- Timo Sirainen <tss@iki.fi> 2015.09.08 12:20:
How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389
If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there.
$ doveadm mailbox create -u tlx@leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(tlx@leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied
Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough:
Sep 8 13:19:07 nihlus dovecot: auth: Debug: master in: USER#0111#011tlx@leuxner.net#011service=doveadm Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx@leuxner.net): userdb cache miss Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file /var/vmail/auth.d/leuxner.net/passwd: Read 1 users in 0 secs Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx@leuxner.net): lookup: user=tlx@leuxner.net file=/var/vmail/auth.d/leuxner.net/passwd Sep 8 13:19:07 nihlus dovecot: auth: Debug: userdb out: USER#0111#011tlx@leuxner.net#011uid=5000#011gid=5000#011home=/var/vmail/domains/leuxner.net/tlx#011quota_rule=*:storage=5G#011acl_groups=PublicMailboxAdmins
With IMAP it is more talkative:
3 create "Public/Archive/Mailing-Lists/Dovecot/2015"
Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: dict quota: user=tlx@leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: acl username = tlx@leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox /public Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: acl username = tlx@leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: owner = 0 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, alt= Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: acl username = tlx@leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:07:13 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: file /var/vmail/domains/leuxner.net/tlx/mdbox/mailboxes/dovecot-acl not found Sep 8 13:07:13 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace : Using permissions from /var/vmail/domains/leuxner.net/tlx/mdbox: mode=0700 gid=default Sep 8 13:07:13 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace Public/: Using permissions from /var/vmail/public: mode=0700 gid=default
Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Namespace Public/: /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015 doesn't exist yet, using default permissions Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx@leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found
# 2.2.18 (500e8dd7a389): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.2 auth_cache_size = 16 k auth_debug = yes auth_verbose = yes deliver_log_format = msgid=%m, time=%{delivery_time}ms, status=%$ hostname = host.domain.tld imap_hibernate_timeout = 1 mins imap_id_log = * imap_logout_format = in=%i out=%o hdr=%{fetch_hdr_count} body=%{fetch_body_count} del=%{deleted} exp=%{expunged} trash=%{trashed} mail_debug = yes mail_location = mdbox:~/mdbox mail_plugins = acl quota stats zlib virtual mailbox_list_index = yes namespace { list = yes location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public prefix = Public/ separator = / subscriptions = no type = public } namespace { location = virtual:~/mdbox/virtual prefix = Virtual/ separator = / } namespace inbox { hidden = no inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } plugin { acl = vfile:/var/vmail/conf.d/%d/global-acl:cache_secs=300 mail_log_events = expunge mailbox_delete quota = dict:user::file:%h/mdbox/dovecot-quota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_success = DUNNO sieve = file:~/sieve;active=~/.dovecot.sieve sieve_global_dir = /var/vmail/conf.d/%d/sieve stats_refresh = 30s stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp" quota_full_tempfail = yes service auth-worker { unix_listener auth-worker { user = doveauth } user = doveauth } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = doveauth } service imap-hibernate { unix_listener imap-hibernate { user = vmail } } service imap-login { inet_listener imap { address = 1.2.3.4 port = 143 reuse_port = yes } inet_listener imaps { port = 0 } process_min_avail = 8 } service imap { unix_listener imap-master { user = dovecot } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca = </etc/ssl/certs/Comodo_RSA_Domain_Validation_SHA-2_Intermediates_CA_Bundle.crt ssl_cert = </etc/ssl/certs/host_domain_tld.crt ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/host_domain_tld.key ssl_protocols = !SSLv2 !SSLv3 syslog_facility = local1 userdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } verbose_proctitle = yes protocol lmtp { mail_plugins = acl quota stats zlib virtual sieve } protocol imap { mail_max_userip_connections = 20 mail_plugins = acl quota stats zlib virtual mail_log notify imap_acl imap_quota imap_stats }