Package: dovecot-core Version: 1:2.4.1+dfsg1-6 Severity: important
Dear Maintainer,
after upgrading to trixie, I reconfigure dovecot - starting with the maintainer's config files due to the complete change of config syntax - and got it working again serving the existing mailboxes.
I again configured /var/mail/%{user | username} as mail_inbox_path, at a separate location from all other mailboxes at some directory at user's home. All mailboxes remain in mbox format as before.
When I set up a mail inbox path in shared namespace, dovecot is attempting to delete the lexicographically first user "someotheruser" who is sharing their mailboxes, whenever a user "someuser" with read access to that mailboxes is updating the mailbox list:
journalctl output with mail_inbox_path setup for shared namespace
Aug 16 16:43:59 somehost systemd[1]: Started dovecot.service - Dovecot IMAP/POP3 email server. Aug 16 16:44:05 somehost dovecot[65636]: imap-login: Login aborted: Logged out (no auth attempts in 0 secs) (no_auth_attempts): user=<>, rip=some::ipv6, lip=some::ipv6, session=<xojHiXw8zKP95iU4WzA7U7on6//+m0as> Aug 16 16:44:14 somehost auth[65647]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6 user=someuser Aug 16 16:44:14 somehost dovecot[65636]: imap-login: Logged in: user=<someuser>, method=PLAIN, rip=some::ipv6, lip=some::ipv6, mpid=65651, TLS, session=<0klNinw8fJIqAgkIAbCIAAL////+ESJD> Aug 16 16:44:14 somehost dovecot[65636]: imap(someuser)<65651><0klNinw8fJIqAgkIAbCIAAL////+ESJD>: Disconnected: Logged out in=98 out=1253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Aug 16 16:44:14 somehost auth[65647]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6 user=someuser Aug 16 16:44:14 somehost dovecot[65636]: imap-login: Logged in: user=<someuser>, method=PLAIN, rip=some::ipv6, lip=some::ipv6, mpid=65656, TLS, session=<tE5Oinw8hpIqAgkIAbCIAAL////+ESJD> Aug 16 16:44:14 somehost dovecot[65636]: imap(someuser)<65656><tE5Oinw8hpIqAgkIAbCIAAL////+ESJD>: Error: rmdir(/var/mail/someotheruser) failed: Permission denied
(Note: the authentication failure listed here appears to come from a certain pam module that doesn't know someuser, but is cured by another pam module in the stack that can authenticate someuser)
This otheruser's INBOX will _not_ be displayed in the folder list for someuser, whereas the INBOX of lexicographically following user is not attempted to rmdir, and _do_ show up for the authorized someuser.
When, for testing purposes, I remove mail_inbox_path from the shared namespace's configuration, obviously all otheruser's INBOX'es disappear from the folder list of someuser. But now dovecat attempts to rmdir someuser's own inbox:
journalctl output with no mail_inbox_path configured for shared namespace, but only for inbox namespace
Aug 16 16:34:48 mailserver systemd[1]: Started dovecot.service - Dovecot IMAP/POP3 email server. Aug 16 16:34:48 mailserver unix_chkpwd[65322]: password check failed for user (someuser) Aug 16 16:34:48 mailserver auth[65320]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6 user=someuser Aug 16 16:34:48 mailserver dovecot[65315]: imap-login: Logged in: user=<someuser>, method=PLAIN, rip=some::ipv6 lip=some::ipv6, mpid=65324, TLS, session=<uViUaHw8psgqAgkIAbCIAAL////+ESJD> Aug 16 16:34:48 mailserver dovecot[65315]: imap(someuser)<65324><uViUaHw8psgqAgkIAbCIAAL////+ESJD>: Error: rmdir(/var/mail/someuser) failed: Permission denied
In this case, however someuser's INBOX remains in the folder list.
*** Reporter, please consider answering these questions, where appropriate ***
- What led up to the situation?
The upgrade to version 2.4.1 combined with a complete new configuration.
-- Package-specific info:
dovecot configuration
... mail_driver = mbox mail_gid = familie mail_home = /home/%{user | username} mail_inbox_path = /var/mail/%{user | username} mail_path = ~/IMail mail_plugins { acl = yes fts = yes fts_solr = yes } mail_privileged_group = mail ... mail_shared_explicit_inbox = yes protocols { imap = yes sieve = yes } passdb pam { } userdb passwd { } namespace inbox { mail_driver = mbox mail_inbox_path = /var/mail/%{user | username} mail_path = ~/IMail inbox = yes subscriptions = yes type = private mailbox Drafts { special_use = "\\Drafts" } mailbox Junk { special_use = "\\Junk" } mailbox Trash { special_use = "\\Trash" } mailbox Sent { special_use = "\\Sent" } mailbox "Sent Messages" { special_use = "\\Sent" } } namespace shared { mail_driver = mbox
this following setting removed for 2nd test
mail_inbox_path = /var/mail/%{owner_user | username } mail_index_private_path = ~/.dovecot-index/shared/%{owner_user} mail_path = %{owner_home}/IMail list = yes prefix = shared/$username/ separator = / subscriptions = no type = shared } acl_sharing_map { dict file { path = /var/lib/dovecot/db/shared-mailboxes.db } } protocol imap { mail_plugins { imap_acl = yes } } service imap-login { inet_listener imap { } inet_listener imaps { } } service lmtp { unix_listener lmtp { } } service imap { } service pop3 { } service auth { unix_listener auth-userdb { group = users mode = 0660 user = mail } unix_listener auth-exim { group = sasl mode = 0660 type = auth-legacy user = mail } } service auth-worker { } service dict { unix_listener dict { } } ssl_server { cert_file = /etc/letsencrypt/live/somedomain/fullchain.pem key_file = /etc/letsencrypt/live/somedomain/privkey.pem } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service managesieve { } language de { default = yes } language en { } fts solr { url = http://localhost:8983/solr/dovecot/ }
-- System Information: Debian Release: 13.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64)
Kernel: Linux 6.12.41+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Versions of packages dovecot-core depends on: ii adduser 3.152 ii dovecot-sieve 1:2.4.1+dfsg1-6 ii init-system-helpers 1.68 ii libapparmor1 4.1.0-1 ii libbz2-1.0 1.0.8-6 ii libc6 2.41-12 ii libcap2 1:2.75-10+b1 ii libcrypt1 1:4.4.38-1 ii libexttextcat-2.0-0 3.4.7-1+b1 ii libicu76 76.1-4 ii liblua5.4-0 5.4.7-1+b2 ii liblz4-1 1.10.0-4 ii libpam-runtime 1.7.0-5 ii libpam0g 1.7.0-5 ii libsodium23 1.0.18-1+b2 ii libssl3t64 3.5.1-1 ii libstemmer0d 2.2.0-4+b2 ii libsystemd0 257.7-1 ii libtirpc3t64 1.3.6+ds-1 ii libunwind8 1.8.1-0.1 ii libzstd1 1.5.7+dfsg-1 ii openssl 3.5.1-1 ii ssl-cert 1.1.3 ii ucf 3.0052 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests: pn dovecot-flatcurve <none> pn dovecot-gssapi <none> ii dovecot-imapd 1:2.4.1+dfsg1-6 pn dovecot-ldap <none> pn dovecot-lmtpd <none> ii dovecot-managesieved 1:2.4.1+dfsg1-6 pn dovecot-mysql <none> pn dovecot-pgsql <none> pn dovecot-pop3d <none> ii dovecot-solr 1:2.4.1+dfsg1-6 pn dovecot-sqlite <none> pn dovecot-submissiond <none> pn ntp <none>
Versions of packages dovecot-core is related to: ii dovecot-core [dovecot-common] 1:2.4.1+dfsg1-6 pn dovecot-dev <none> pn dovecot-gssapi <none> ii dovecot-imapd 1:2.4.1+dfsg1-6 pn dovecot-ldap <none> pn dovecot-lmtpd <none> ii dovecot-managesieved 1:2.4.1+dfsg1-6 pn dovecot-mysql <none> pn dovecot-pgsql <none> pn dovecot-pop3d <none> ii dovecot-sieve 1:2.4.1+dfsg1-6 pn dovecot-sqlite <none>
-- Configuration Files: /etc/default/dovecot changed: ENABLED=1 ALLOW_COREDUMPS=1
-- debconf information: dovecot-core/ssl-cert-name: localhost dovecot-core/create-ssl-cert: false
- dovecot-core/ssl-cert-exists: