Dovecot 2.3 shared namespace issues
Stefano Cecconello
stefano.cecconello at staff.aruba.it
Tue Nov 15 10:06:23 UTC 2022
Hello,
We're trying to configure the shared mailbox feature\namespace on a dovecot
2.3 installation .
OS : Ubuntu 22.04 x64
Dovecot : 2:2.3.19.1-2+ubuntu20.04
Our test enviroment is based on a dovecot frontend ( director + proxy ) and
a dovecot backend ( auth and storage ), later we will think about
increasing the number of backends and frontends ( if we got it right, as we
plan to use multiple backends, we should use imapc in order to bind the
sharer and the accessing user to the same backend ) .
On dovecot backend we've configured the new shared namespace, as stated in
the documentation (
https://doc.dovecot.org/configuration_manual/shared_mailboxes/shared_mailbox
es/#user-shared-mailboxes ) :
-- Dovecot conf --------------------
# Maildir's location is under home dir, which is returned by userdb.
mail_location = maildir:~/Maildir:VOLATILEDIR=/tmp_lock/%2.256Nu/%u
# Quota, mail_log plugins enabled everywhere
mail_plugins = quota notify acl fts fts_lucene mail_log mailbox_alias
virtual
# Default namespace
namespace {
hidden = no
inbox = yes
location =
prefix =
separator = /
type = private
mailbox Sent {
special_use = \Sent
auto = create
}
mailbox Trash {
special_use = \Trash
auto = create
}
mailbox Drafts {
special_use = \Drafts
auto = create
}
mailbox SPAM {
special_use = \Junk
auto = create
}
}
# namespace used by virtual search
namespace {
prefix = VrtSearch.
separator = /
location = virtual:/etc/dovecot-common-backend/virtual:INDEX=~/virtual
hidden = yes
subscriptions = no
inbox = no
list = no
}
# IMAP SHARING FEATURE
service dict {
unix_listener dict {
mode = 0600
user = vpopmail
group = vchkpw
}
}
plugin {
acl = vfile
acl_ignore_namespace = shared/*
acl_shared_dict = proxy::acl-mysql
}
dict {
acl-mysql = mysql:/etc/dovecot-common-backend/dovecot-dict-sql.conf.ext
}
# namespace used for IMAP sharing feature
namespace {
type = shared
separator = /
prefix = shared/%%u/
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
list = children
subscriptions = no
}
-- Dovecot dict sql --------------------
# IMAP SHARING FEATURE
connect = host=x.x.x.x dbname=xxxxxx user=xxxxxx password=xxxxxx
map {
pattern = shared/shared-boxes/user/$to/$from
table = imap_user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
map {
pattern = shared/shared-boxes/anyone/$from
table = imap_anyone_shares
value_field = dummy
fields {
from_user = $from
}
}
-- Dict DB contents --------------------
mysql> select * from imap_user_shares;
+------------------------------------------+--------------------------------
--------+-------+
| from_user | to_user
| dummy |
+------------------------------------------+--------------------------------
--------+-------+
| test.imapsharer01 at td01.testdomain.it |
test.imapuser01 at td01.testdomain.it | 1 |
+------------------------------------------+--------------------------------
--------+-------+
For our tests, we've :
- created two users
test.imapsharer01 at td01.testdomain.it
test.imapuser01 at td01.testdomain.it
- Created two INBOX subfolders on the sharer01 user, giving user01 those
permissions :
subfolder01 giving to user01 Full control
subfolder02ro giving to user01 list and read
- logging as user01 with thunderbird, we see the shared namespace tree :
shared
test.imapsharer01 at td01.testdomain.it
subfolder01
subfolder02
we're able to see the contents of each folder, even the INBOX .
Checking the folder properties, thunderbird reports that the user01 has full
control on the INBOX of shared01 .
If we try to check the ACL via python script ( imaplib.gestacl ) or via
doveadm, we can see that the sharer01 INBOX has no rights for user01 .
But via thunderbird ( or other email clients ) we can delete emails .
ACL - sharer01 accessing its folder
('OK', [b'INBOX test.imapsharer01 at td01.testdomain.it lrwstipekxacd'])
('OK', [b'subfolder01 test.imapuser01 at td01.testdomain.it akxeilprwtscd
test.imapsharer01 at td01.testdomain.it lrwstipekxacd'])
('OK', [b'subfolder02ro test.imapuser01 at td01.testdomain.it lr
test.imapsharer01 at td01.testdomain.it lrwstipekxacd'])
ACL - user01 accessing sharer01 folders
('OK', [b'shared/test.imapsharer01 at td01.testdomain.it/INBOX'])
('OK', [b'shared/test.imapsharer01 at td01.testdomain.it/subfolder01
test.imapuser01 at td01.testdomain.it akxeilprwtscd'])
('OK', [b'shared/test.imapsharer01 at td01.testdomain.it/subfolder02ro
test.imapuser01 at td01.testdomain.it lr'])
Testing with doveadm shows the correct ACL :
# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u
test.imapuser01 at td01.testdomain.it
shared/test.imapsharer01 at td01.testdomain.it/INBOX
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox 'INBOX' is in
namespace 'shared/test.imapsharer01 at td01.testdomain.it/'
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox path:
/home/vpopmail/domains/td01.testdomain.it/dccm4584.imapsharer01/Maildir
doveadm(test.imapuser01 at td01.testdomain.it): Info: All message flags are
shared across users in mailbox
doveadm(test.imapuser01 at td01.testdomain.it): Info: User
test.imapuser01 at td01.testdomain.it has no rights for mailbox
doveadm(test.imapuser01 at td01.testdomain.it): Error: User
test.imapuser01 at td01.testdomain.it is missing 'lookup' right
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox
shared/test.imapsharer01 at td01.testdomain.it/INBOX is NOT visible in LIST
# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u
test.imapuser01 at td01.testdomain.it
shared/test.imapsharer01 at td01.testdomain.it/subfolder01
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox 'subfolder01' is
in namespace 'shared/test.imapsharer01 at td01.testdomain.it/'
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox path:
/home/vpopmail/domains/td01.testdomain.it/dccm4584.imapsharer01/Maildir/.sub
folder01
doveadm(test.imapuser01 at td01.testdomain.it): Info: All message flags are
shared across users in mailbox
doveadm(test.imapuser01 at td01.testdomain.it): Info: User
test.imapuser01 at td01.testdomain.it has rights: lookup read write write-seen
write-deleted insert post expunge create delete admin
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox found from
dovecot-acl-list
doveadm(test.imapuser01 at td01.testdomain.it): Info: User
test.imapsharer01 at td01.testdomain.it found from ACL shared dict
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox
shared/test.imapsharer01 at td01.testdomain.it/subfolder01 is visible in LIST
# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u
test.imapuser01 at td01.testdomain.it
shared/test.imapsharer01 at td01.testdomain.it/subfolder02ro
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox 'subfolder02ro'
is in namespace 'shared/test.imapsharer01 at td01.testdomain.it/'
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox path:
/home/vpopmail/domains/td01.testdomain.it/dccm4584.imapsharer01/Maildir/.sub
folder02ro
doveadm(test.imapuser01 at td01.testdomain.it): Info: All message flags are
shared across users in mailbox
doveadm(test.imapuser01 at td01.testdomain.it): Info: User
test.imapuser01 at td01.testdomain.it has rights: lookup read
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox found from
dovecot-acl-list
doveadm(test.imapuser01 at td01.testdomain.it): Info: User
test.imapsharer01 at td01.testdomain.it found from ACL shared dict
doveadm(test.imapuser01 at td01.testdomain.it): Info: Mailbox
shared/test.imapsharer01 at td01.testdomain.it/subfolder02ro is visible in LIST
in the debug log we can see the delete operation :
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: Mailbox opened
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug: acl
vfile: file
/home/vpopmail/domains/td01.testdomain.it/dccm4584.imapuser01/Maildir/.Trash
/dovecot-acl not found
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox shared/test.imapsharer01 at td01.testdomain.it: Mailbox opened
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: Adding field flags to cache for the first time (uid=0)
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: saving UID 0: Opened mail because: header Message-ID (Cache
file is unusable)
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: Adding field hdr.Message-ID to cache for the first time
(uid=0)
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox shared/test.imapsharer01 at td01.testdomain.it: UID 1: Expunge
requested
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: Purging (new file_seq=1668506005): creating cache
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox Trash: Purging finished, file_seq changed 0 -> 1668506005, size=0 ->
412, max_uid=0
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Info: copy
from shared/test.imapsharer01 at td01.testdomain.it: box=Trash, uid=1,
msgid=<mnid2m.1.24789225.57389.0.1127444.c495198613._ at nl.aruba.it>
Nov 15 10:53:25 imap(357716 test.imapuser01 at td01.testdomain.it):Info:
expunge: box=shared/test.imapsharer01 at td01.testdomain.it, uid=1,
msgid=<mnid2m.1.24789225.57389.0.1127444.c495198613._ at nl.aruba.it>
Nov 15 10:53:26 imap(357716 test.imapuser01 at td01.testdomain.it):Debug:
Mailbox shared/test.imapsharer01 at td01.testdomain.it: UID 1: Mail expunged
After we delete a message, we cannot find it on the Trash folders ( user01
or sharer01 ) .
Are we missing something ?
Thanks
Stefano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20221115/db03d72c/attachment-0001.htm>
More information about the dovecot
mailing list