[Dovecot] Using a Sieve script to handle delivery to public mailboxes
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Wed Mar 19 07:07:20 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 15 Mar 2014, Alessandro Menti wrote:
Dear Alessandro,
see below mail_location, SQL query and debug output ... .
IMHO, the behaviour matches your config.
> I'm setting up a Postfix+Dovecot stack with virtual domains and public
> mailboxes.
>
> I set up a shared mailbox "office at mydomain.com" as described in the Dovecot
> Wiki [1], that is:
> - I created the directory "/var/mail/mydomain.com/public/" and inside
> it I created the ".office" mailbox;
> - I added an appropriate ACL to allow the account
> "president at mydomain.com" to read and edit that mailbox under a public
> namespace;
> - I added a Sieve script to handle delivery to the public mailbox (its
> location is /var/mail/mydomain.com/public/.office/.dovecot.sieve).
>
> Some other relevant details about my configuration:
> - The backend used by Postfix and Dovecot to handle virtual
> aliases/domains/maps is a MySQL database. Since the virtual user
> table is used by other applications as well, I decided to keep it
> "clean" and to make use of another "virtual mailboxes" table (see
> /etc/dovecot/dovecot-sql.conf.ext below). The password_query setting
> returns only results from the virtual user table (so that only real
> users can authenticate on the IMAP server), while the user_query
> setting returns results from both the virtual user and the virtual
> mailbox table (so that dovecot-lda can choose the correct mailbox).
> - The queries saved in password_query and user_query return the correct
> results when executed manually: the home directory for the
> "office at mydomain.com" virtual mailbox is set to /var/mail/mydomain.com
> /public/.office.
> - Delivery from and to the "president at mydomain.com" account is regular,
> and that account is able to access the "office at mydomain.com" virtual
> mailbox (I have tested this by speaking IMAP to the server and by
> performing a manual check using Thunderbird).
>
> I encountered a problem with this setup: when I send a message to the
> "office at mydomain.com" account, the Postfix logs say it is correctly delivered
> via Dovecot, but the Sieve script says it can not find the folder
> "Public/.office". As a consequence, Dovecot creates a new Maildir in
> /var/mail/mydomain.com/office and delivers the mail there instead of saving
> it in the correct directory (/var/mail/mydomain.com/public/.office).
>
> Is there something I set incorrectly in my configuration? What is causing
> Dovecot not to recognize the correct mailbox during delivery? Is there a way
> to list all mailboxes seen by dovecot-lda itself?
>
> Thanks,
> Alessandro Menti
>
> [1] http://wiki2.dovecot.org/SharedMailboxes/Public
> -----
> Dovecot and OS version: 2.0.19, Ubuntu 12.04 LTS
> Output of "dovecot -n":
>> # 2.0.19: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.5.0-46-generic i686 Ubuntu 12.04.4 LTS ext4
>> auth_mechanisms = plain login
>> login_greeting = IMAP server ready.
>> mail_debug = yes
>> mail_gid = vmail
>> mail_location = maildir:/var/mail/%d/%n/Maildir
^^^ default maillocation /var/mail/<domain>/office/Maildir
>> mail_plugins = acl
>> mail_uid = vmail
>> namespace {
>> inbox = yes
>> location =
>> prefix =
>> separator = /
>> type = private
>> }
>> namespace {
>> list = children
>> location = maildir:/var/mail/mydomain.com/public
>> prefix = Public/
>> separator = /
>> subscriptions = no
>> type = public
>> }
>> passdb {
>> args = /etc/dovecot/dovecot-sql.conf.ext
>> driver = sql
>> }
>> plugin {
>> acl = vfile
>> sieve = ~/.dovecot.sieve
>> sieve_before = /var/mail/sieve/
>> sieve_dir = ~/sieve
>> }
>> postmaster_address = postmaster at mydomain.com
>> protocols = " imap"
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> unix_listener auth-userdb {
>> group = vmail
>> mode = 0660
>> user = dovecot
>> }
>> }
>> ssl_cert = </etc/ssl/srvcerts/mailcert-withintcas.cer
>> ssl_cipher_list =
>> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>> ssl_key = </etc/ssl/private/mailcert.pvk
>> userdb {
>> args = /etc/dovecot/dovecot-sql.conf.ext
>> driver = sql
>> }
>> protocol lda {
>> info_log_path = /var/log/dovecot-lda.log
>> log_path = /var/log/dovecot-lda-errors.log
>> mail_plugins = acl sieve
>> }
>> protocol imap {
>> mail_plugins = acl imap_acl
>> }
>
> /etc/dovecot/dovecot-sql.conf.ext:
>> driver = mysql
>> connect = host=127.0.0.1 dbname=dbname user=username password=password
>> default_pass_scheme = SHA512-CRYPT
>> password_query = SELECT email as user, password FROM virtual_users WHERE
>> email='%u';
>> user_query = SELECT home FROM virtual_users WHERE email = '%u' UNION SELECT
>> home FROM virtual_shared_mailboxes WHERE email = '%u'
The UserDB query does _not_ return mail, hence, does not override default
mail_location, which does _not_ depend on HOME.
>
> Extract from /var/log/mail.log:
>> Mar 15 11:43:07 phoenix postfix/pickup[1404]: 3BA221FFD1: uid=0
>> from=<sysadmin>
>> Mar 15 11:43:07 phoenix postfix/cleanup[4871]: 3BA221FFD1:
>> message-id=<20140315104307.3BA221FFD1 at mail.mydomain.com>
>> Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1:
>> from=<sysadmin at mydomain.com>, size=316, nrcpt=1 (queue active)
>> Mar 15 11:43:07 phoenix dovecot: auth-worker: mysql(127.0.0.1): Connected
>> to database mailserver
>> Mar 15 11:43:07 phoenix postfix/pipe[4875]: 3BA221FFD1:
>> to=<office at mydomain.com>, relay=dovecot, delay=0.15,
>> delays=0.05/0.03/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot
>> service)
>> Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1: removed
>
> Extract from /var/log/dovecot-lda.log:
>> Mar 15 11:43:07 lda: Debug: Loading modules from directory:
>> /usr/lib/dovecot/modules
>> Mar 15 11:43:07 lda: Debug: Module loaded:
>> /usr/lib/dovecot/modules/lib01_acl_plugin.so
>> Mar 15 11:43:07 lda: Debug: Module loaded:
>> /usr/lib/dovecot/modules/lib90_sieve_plugin.so
>> Mar 15 11:43:07 lda: Debug: auth input: office at mydomain.com
>> home=/var/mail/mydomain.com/public/.office
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Effective uid=1002,
>> gid=999, home=/var/mail/mydomain.com/public/.office
^^ This matches the UserDB query, but is not used by mail location.
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: No acl_shared_dict
>> setting - shared mailbox listing is disabled
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Namespace : type=private,
>> prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
>> location=maildir:/var/mail/mydomain.com/office/Maildir
^^ This matches the default mail_location
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: maildir++:
>> root=/var/mail/mydomain.com/office/Maildir, index=, control=,
>> inbox=/var/mail/mydomain.com/office/Maildir, alt=
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Namespace :
>> /var/mail/mydomain.com/office/Maildir doesn't exist yet, using default
>> permissions
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Namespace : Using
>> permissions from /var/mail/mydomain.com/office/Maildir: mode=0700 gid=-1
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: initializing backend
>> with data: vfile
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: acl username =
>> office at mydomain.com
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: owner = 1
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl vfile: Global ACL
>> directory: (none)
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Namespace : type=public,
>> prefix=Public/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no
>> location=maildir:/var/mail/mydomain.com/public
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: maildir++:
>> root=/var/mail/mydomain.com/public, index=, control=, inbox=, alt=
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: initializing backend
>> with data: vfile
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: acl username =
>> office at mydomain.com
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: owner = 0
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl vfile: Global ACL
>> directory: (none)
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl: No acl_shared_dict
>> setting - shared mailbox listing is disabled
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: none: root=, index=,
>> control=, inbox=, alt=
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: Destination address:
>> office at mydomain.com (source: user at hostname)
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: include:
>> sieve_global_dir is not set; it is currently not possible to include
>> `:global' scripts.
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: using sieve path
>> for user's script: /var/mail/mydomain.com/public/.office/.dovecot.sieve
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: opening script
>> /var/mail/mydomain.com/public/.office/.dovecot.sieve
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: script binary
>> /var/mail/mydomain.com/public/.office/.dovecot.svbin successfully loaded
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: binary save: not
>> saving binary /var/mail/mydomain.com/public/.office/.dovecot.svbin, because
>> it is already stored
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: sieve: executing script
>> from /var/mail/mydomain.com/public/.office/.dovecot.svbin
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl vfile: reading file
>> /var/mail/mydomain.com/public/.office/dovecot-acl
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl vfile: file
>> /var/mail/mydomain.com/public/dovecot-acl not found
>> Mar 15 11:43:07 lda(office at mydomain.com): Debug: acl vfile: file
>> /var/mail/mydomain.com/office/Maildir/dovecot-acl not found
>> Mar 15 11:43:07 lda(office at mydomain.com): Info: sieve:
>> msgid=<20140315104307.3BA221FFD1 at mail.mydomain.com>: stored mail into
>> mailbox 'INBOX'
>
> Extract from /var/mail/mydomain.com/public/.office/.dovecot.sieve.log:
>> sieve: info: started log at Mar 15 11:43:07.
>> error: msgid=<20140315104307.3BA221FFD1 at mail.mydomain.com>: failed to store
>> into mailbox 'Public/office': Mailbox doesn't exist: office.
>
> Listing of /var/mail/mydomain.com/public/.office:
>> $ sudo ls /var/mail/mydomain.com/public/.office -lA
>> total 56
>> drwxr-x--- 2 vmail vmail 4096 mar 14 17:14 cur
>> -rw-r--r-- 1 root root 98 mar 9 18:05 dovecot-acl
>> -rw-r----- 1 vmail vmail 18432 mar 15 10:36 dovecot.index.cache
>> -rw-r----- 1 vmail vmail 1088 mar 15 10:36 dovecot.index.log
>> -rw-r--r-- 1 vmail vmail 0 mar 14 21:50 dovecot-shared
>> -rw-r--r-- 1 root root 50 mar 15 11:42 .dovecot.sieve
>> -rw------- 1 vmail vmail 188 mar 15 11:43 .dovecot.sieve.log
>> -rw-r--r-- 1 vmail vmail 124 mar 15 11:42 .dovecot.svbin
>> -rw-r----- 1 vmail vmail 98 mar 14 17:13 dovecot-uidlist
>> drwxr-x--- 2 vmail vmail 4096 mar 14 16:25 new
>> drwxr-x--- 2 vmail vmail 4096 mar 15 08:48 tmp
>
> Contents of /var/mail/mydomain.com/public/.office/.dovecot.sieve:
>> require "fileinto";
>> fileinto "Public/office";
>
> ACL for the "office" shared mailbox:
>> $ sudo cat /var/mail/mydomain.com/public/.office/dovecot-acl
>> user=president at mydomain.com lrwstipe
>
> Transcript of an IMAP session listing all folders:
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
>> AUTH=PLAIN AUTH=LOGIN] IMAP server ready.
>> a01 LOGIN president at mydomain.com password
>> a01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT
>> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC
>> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk]
>> Logged in
>> a02 LIST "" "*"
>> * LIST (\HasNoChildren) "/" "Infected Items"
>> * LIST (\HasNoChildren) "/" "Recycle Bin"
>> * LIST (\HasNoChildren) "/" "Spam"
>> * LIST (\HasNoChildren) "/" "Trash"
>> * LIST (\HasNoChildren) "/" "Drafts"
>> * LIST (\HasNoChildren) "/" "Sent Mail"
>> * LIST (\HasNoChildren) "/" "INBOX"
>> * LIST (\HasNoChildren) "/" "Public/office"
>> a02 OK List completed.
>> a03 LOGOUT
>> * BYE Logging out
>> a03 OK Logout completed.
>
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUylCKXD1/YhP6VMHAQIPJwf/Ti25u4nPcL86QjNGeFjION9OfgNtg/XD
HQ1YKLjn6usuIrBJdnNczNdBMvDrOlONmyMLOyVfLaVEREIULCb80QrSbA41eW02
UMUXo+l41QedY2O32AnHN3ugsgOJXcLQLAXsRMqehyQa5BooyWiO6xo9fzkDiqX1
nd38ubYxn2EDIuGAeHwRDtgpX/s25FZeRvsUJrFPvo7eNOePyZY3qfq8m2/LrNet
AyDWh3Hon7znj64LOtgr501tuq+HMFOBH40Qmd6kkFZFRwoBxdTDnmv9qrrwVvKx
2T5/hQBzD5LWAKGEF1+MTt00sYzQHoLRzCkfVgaSQjsG1butXRJRlQ==
=xKsq
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list