several misc questions, public folders and sharing, quota, ssl
Robert Moskowitz
rgm at htt-consult.com
Sun Apr 16 06:06:05 EEST 2017
On 04/14/2017 05:11 PM, Aki Tuomi wrote:
> Can you try turning mail_debug=yes and posting logs?
>
> Also if possible, can you try telnetting to the server and issuing
If you only allow secure connections, you may need instead of telnet:
openssl s_client -connect your_host_tld:993
or
openssl s_client -connect your_host_tld:143 -starttls imap
>
> a LOGIN username password
> a SELECT public/TestFolder1
>
> with debug turned on?
>
> ACL plugin is needed *iff* you want to *restrict* access.
>
>
> Aki
>
>> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com> wrote:
>>
>>
>> Hi Aki,
>>
>> Thanks for your reply. Sorry, hit the reply to and not the reply to all option.
>>
>> So, even when a folder is a public folder I'm still needing to use the
>> acl plugin?
>>
>>
>> The public/TestFolder is showing up, the public/TestFolder1 is not.
>>
>> Thanks.
>> Dave.
>>
>>
>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>> Please keep responses on the list. Thank you. =)
>>>
>>> Without ACL plugin there is no way to restrict access, it's free for all.
>>>
>>> my site is a very tiny few user site, but ...
>>>
>>> auth_mechanisms = login plain
>>> mail_attribute_dict = file:%h/Mail/dovecot-attributes
>>> mail_location = sdbox:~/Mail
>>> mail_plugins = stats quota fts fts_lucene
>>> namespace inbox {
>>> inbox = yes
>>> list = yes
>>> location =
>>> mailbox Drafts {
>>> special_use = \Drafts
>>> }
>>> mailbox Sent {
>>> special_use = \Sent
>>> }
>>> mailbox "Sent Messages" {
>>> special_use = \Sent
>>> }
>>> mailbox Spam {
>>> auto = subscribe
>>> special_use = \Junk
>>> }
>>> mailbox Trash {
>>> special_use = \Trash
>>> }
>>> prefix =
>>> separator = .
>>> subscriptions = yes
>>> type = private
>>> }
>>> passdb {
>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>> driver = sql
>>> }
>>> plugin {
>>> fts = lucene
>>> fts_lucene = whitespace_chars=@.
>>> imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
>>> imapsieve_mailbox1_causes = COPY
>>> imapsieve_mailbox1_name = Spam
>>> imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
>>> imapsieve_mailbox2_causes = COPY
>>> imapsieve_mailbox2_from = Spam
>>> imapsieve_mailbox2_name = *
>>> quota = count:User quota
>>> quota_vsizes = yes
>>> recipient_delimiter = +
>>> sieve = ~/.dovecot.sieve
>>> sieve_dir = ~/sieve
>>> sieve_extensions = +notify +imapflags
>>> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>>> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
>>> sieve_plugins = sieve_imapsieve sieve_extprograms
>>> stats_refresh = 30
>>> }
>>> protocols = imap lmtp
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>> mode = 0666
>>> }
>>> user = $default_internal_user
>>> }
>>> service doveadm {
>>> inet_listener http {
>>> address = 127.0.0.1
>>> port = 38080
>>> }
>>> }
>>> service imap-login {
>>> inet_listener imap {
>>> port = 143
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> ssl = yes
>>> }
>>> }
>>> service lmtp {
>>> inet_listener lmtp {
>>> address = 127.0.0.1
>>> port = 8025
>>> }
>>> }
>>> service stats {
>>> fifo_listener stats-mail {
>>> mode = 0666
>>> }
>>> }
>>> ssl = required
>>> ssl_cert = #
>>> ssl_cipher_list =
>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
>>> ssl_dh_parameters_length = 4096
>>> ssl_key = #
>>> ssl_prefer_server_ciphers = yes
>>> ssl_protocols = !SSLv2 !SSLv3
>>> submission_host = 127.0.0.1:25
>>> userdb {
>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>> driver = sql
>>> }
>>> protocol imap {
>>> mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
>>> }
>>> protocol lmtp {
>>> mail_plugins = stats quota fts fts_lucene sieve
>>> }
>>> protocol lda {
>>> mail_plugins = stats quota fts fts_lucene sieve
>>> }
>>>
>>> Aki
>>>
>>>> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote:
>>>>
>>>>
>>>> Hello Aki,
>>>>
>>>> Thank you for your reply.
>>>>
>>>> I've implemented your changes and thanks for the @STRENGTH reminder, I
>>>> had forgotten about that one.
>>>>
>>>> I'll check out the acl plugin. Is it required when sharing a public
>>>> folder or are public folders usable by all? I know it is for shared
>>>> folders.
>>>>
>>>> The TestFolder1 is still not showing up in public not sure why
>>>> everything looks good.
>>>>
>>>> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports
>>>> along the way.
>>>>
>>>> I was wondering if I could take a look at your dovecot configuration
>>>> files and a doveconf -n output?
>>>>
>>>> Thanks.
>>>> Dave.
>>>>
>>>>
>>>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>>>>> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
>>>>>> optimize how the system is running and have a few misc questions.
>>>>>>
>>>>>> First ssl, is my cipher list good? I'm trying for pfs and wanting to
>>>>>> ensure these cipherlist is appropriate:
>>>>>>
>>>>>> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
>>>>>>
>>>>> I would add @STRENGTH to the end, so it'll get sorted by strengthness.
>>>>>
>>>>>> Next, a new feature that I'm trying for is virtual folders that store
>>>>>> All messages. My understanding of this is that it stores a version of
>>>>>> every received message in one place? I've got the virtual plugin
>>>>>> loaded and have:
>>>>>>
>>>>>> mailbox virtual/All {
>>>>>> comment = All my messages
>>>>>> special_use = \All
>>>>>> }
>>>>>>
>>>>>> I've got a directory /home/vmail/example.com/username/virtual under
>>>>>> which is an ALL folder both directories are accessible to the vmail
>>>>>> user, yet there's no contents in this folder and it's showing up
>>>>>> nowhere.
>>>>>>
>>>>> Configuring virtual all folder:
>>>>>
>>>>> namespace {
>>>>> prefix = virtual
>>>>> location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
>>>>> comment = All my messages
>>>>> special_use = \All
>>>>> mailbox All {
>>>>> auto = subscribe
>>>>> }
>>>>> }
>>>>>
>>>>> ==== /etc/dovecot/virtual/All/dovecot-virtual ====
>>>>> *
>>>>> all
>>>>> ==== EOF ===
>>>>>
>>>>>> Next, quota warnings, are not being sent at all. I set up a testuser
>>>>>> with a quota of 2 mb, then sent a message to that user getting the box
>>>>>> to 95% full, and no message. Took the user overquota with the next
>>>>>> message, still nothing, and a third message did trigger my custom
>>>>>> quota exceeded message and the message was bounced.
>>>>>>
>>>>> I would recommend you using
>>>>>
>>>>> mail_plugins = $mail_plugins quota quota_clone
>>>>>
>>>>> plugin {
>>>>> quota = count:User quota
>>>>> quota_clone_dict = proxy::sqlquota
>>>>> quota_vsizes = true
>>>>> }
>>>>>
>>>>> Also,
>>>>>
>>>>> "Note that the warning is ONLY executed at the exact time when the limit
>>>>> is
>>>>> being crossed, so when you're testing it you have to do it by crossing
>>>>> the
>>>>> limit by saving a new mail. If something else besides Dovecot updates
>>>>> quota
>>>>> so that the limit is crossed, the warning is never executed."
>>>>>
>>>>>> I'm wanting to implement public folders. My mailboxes are all
>>>>>> virtual, and they are stored under /home/vmail/example.com/username
>>>>>> and /home/vmail/example.org/username in the maildir format. I've got
>>>>>> one user uid and gid of 999 name of vmail who owns all the mailboxes.
>>>>>> I've separated out public folders storing them under
>>>>>> /home/vmail/public. I've created one mailbox called TestFolder and
>>>>>> new, cur, and tmp directories under it. This is what it looks like:
>>>>> <snip />
>>>>>
>>>>>> The public/TestFolder is showing up fine and I can switch to it. The
>>>>>> public/TestFolder1 is not showing up at all so I'm not seeing it and
>>>>>> can't switch to it. Any ideas?
>>>>>>
>>>>> Not sure why it's not showing up, *but*, you could add
>>>>> :INDEXPVT=%h/public
>>>>> to the folder, to keep per-user indexes separate.
>>>>>
>>>>>> My second question involves public folders and domain sharing. Are
>>>>>> public folders accessible to all users and all domains? I've got two
>>>>>> domains example.com and example.org i'd like to create a folder that
>>>>>> some users in example.com can share with some users in example.org,
>>>>>> not necessarily all users in those domains should be able to see the
>>>>>> folders.
>>>>>>
>>>>> Dovecot does not, as per such, care about your domains. It cares about
>>>>> user
>>>>> names. If you want to do this kind of thing, please consult ACL plugin.
>>>>> https://wiki2.dovecot.org/ACL
>>>>>
>>>>>> Ideas welcome.
>>>>>>
>>>>>> Thanks.
>>>>>> Dave.
>>>>>>
>>>>> Some other comments, if you are using SSL, you can drop cram-md5 as
>>>>> auth
>>>>> mech, it's not storage-safe.
>>>>>
>>>>> you should use mail_location = maildir:~/maildir:LAYOUT=fs
>>>>>
>>>>> to avoid your other things in user's home being interprepted as mail
>>>>> directories.
>>>>>
>>>>> why are you setting these?
>>>>> maildir_broken_filename_sizes = yes
>>>>> maildir_empty_new = yes
>>>>> maildir_very_dirty_syncs = yes
>>>>>
>>>>> and in general I see lots of overconfiguring, dovecot defaults are
>>>>> usually
>>>>> right, and setting various things just for the fun of it, can cause
>>>>> problems.
>>>>>
>>>>> Aki
>>>>>
More information about the dovecot
mailing list