[Dovecot] Debugging IMAP ACLs

Kerem Erciyes kerem.erciyes at gmail.com
Tue Oct 6 14:24:33 EEST 2009 

Hello,

I upgraded my server to 1.2.4 and now I'm trying to implement ACL support to
use with Bynari Insight Connector. Starting out with the wiki page on shared
namespaces from http://wiki.dovecot.org/SharedMailboxes/Shared I tried to
implement shared mailbox support so that my customers can enjoy more
exhange-like qualities with outlook.

However I am not sure if the ACLs or Shared Namespaces are really working. I
sure would like some help debugging ACL requests by clients, and the
configuration I did.

Thanks,
Kerem

Here is the run down of my configuration, if I have screwed up somewhere.

*dovecot -n*
# 1.2.4: /usr/local/etc/dovecot.conf
# OS: FreeBSD 6.2-STABLE i386
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-debug.log
protocols: imap imaps pop3 pop3s
disable_plaintext_auth: no
login_dir: /var/run/dovecot//login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting: Kupyazilim IMAPS/POP3S Server - Dovecot ready.
verbose_proctitle: yes
first_valid_uid: 100
first_valid_gid: 6
mail_privileged_group: mail
mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
tb-extra-mailbox-sep
imap_client_workarounds(imap): outlook-idle delay-newmail
tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: shared
  separator: /
  prefix: shared/%%u/
  location: mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u
  list: children
lda:
  postmaster_address: postmaster at kupyazilim.com.tr
  mail_plugins: quota
  log_path: /var/log/dovecot-deliver.log
  info_log_path: /var/log/dovecot-deliver.log
auth default:
  mechanisms: plain login
  user: nobody
  passdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
  userdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
  userdb:
    driver: prefetch
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: mail
    master:
      path: /var/run/dovecot/auth-master
      mode: 432
      user: vmail
      group: mail
plugin:
  acl_shared_dict: proxy::acl
dict:
  quota: maildir:storage=10240:messages=1000
  trash: /usr/local/etc/trash.conf
  acl: mysql:/usr/local/etc/dovecot-dict-sql.conf
*
cat /usr/local/etc/dovecot-acl.conf *

# mail_location copied from dovecot.conf for reference only
#
# mail_location: mbox:~/mail/:INBOX=/usr/home/vmail/%d/%u
# note: it is %d/%u here but only %u in dovecot-sql.conf

# You need to create also a private namespace:
namespace private {
  separator = /
  prefix =
  #location defaults to mail_location.
  inbox = yes
}

namespace shared {
  separator = /
  prefix = shared/%%u/
  #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  location = mbox:/usr/home/vmail/%d/%u:INDEX=/usr/home/vmail/shared/%%u
  subscriptions = no
  list = children
}

# Set ACL to SQL Server and Reference sql-dictionary
# Table implemented in mysql:/postfix/user_shares

plugin {
  acl_shared_dict = proxy::acl
}

dict {
  acl = mysql:/usr/local/etc/dovecot-dict-sql.conf
}

*cat /usr/local/etc/dovecot-dict-sql.conf *

map {
  pattern = shared/shared-boxes/user/$to/$from
  table = user_shares
  value_field = dummy

  fields {
    from_user = $from
    to_user = $to
  }
}






-- 
Kerem Erciyes
Sistem Danismani
http://proje.keremerciyes.com

kerem.erciyes at gmail.com
+90 532 737 05 83

More information about the dovecot mailing list