trees are in maildir format.

Are you setting the hierarchy separator in environment for the other
created namespaces? It sounds like you aren't. Looking at logs with
mail_debug=yes would verify.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes and INBOX

[Timo Sirainen]

On Wed, 2009-07-29 at 17:50 +0100, Keith Edmunds wrote:
> namespace:
>   type: shared
>   separator: /
>   prefix: security/
>   location:
> maildir:/home/securitymailbox/Maildir:INDEX=~/Maildir/securitymailbox

Well, fine, if everyone really wants to have these one-mailbox
namespaces, this enables them:

http://hg.dovecot.org/dovecot-1.2/rev/13fa572535f0

If you don't want to patch, make the security mailbox under another
namespace, e.g. shared/security.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues? [partly solved]

[Timo Sirainen]

On Tue, 2009-01-20 at 19:07 +0100, Wilhelm Meier wrote:
> Other question: is it save with respect to dovecot to remove 
> the "T"-flagged messages in the maildir, e.g. per inotify? Yes, this 
> is a hack, I know.

Yes, it's safe. Although if you're using quota it's not updated then.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes support status

[Timo Sirainen]

On Thu, 2009-01-22 at 14:11 +0100, Thomas Hummel wrote:
> On Wed, Jan 21, 2009 at 08:57:40PM +0100, Robert Schetterer wrote:
> 
> > > I guess part of the answer is in the diffences between shared and public
> > > namespaces handling.
> > 
> > yes and imap_acls
> 
> My understanding of rfc2342 and dovecot is that :
> 
> personnal namespace == private malboxes == mailboxes one's own
> other user's namespace == shared mailboxes == mailboxes one's own and somone 
> else has access to
> shared namespace == public mailboxes == mailboxes everybody or only some user 
> has
> access to but which don't belong to a particular user
> 
> My understanding is that 1.1. support only personnal and shared namespaces (as
> defined in rfc2342) Am I correct ?

Yes. And too bad RFC 2342 used "shared namespace" naming for public
namespace. Even its examples at the end use #shared/ for other users'
namespace and #public/ for "shared namespace". I hadn't actually even
realized before that it used this kind of naming. Maybe we could simply
not use its naming at all, since I think Dovecot's private/shared/public
names are much more understandable :)

> Is the difference, feature wise, between 1.1. and 1.2, just the addition of
> shared namespaces in 1.2, and maybe, as you said ACLs ?
> 
> What's changed regarding ACL ?

The addition is the ability for normal users to share their mailboxes to
other users using IMAP ACL commands. v1.1 doesn't have any of this, only
sysadmin can set up shared mailboxes.

> In short : what exactly are the difference (at a feature level, not a coding
> level) between 1.1. and 1.2 regarding those concepts ? And is the support in
> 1.1. of personnal and shared namespace (as in rfc2342) stable ?

Dovecot's private and public namespaces behave nearly identically, so
yes, those are stable.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared mailboxes support status

[Thomas Hummel]

On Wed, Jan 21, 2009 at 08:57:40PM +0100, Robert Schetterer wrote:

> > I guess part of the answer is in the diffences between shared and public
> > namespaces handling.
> 
> yes and imap_acls

My understanding of rfc2342 and dovecot is that :

personnal namespace == private malboxes == mailboxes one's own
other user's namespace == shared mailboxes == mailboxes one's own and somone 
else has access to
shared namespace == public mailboxes == mailboxes everybody or only some user 
has
access to but which don't belong to a particular user

My understanding is that 1.1. support only personnal and shared namespaces (as
defined in rfc2342) Am I correct ?

Is the difference, feature wise, between 1.1. and 1.2, just the addition of
shared namespaces in 1.2, and maybe, as you said ACLs ?

What's changed regarding ACL ?

In short : what exactly are the difference (at a feature level, not a coding
level) between 1.1. and 1.2 regarding those concepts ? And is the support in
1.1. of personnal and shared namespace (as in rfc2342) stable ?


Thanks.

-- 
Thomas Hummel   | Institut Pasteur
 | Pôle informatique - systèmes et réseau

Re: [Dovecot] Shared mailboxes support status

[Robert Schetterer]

Thomas Hummel schrieb:
> Hello Timo,
> 
> I'm running dovecot-1.1.8 and I'm about to play with namespaces and shared
> mailboxes.
> 
> I've read on the list that the Kolab people did contribute to that, and I read
> at http://dovecot.org/doc/NEWS-1.2
> 
>   "+ Full support for shared mailboxes and IMAP ACL extension."
> 
> I'd like to know the differences between shared mailboxes support between 1.1.
> and 1.2 branches and if it may be considered "safe" to use shared mailboxes on
> a production server running 1.1.8+ dovecot version (i.e. is it working and 
> how,
> compared to the upcoming 1.2 release).
> 

> I guess part of the answer is in the diffences between shared and public
> namespaces handling.

yes and imap_acls

> 
> Thanks
> 

1.2 latest works nice with shared namespace
and imap_acls over horde/imp works nice too
but the code mutates a lot at present
cause its only alpha stage for now
but its great coding work !!!

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues? [partly solved]

[Wilhelm Meier]

Am Dienstag 20 Januar 2009 schrieb Timo Sirainen:
> On Tue, 2009-01-20 at 07:21 +0100, Wilhelm Meier wrote:
> > Hi,
> >
> > Am Montag 19 Januar 2009 schrieb Timo Sirainen:
> > > On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote:
> > > > kmail instead seems to have some problems: if I save a mail
> > > > into the shared-folder, the other users are seeing this new
> > > > mail almost immediately. But if I delete(!) a mail from the
> > > > shared-folder, the list of the other kmails remains untouch.
> > > > Refreshing does nothing. I have to close kmail and restart.
> > > >
> > > > Is this related to some sort of wrong config of the shared
> > > > mailboxes or is this a (known) dovecot <-> kmail problem?
> > >
> > > My guess is that kmail assumes it's the only client accessing
> > > the mailbox and doesn't bother handling IMAP notifications
> > > about expunged messages.
> >
> > If I delete the mail via kmail, the mail gets the "T" flag, but
> > the mail-file remains there and the other kmail shows the mail
> > (strange?). If I afterwards open the mailfolder via e.g.
> > squirrelmail, the mail-file gets deleted, and it vanishes from
> > the kmail list, if I refresh the view in kmail.
>
> OK, so what you're saying is that you're only marking messages with
> \Deleted flag, you're not really expunging them from disk. And
> kmail ignores flag changes done by other clients (or does it see if
> another client changes e.g. \Seen flag?) kmail notices the EXPUNGEs
> anyway.
>
> So what the kmail users would need to do is to trigger the EXPUNGE
> using kmail somehow, there's probably a "expunge", "compact" or
> something like that somewhere.

Thanks for this hint: the problem is partly solved: kmail has a 
flag "auto-expunge". I set this to true and then kmail asynchronously 
does the expunge. It seems that selecting INBOX in kmail triggers 
this event. Refreshing the folder or retrieving new messages doesn't!

Other question: is it save with respect to dovecot to remove 
the "T"-flagged messages in the maildir, e.g. per inotify? Yes, this 
is a hack, I know.

> > The difference is, that squirrelmail does a login/logout every
> > time it looks for mails. kmail stays logged in.
>
> What squirrelmail probably does is a real EXPUNGE instead of only
> marking the messages as \Deleted.

-- 
Wilhelm

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues?

[Timo Sirainen]

On Tue, 2009-01-20 at 07:21 +0100, Wilhelm Meier wrote:
> Hi,
> 
> Am Montag 19 Januar 2009 schrieb Timo Sirainen:
> > On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote:
> > > kmail instead seems to have some problems: if I save a mail into
> > > the shared-folder, the other users are seeing this new mail
> > > almost immediately. But if I delete(!) a mail from the
> > > shared-folder, the list of the other kmails remains untouch.
> > > Refreshing does nothing. I have to close kmail and restart.
> > >
> > > Is this related to some sort of wrong config of the shared
> > > mailboxes or is this a (known) dovecot <-> kmail problem?
> >
> > My guess is that kmail assumes it's the only client accessing the
> > mailbox and doesn't bother handling IMAP notifications about
> > expunged messages.
> 
> If I delete the mail via kmail, the mail gets the "T" flag, but the 
> mail-file remains there and the other kmail shows the mail 
> (strange?). If I afterwards open the mailfolder via e.g. 
> squirrelmail, the mail-file gets deleted, and it vanishes from the 
> kmail list, if I refresh the view in kmail.

OK, so what you're saying is that you're only marking messages with
\Deleted flag, you're not really expunging them from disk. And kmail
ignores flag changes done by other clients (or does it see if another
client changes e.g. \Seen flag?) kmail notices the EXPUNGEs anyway.

So what the kmail users would need to do is to trigger the EXPUNGE using
kmail somehow, there's probably a "expunge", "compact" or something like
that somewhere.

> The difference is, that squirrelmail does a login/logout every time it 
> looks for mails. kmail stays logged in.

What squirrelmail probably does is a real EXPUNGE instead of only
marking the messages as \Deleted.


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues?

[Wilhelm Meier]

Am Dienstag 20 Januar 2009 schrieb Wilhelm Meier:
> Hi,
>
> Am Montag 19 Januar 2009 schrieb Timo Sirainen:
> > On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote:
> > > kmail instead seems to have some problems: if I save a mail
> > > into the shared-folder, the other users are seeing this new
> > > mail almost immediately. But if I delete(!) a mail from the
> > > shared-folder, the list of the other kmails remains untouch.
> > > Refreshing does nothing. I have to close kmail and restart.
> > >
> > > Is this related to some sort of wrong config of the shared
> > > mailboxes or is this a (known) dovecot <-> kmail problem?
> >
> > My guess is that kmail assumes it's the only client accessing the
> > mailbox and doesn't bother handling IMAP notifications about
> > expunged messages.
>
> If I delete the mail via kmail, the mail gets the "T" flag, but the
> mail-file remains there and the other kmail shows the mail
> (strange?). If I afterwards open the mailfolder via e.g.
> squirrelmail, the mail-file gets deleted, and it vanishes from the
> kmail list, if I refresh the view in kmail.
>
> The difference is, that squirrelmail does a login/logout every time
> it looks for mails. kmail stays logged in.
>
> Is this a bug in kmail not to expunge the mail-file? If I manually
> remove the mail-file, kmail is fine!

A "strange" workaround comes into mind, since our shared mail-folders 
are usually small in message-numbers: 

setup inotify to delete all "T"-flagged files.

Would this be ok with dovecot? 

Or can I trigger dovecot (sending a signal or so) to do this?

-- 
Wilhelm

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues?

[Wilhelm Meier]

Hi,

Am Montag 19 Januar 2009 schrieb Timo Sirainen:
> On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote:
> > kmail instead seems to have some problems: if I save a mail into
> > the shared-folder, the other users are seeing this new mail
> > almost immediately. But if I delete(!) a mail from the
> > shared-folder, the list of the other kmails remains untouch.
> > Refreshing does nothing. I have to close kmail and restart.
> >
> > Is this related to some sort of wrong config of the shared
> > mailboxes or is this a (known) dovecot <-> kmail problem?
>
> My guess is that kmail assumes it's the only client accessing the
> mailbox and doesn't bother handling IMAP notifications about
> expunged messages.

If I delete the mail via kmail, the mail gets the "T" flag, but the 
mail-file remains there and the other kmail shows the mail 
(strange?). If I afterwards open the mailfolder via e.g. 
squirrelmail, the mail-file gets deleted, and it vanishes from the 
kmail list, if I refresh the view in kmail.

The difference is, that squirrelmail does a login/logout every time it 
looks for mails. kmail stays logged in.

Is this a bug in kmail not to expunge the mail-file? If I manually 
remove the mail-file, kmail is fine!

-- 
Wilhelm

Re: [Dovecot] Shared Mailboxes (symlink) and kmail: known issues?

[Timo Sirainen]

On Mon, 2009-01-19 at 18:32 +0100, Wilhelm Meier wrote:
> kmail instead seems to have some problems: if I save a mail into the 
> shared-folder, the other users are seeing this new mail almost 
> immediately. But if I delete(!) a mail from the shared-folder, the 
> list of the other kmails remains untouch. Refreshing does nothing. I 
> have to close kmail and restart.
> 
> Is this related to some sort of wrong config of the shared mailboxes 
> or is this a (known) dovecot <-> kmail problem?

My guess is that kmail assumes it's the only client accessing the
mailbox and doesn't bother handling IMAP notifications about expunged
messages.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes in 1.2 question

[Sascha Wilde]

Timo Sirainen <[EMAIL PROTECTED]> writes:

> On Thu, 2008-10-09 at 13:11 +0300, Timo Sirainen wrote:
>> So it's still missing the "users who have mailboxes shared to you"
>> discovery missing.
>
> http://dovecot.org/list/dovecot/2006-October/017082.html lists some
> options for how to implement that.
>
> I guess the dictionary way would work, although if it gets desynced with
> the ACL files (or completely corrupted), it may be difficult to get it
> back to sync unless it's able to rebuild the database.

Thanks for all the useful input, we'll get back to it as soon as we
start to work on this.

cheers
sascha
-- 
Sascha Wilde  OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


pgpfGE1QpjQ3A.pgp
Description: PGP signature

Re: [Dovecot] shared mailboxes in 1.2 question

[Timo Sirainen]

On Thu, 2008-10-09 at 13:11 +0300, Timo Sirainen wrote:
> So it's still missing the "users who have mailboxes shared to you"
> discovery missing.

http://dovecot.org/list/dovecot/2006-October/017082.html lists some
options for how to implement that.

I guess the dictionary way would work, although if it gets desynced with
the ACL files (or completely corrupted), it may be difficult to get it
back to sync unless it's able to rebuild the database.



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes in 1.2 question

[Timo Sirainen]

On Thu, 2008-10-09 at 12:28 +0300, Timo Sirainen wrote:
> On Thu, 2008-10-09 at 10:03 +0200, Sascha Wilde wrote:
> > It seems to work now for subscribing and selecting (and therefor for
> > lsub and fetch) -- but LIST still bails out:
> > 
> > l2 list "" "*"
> > * LIST (\HasChildren) "/" "INBOX"
> > * LIST (\HasNoChildren) "/" "INBOX/Calendar"
> > * LIST (\HasNoChildren) "/" "INBOX/Contacts"
> > * LIST (\HasNoChildren) "/" "INBOX/Journal"
> > * LIST (\HasNoChildren) "/" "INBOX/Notes"
> > * LIST (\HasNoChildren) "/" "INBOX/Tasks"
> > * LIST (\HasNoChildren) "/" "INBOX/bla"
> > l2 NO Unknown internal list error
> > 
> > This happens as soon as dovecot stumbles upon the shared namespace, so
> > that other public name spaces, which otherwise work, are affected, too.
> 
> Right, that's intentional. You could set list=no to that namespace to
> avoid the error, or implement the listing code. :)

Well, I changed it a bit anyway since it seems to work slightly better
when it doesn't return an error:
http://hg.dovecot.org/dovecot-1.2/rev/d30f0525d457

1 list "" s/%
1 OK List completed.

2 list "" s/test/%
* LIST (\HasNoChildren) "/" "s/test/INBOX"
* LIST (\HasChildren) "/" "s/test/hello"
2 OK List completed.

3 list "" s/%
* LIST (\Noselect \HasChildren) "/" "s/test"
3 OK List completed.

So it's still missing the "users who have mailboxes shared to you"
discovery missing. I guess the easiest way to implement that would be to
find those out at startup and create a namespace for all such users
immediately. A better performing way would be to delay the namespace
creation until the mailboxes are actually accessed and just have
shared-list.c's LIST code list those users (with some kind of caching).


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes in 1.2 question

[Sascha Wilde]

Timo Sirainen <[EMAIL PROTECTED]> writes:
> On Thu, 2008-10-09 at 10:03 +0200, Sascha Wilde wrote:
>> It seems to work now for subscribing and selecting (and therefor for
>> lsub and fetch) -- but LIST still bails out:
>> 
>> l2 list "" "*"
>> * LIST (\HasChildren) "/" "INBOX"
>> * LIST (\HasNoChildren) "/" "INBOX/Calendar"
>> * LIST (\HasNoChildren) "/" "INBOX/Contacts"
>> * LIST (\HasNoChildren) "/" "INBOX/Journal"
>> * LIST (\HasNoChildren) "/" "INBOX/Notes"
>> * LIST (\HasNoChildren) "/" "INBOX/Tasks"
>> * LIST (\HasNoChildren) "/" "INBOX/bla"
>> l2 NO Unknown internal list error
>> 
>> This happens as soon as dovecot stumbles upon the shared namespace, so
>> that other public name spaces, which otherwise work, are affected, too.
>
> Right, that's intentional. You could set list=no to that namespace

Ah, that makes sence, thanks for the hint.

> to avoid the error, or implement the listing code. :)

Thats what we will do...  ;-)

cheers
sascha
-- 
Sascha Wilde  OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


pgpfIv7VRtA6A.pgp
Description: PGP signature

Re: [Dovecot] shared mailboxes in 1.2 question

[Timo Sirainen]

On Thu, 2008-10-09 at 10:03 +0200, Sascha Wilde wrote:
> It seems to work now for subscribing and selecting (and therefor for
> lsub and fetch) -- but LIST still bails out:
> 
> l2 list "" "*"
> * LIST (\HasChildren) "/" "INBOX"
> * LIST (\HasNoChildren) "/" "INBOX/Calendar"
> * LIST (\HasNoChildren) "/" "INBOX/Contacts"
> * LIST (\HasNoChildren) "/" "INBOX/Journal"
> * LIST (\HasNoChildren) "/" "INBOX/Notes"
> * LIST (\HasNoChildren) "/" "INBOX/Tasks"
> * LIST (\HasNoChildren) "/" "INBOX/bla"
> l2 NO Unknown internal list error
> 
> This happens as soon as dovecot stumbles upon the shared namespace, so
> that other public name spaces, which otherwise work, are affected, too.

Right, that's intentional. You could set list=no to that namespace to
avoid the error, or implement the listing code. :)



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes in 1.2 question

[Sascha Wilde]

Timo Sirainen <[EMAIL PROTECTED]> writes:
> On Wed, 2008-10-08 at 17:39 +0200, Sascha Wilde wrote:
>> Timo Sirainen <[EMAIL PROTECTED]> writes:
>> 
>> > On Oct 8, 2008, at 5:33 PM, Sascha Wilde wrote:
>> >
>> >> s002 subscribe "users/[EMAIL PROTECTED]/blablabla"
>> >> s002 NO [TRYCREATE] Mailbox doesn't exist: users/[EMAIL PROTECTED]/
>> >> blablabla
>> >
>> > I think this should have worked, I'll look into it.
>> 
>> IMO the other one:
>>  s001 subscribe "users/[EMAIL PROTECTED]/INBOX/blablabla"
>> should have worked.
>> 
>> Or is the default namespace prefix "INBOX/" instead of empty?
>> Furthermore, please notice the different error: when the mailbox exists
>> dovecot claims "Invalid mailbox name" otherwise it says "[TRYCREATE]
>> Mailbox doesn't exist" which is indeed true.
>
> Fixed: http://hg.dovecot.org/dovecot-1.2/rev/c465b10a76fd

And thanks again for being so responsive and making this stunningly fast
fixes!  ;)

It seems to work now for subscribing and selecting (and therefor for
lsub and fetch) -- but LIST still bails out:

l2 list "" "*"
* LIST (\HasChildren) "/" "INBOX"
* LIST (\HasNoChildren) "/" "INBOX/Calendar"
* LIST (\HasNoChildren) "/" "INBOX/Contacts"
* LIST (\HasNoChildren) "/" "INBOX/Journal"
* LIST (\HasNoChildren) "/" "INBOX/Notes"
* LIST (\HasNoChildren) "/" "INBOX/Tasks"
* LIST (\HasNoChildren) "/" "INBOX/bla"
l2 NO Unknown internal list error

This happens as soon as dovecot stumbles upon the shared namespace, so
that other public name spaces, which otherwise work, are affected, too.

cheers
sascha
-- 
Sascha Wilde  OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


pgpuHAmke8lPG.pgp
Description: PGP signature

Re: [Dovecot] shared mailboxes in 1.2 question

[Sascha Wilde]

Robert Schetterer <[EMAIL PROTECTED]> writes:
> Sascha Wilde schrieb:

>> Yes, look at http://hg.intevation.de/kolab/dovecot-1.2_acl-branch as
>> announced...  ;-)

> Hi Sascha,
> why you need an extra branch for that ?

This is our working repository.  The ACL extensions by Matvey aren't
ready for upstream but we wanted to give everyone interested access to
them.

> why not just code into dovecot directly or is it ment as temp split
> and later merge ?

Yes, its not really a split, its just our development branch and of
cause it is intended to get our work upstream so that the repository
will become obsolete eventually.

cheers
sascha
-- 
Sascha Wilde  OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


pgpmI2ADRd0cS.pgp
Description: PGP signature

Re: [Dovecot] shared mailboxes in 1.2 question

[Robert Schetterer]

Sascha Wilde schrieb:
> Timo Sirainen <[EMAIL PROTECTED]> writes:
>> On Oct 6, 2008, at 7:24 PM, Robert Schetterer wrote:
>>> users after imap search, otherwise you always need some admin (
>>> perhaps
>>> with shell permissions ) for editing subcriptions and acls which not
>> Actually the SUBSCRIBE IMAP command is enough to make the mailboxes
>> visible, no admin/shell access needed.
> 
> This doesn't work for me.
> 
> Actually the whole new shared namespaces feature doesn't work as
> expected for me.  Using this namespace configuration:
> 
> namespace shared {
>   separator = /
>   # %%u gets expanded to the remote user. Instead of %%u you can
>   # also use %%n and %%d.
>   prefix = users/%%u/
>   location = 
> Maildir:/kolab/var/dovecot/spool/%%u/maildir:INDEX=/kolab/var/dovecot/spool/%u/maildir/shared_idx
>   #location = Maildir:/kolab/var/dovecot/spool/%%u/maildir
>   subscriptions = no
> }
> 
> I get errors when using list:
> 
> l002 list "" "*"
> * LIST (\HasChildren) "/" "INBOX"
> * LIST (\HasNoChildren) "/" "INBOX/Calendar"
> * LIST (\HasNoChildren) "/" "INBOX/Contacts"
> * LIST (\HasNoChildren) "/" "INBOX/Journal"
> * LIST (\HasNoChildren) "/" "INBOX/Notes"
> * LIST (\HasNoChildren) "/" "INBOX/Tasks"
> * LIST (\HasNoChildren) "/" "INBOX/bla"
> l002 NO Unknown internal list error
> 
> And cant subscribe or select an existing mailbox of another user:
> 
> s001 subscribe "users/[EMAIL PROTECTED]/INBOX/blablabla"
> s001 NO Invalid mailbox name: users/[EMAIL PROTECTED]/INBOX/blablabla
> 
> FWIW referencing an non existent mailbox causes an different error:
> 
> s002 subscribe "users/[EMAIL PROTECTED]/blablabla"
> s002 NO [TRYCREATE] Mailbox doesn't exist: users/[EMAIL PROTECTED]/blablabla
> 
> s102 select users/[EMAIL PROTECTED]/INBOX/blablabla
> * OK [CLOSED]
> s102 NO Invalid mailbox name
> 
>> And IMAP ACL commands are (at least partially) already implemented by
>> Kolab people.
> 
> Yes, look at http://hg.intevation.de/kolab/dovecot-1.2_acl-branch as
> announced...  ;-)
> 
> cheers
> sascha

Hi Sascha,
why you need an extra branch for that ?
why not just code into dovecot directly
or is it ment as temp split and later merge ?

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: [Dovecot] shared mailboxes in 1.2 question

[Timo Sirainen]

On Wed, 2008-10-08 at 17:39 +0200, Sascha Wilde wrote:
> Timo Sirainen <[EMAIL PROTECTED]> writes:
> 
> > On Oct 8, 2008, at 5:33 PM, Sascha Wilde wrote:
> >
> >> s002 subscribe "users/[EMAIL PROTECTED]/blablabla"
> >> s002 NO [TRYCREATE] Mailbox doesn't exist: users/[EMAIL PROTECTED]/
> >> blablabla
> >
> > I think this should have worked, I'll look into it.
> 
> IMO the other one:
>  s001 subscribe "users/[EMAIL PROTECTED]/INBOX/blablabla"
> should have worked.
> 
> Or is the default namespace prefix "INBOX/" instead of empty?
> Furthermore, please notice the different error: when the mailbox exists
> dovecot claims "Invalid mailbox name" otherwise it says "[TRYCREATE]
> Mailbox doesn't exist" which is indeed true.

Fixed: http://hg.dovecot.org/dovecot-1.2/rev/c465b10a76fd



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] shared mailboxes in 1.2 question

[Sascha Wilde]

Timo Sirainen <[EMAIL PROTECTED]> writes:

> On Oct 8, 2008, at 5:33 PM, Sascha Wilde wrote:
>
>> s002 subscribe "users/[EMAIL PROTECTED]/blablabla"
>> s002 NO [TRYCREATE] Mailbox doesn't exist: users/[EMAIL PROTECTED]/
>> blablabla
>
> I think this should have worked, I'll look into it.

IMO the other one:
 s001 subscribe "users/[EMAIL PROTECTED]/INBOX/blablabla"
should have worked.

Or is the default namespace prefix "INBOX/" instead of empty?
Furthermore, please notice the different error: when the mailbox exists
dovecot claims "Invalid mailbox name" otherwise it says "[TRYCREATE]
Mailbox doesn't exist" which is indeed true.

>> s102 select users/[EMAIL PROTECTED]/INBOX/blablabla
>> * OK [CLOSED]
>> s102 NO Invalid mailbox name
>
> Assuming INBOX/ is the namespace prefix,

see above, I assume the namespace prefix is empty.
From the configuration:

namespace private {
   separator = /

   # Prefix required to access this namespace. This needs to be different for
   # all namespaces. For example "Public/".
   #prefix = 

   inbox = yes
}

so prefix is not set, which means, it is set to the default.  (Which I
believe to be empty, the comments suggest that, too).

cheers
sascha
-- 
Sascha Wilde  OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner


pgpt9TMxiCH7X.pgp
Description: PGP signature