Questions on supporting Shared Mailboxes using imapc://

Nathan Coulson nathan at bravenet.com
Fri Oct 9 17:33:55 UTC 2015 

I was not able to get a shared mailbox setup working using imapc. Tested 
using mailboxes on the same server, as well as other servers.

We are using dovecot 2.2.10 from Centos 7, following the guide at 
http://wiki2.dovecot.org/SharedMailboxes/ClusterSetup


imapc_host=192.168.5.5 #(Local dovecot server)
imapc_master_user= %u
imapc_password=TempPass
#imapc_user=test2 at example.com # Added for testing.
namespace {
   type = shared
   separator = /
   prefix = shared/%%u/
   list = children
   location = imapc:~/shared/%%u/
}
namespace { # used as a control to verify that shared mailboxes work
   type = shared
   separator = /
   prefix = shared2/%%u/
   list = children
   location = sdbox:%%h:INDEXPVT=~/shared2/%%u
}


dict {
   acl = mysql:/etc/dovecot/dovecot-sql_aggelos_shares.conf.ext
}

plugin {
   acl = vfile
   acl_shared_dict = proxy::acl
}

mail_plugins = acl

protocol imap {
   mail_plugins = acl imap_acl
}

passdb {
   driver = sql
   args = /etc/dovecot/dovecot-sql.conf.ext
}


passdb { # for master user logins
   driver = sql
   args = /etc/dovecot/dovecot-sql_aggelos_aclmaster.conf.ext
   master = yes
   pass = yes
}

userdb {
   driver = sql
   args = /etc/dovecot/dovecot-sql.conf.ext
}





I can login using test2 at example.com*test at example.com (and see all of 
test2's email), and it looks like it authenticates ok via imap, but 
shared never shows up.  No issues using shared2 which uses direct access 
to the mailbox


doveadm acl debug -u test at example.com shared/test2 at example.com (Fails, 
uses imapc)

doveadm(test at example.com): Info: Mailbox 'INBOX' is in namespace 
'shared/test2 at example.com/'
doveadm(test at example.com): Info: Mailbox path: 
/misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.INBOX
doveadm(test at example.com): Info: All message flags are shared across 
users in mailbox
doveadm(test at example.com): Info: User test at example.com has no rights for 
mailbox
doveadm(test at example.com): Error: User test at example.com is missing 
'lookup' right
doveadm(test at example.com): Info: Mailbox shared/test2 at example.com is NOT 
visible in LIST



doveadm acl debug -u test at example.com shared/test2 at example.com/Junk 
(Fails, contains a folder that exists)
doveadm(test at example.com): Info: Mailbox 'Junk' is in namespace 
'shared/test2 at example.com/'
doveadm(test at example.com): Info: Mailbox path: 
/misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.Junk
doveadm(test at example.com): Info: All message flags are shared across 
users in mailbox
doveadm(test at example.com): Info: User test at example.com has no rights for 
mailbox
doveadm(test at example.com): Error: User test at example.com is missing 
'lookup' right
doveadm(test at example.com): Info: Mailbox shared/test2 at example.com/Junk 
is NOT visible in LIST


doveadm acl debug -u test at example.com shared/test2 at example.com/z (Fails, 
  contains a folder that does not exist.  Expected result)

doveadm(test at example.com): Error: Mailbox 'z' in namespace 
'shared/test2 at example.com/' doesn't exist in 
/misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.z



doveadm acl debug -u test at example.com shared2/test2 at example.com (Works, 
using direct storage)

doveadm(test at example.com): Info: Mailbox 'INBOX' is in namespace 
'shared2/test2 at example.com/'
doveadm(test at example.com): Info: Mailbox path: 
/misc/1/2/mail/test2 at example.com-87/mailboxes/INBOX/dbox-Mails
doveadm(test at example.com): Info: Per-user private flags in mailbox: \Seen
doveadm(test at example.com): Info: User test at example.com has rights: 
lookup read write-seen
doveadm(test at example.com): Info: Mailbox found from dovecot-acl-list
doveadm(test at example.com): Info: User test2 at example.com found from ACL 
shared dict
doveadm(test at example.com): Info: Mailbox shared2/test2 at example.com is 
visible in LIST



It feels like the acl information in the vfiles is not available when 
using imapc.



Our setup is as follows: (Currently does not use Dovecot Director, but 
has the same issues where shared mailboxes may not be local on the server)
* Front servers, that are running dovecot (proxy to backend servers)
* Backend Servers, each handle their own local users.


Thank you

-- 
Nathan Coulson
System Administrator for Bravenet
www.bravenet.com
nathan at bravenet.com

More information about the dovecot mailing list