Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi,
after some days of debug I have found a solution to have shared folders works via imapc, even if partially.
First, in the documentation page there is an error, the right "location" should be like this:
location = imapc:%%h/Maildir
with %%h/ instead of ~/
After I have setup two passdb like these:
passdb { driver = static args = password=P4ssw0rd result_success = continue }
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
where the first is required (only on backend dovecot) when the sharing user (test2) need to login (with imapc_password) and the second (both in director and backend dovecot) when the "test1" need to login into sharing (test2) account like master user.
So acl debug works fine:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39698) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39700) doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox doveadm(test1@emailtest.net): Info: User test1@emailtest.net has rights: lookup read write write-seen write-deleted insert expunge doveadm(test1@emailtest.net): Info: Mailbox found from dovecot-acl-list doveadm(test1@emailtest.net): Info: User test2@emailtest.net found from ACL shared dict doveadm(test1@emailtest.net): Info: Mailbox shared/test2/Sent is visible in LIST
But the are still some issues, if the sharing ring is like "test2 share a folder with test1 that share a folder with test3 that share a folder test2" dovecot have a loop until max_user_connections is reached. Probably until option "acl_ignore_namespace" will be available we cannot solve this.
Moreover, if both test1 and test2 mark as read/unread the same message in a shared folder dovecot have some indexes issue:
Apr 25 21:03:56 Error: imap(test2@emailtest.net) session=<H5EBptDA3IgKQgTL>: Mailbox Sent: Timeout (180s) while waiting for lock for transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log (WRITE lock held by pid 6181) Apr 25 21:03:56 Warning: imap(test1@emailtest.net) session=<6Kn/pdDAHKxT07oG>: Transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log was locked for 180 seconds (Mailbox was synchronized) Apr 25 21:03:56 Warning: imap(test2@emailtest.net) session=<7d2ppdDAFKxT07oG>: Locking transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log took 178 seconds (syncing)
probably because INDEXPVT is not supported in imapc?
So, I should wait until 2.3.15 to have shared mailboxes via imapc work fine or I missing something?
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice