-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 15 Mar 2014, Alessandro Menti wrote:
Dear Alessandro,
see below mail_location, SQL query and debug output ... .
IMHO, the behaviour matches your config.
I'm setting up a Postfix+Dovecot stack with virtual domains and public mailboxes.
I set up a shared mailbox "office@mydomain.com" as described in the Dovecot Wiki [1], that is:
- I created the directory "/var/mail/mydomain.com/public/" and inside it I created the ".office" mailbox;
- I added an appropriate ACL to allow the account "president@mydomain.com" to read and edit that mailbox under a public namespace;
- I added a Sieve script to handle delivery to the public mailbox (its location is /var/mail/mydomain.com/public/.office/.dovecot.sieve).
Some other relevant details about my configuration: table is used by other applications as well, I decided to keep it
- The backend used by Postfix and Dovecot to handle virtual aliases/domains/maps is a MySQL database. Since the virtual user
"clean" and to make use of another "virtual mailboxes" table (see /etc/dovecot/dovecot-sql.conf.ext below). The password_query setting returns only results from the virtual user table (so that only real users can authenticate on the IMAP server), while the user_query setting returns results from both the virtual user and the virtual mailbox table (so that dovecot-lda can choose the correct mailbox). performing a manual check using Thunderbird).
- The queries saved in password_query and user_query return the correct results when executed manually: the home directory for the "office@mydomain.com" virtual mailbox is set to /var/mail/mydomain.com /public/.office.
- Delivery from and to the "president@mydomain.com" account is regular, and that account is able to access the "office@mydomain.com" virtual mailbox (I have tested this by speaking IMAP to the server and by
I encountered a problem with this setup: when I send a message to the "office@mydomain.com" account, the Postfix logs say it is correctly delivered via Dovecot, but the Sieve script says it can not find the folder "Public/.office". As a consequence, Dovecot creates a new Maildir in /var/mail/mydomain.com/office and delivers the mail there instead of saving it in the correct directory (/var/mail/mydomain.com/public/.office).
Is there something I set incorrectly in my configuration? What is causing Dovecot not to recognize the correct mailbox during delivery? Is there a way to list all mailboxes seen by dovecot-lda itself?
Thanks, Alessandro Menti
[1] http://wiki2.dovecot.org/SharedMailboxes/Public
Dovecot and OS version: 2.0.19, Ubuntu 12.04 LTS Output of "dovecot -n":
# 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-46-generic i686 Ubuntu 12.04.4 LTS ext4 auth_mechanisms = plain login login_greeting = IMAP server ready. mail_debug = yes mail_gid = vmail mail_location = maildir:/var/mail/%d/%n/Maildir
^^^ default maillocation /var/mail/<domain>/office/Maildir
mail_plugins = acl mail_uid = vmail namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = maildir:/var/mail/mydomain.com/public prefix = Public/ separator = / subscriptions = no type = public } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile sieve = ~/.dovecot.sieve sieve_before = /var/mail/sieve/ sieve_dir = ~/sieve } postmaster_address = postmaster@mydomain.com protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = dovecot } } ssl_cert = </etc/ssl/srvcerts/mailcert-withintcas.cer ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS ssl_key = </etc/ssl/private/mailcert.pvk userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lda { info_log_path = /var/log/dovecot-lda.log log_path = /var/log/dovecot-lda-errors.log mail_plugins = acl sieve } protocol imap { mail_plugins = acl imap_acl }
/etc/dovecot/dovecot-sql.conf.ext:
driver = mysql connect = host=127.0.0.1 dbname=dbname user=username password=password default_pass_scheme = SHA512-CRYPT password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'; user_query = SELECT home FROM virtual_users WHERE email = '%u' UNION SELECT home FROM virtual_shared_mailboxes WHERE email = '%u'
The UserDB query does _not_ return mail, hence, does not override default mail_location, which does _not_ depend on HOME.
Extract from /var/log/mail.log:
Mar 15 11:43:07 phoenix postfix/pickup[1404]: 3BA221FFD1: uid=0 from=<sysadmin> Mar 15 11:43:07 phoenix postfix/cleanup[4871]: 3BA221FFD1: message-id=<20140315104307.3BA221FFD1@mail.mydomain.com> Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1: from=<sysadmin@mydomain.com>, size=316, nrcpt=1 (queue active) Mar 15 11:43:07 phoenix dovecot: auth-worker: mysql(127.0.0.1): Connected to database mailserver Mar 15 11:43:07 phoenix postfix/pipe[4875]: 3BA221FFD1: to=<office@mydomain.com>, relay=dovecot, delay=0.15, delays=0.05/0.03/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service) Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1: removed
Extract from /var/log/dovecot-lda.log:
Mar 15 11:43:07 lda: Debug: Loading modules from directory: /usr/lib/dovecot/modules Mar 15 11:43:07 lda: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Mar 15 11:43:07 lda: Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so Mar 15 11:43:07 lda: Debug: auth input: office@mydomain.com home=/var/mail/mydomain.com/public/.office Mar 15 11:43:07 lda(office@mydomain.com): Debug: Effective uid=1002, gid=999, home=/var/mail/mydomain.com/public/.office
^^ This matches the UserDB query, but is not used by mail location.
Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Mar 15 11:43:07 lda(office@mydomain.com): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/mail/mydomain.com/office/Maildir
^^ This matches the default mail_location
Mar 15 11:43:07 lda(office@mydomain.com): Debug: maildir++: root=/var/mail/mydomain.com/office/Maildir, index=, control=, inbox=/var/mail/mydomain.com/office/Maildir, alt= Mar 15 11:43:07 lda(office@mydomain.com): Debug: Namespace : /var/mail/mydomain.com/office/Maildir doesn't exist yet, using default permissions Mar 15 11:43:07 lda(office@mydomain.com): Debug: Namespace : Using permissions from /var/mail/mydomain.com/office/Maildir: mode=0700 gid=-1 Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: initializing backend with data: vfile Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: acl username = office@mydomain.com Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: owner = 1 Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl vfile: Global ACL directory: (none) Mar 15 11:43:07 lda(office@mydomain.com): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:/var/mail/mydomain.com/public Mar 15 11:43:07 lda(office@mydomain.com): Debug: maildir++: root=/var/mail/mydomain.com/public, index=, control=, inbox=, alt= Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: initializing backend with data: vfile Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: acl username = office@mydomain.com Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: owner = 0 Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl vfile: Global ACL directory: (none) Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Mar 15 11:43:07 lda(office@mydomain.com): Debug: none: root=, index=, control=, inbox=, alt= Mar 15 11:43:07 lda(office@mydomain.com): Debug: Destination address: office@mydomain.com (source: user@hostname) Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: include: sieve_global_dir is not set; it is currently not possible to include `:global' scripts. Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: using sieve path for user's script: /var/mail/mydomain.com/public/.office/.dovecot.sieve Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: opening script /var/mail/mydomain.com/public/.office/.dovecot.sieve Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: script binary /var/mail/mydomain.com/public/.office/.dovecot.svbin successfully loaded Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: binary save: not saving binary /var/mail/mydomain.com/public/.office/.dovecot.svbin, because it is already stored Mar 15 11:43:07 lda(office@mydomain.com): Debug: sieve: executing script from /var/mail/mydomain.com/public/.office/.dovecot.svbin Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl vfile: reading file /var/mail/mydomain.com/public/.office/dovecot-acl Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl vfile: file /var/mail/mydomain.com/public/dovecot-acl not found Mar 15 11:43:07 lda(office@mydomain.com): Debug: acl vfile: file /var/mail/mydomain.com/office/Maildir/dovecot-acl not found Mar 15 11:43:07 lda(office@mydomain.com): Info: sieve: msgid=<20140315104307.3BA221FFD1@mail.mydomain.com>: stored mail into mailbox 'INBOX'
Extract from /var/mail/mydomain.com/public/.office/.dovecot.sieve.log:
sieve: info: started log at Mar 15 11:43:07. error: msgid=<20140315104307.3BA221FFD1@mail.mydomain.com>: failed to store into mailbox 'Public/office': Mailbox doesn't exist: office.
Listing of /var/mail/mydomain.com/public/.office:
$ sudo ls /var/mail/mydomain.com/public/.office -lA total 56 drwxr-x--- 2 vmail vmail 4096 mar 14 17:14 cur -rw-r--r-- 1 root root 98 mar 9 18:05 dovecot-acl -rw-r----- 1 vmail vmail 18432 mar 15 10:36 dovecot.index.cache -rw-r----- 1 vmail vmail 1088 mar 15 10:36 dovecot.index.log -rw-r--r-- 1 vmail vmail 0 mar 14 21:50 dovecot-shared -rw-r--r-- 1 root root 50 mar 15 11:42 .dovecot.sieve -rw------- 1 vmail vmail 188 mar 15 11:43 .dovecot.sieve.log -rw-r--r-- 1 vmail vmail 124 mar 15 11:42 .dovecot.svbin -rw-r----- 1 vmail vmail 98 mar 14 17:13 dovecot-uidlist drwxr-x--- 2 vmail vmail 4096 mar 14 16:25 new drwxr-x--- 2 vmail vmail 4096 mar 15 08:48 tmp
Contents of /var/mail/mydomain.com/public/.office/.dovecot.sieve:
require "fileinto"; fileinto "Public/office";
ACL for the "office" shared mailbox:
$ sudo cat /var/mail/mydomain.com/public/.office/dovecot-acl user=president@mydomain.com lrwstipe
Transcript of an IMAP session listing all folders:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] IMAP server ready. a01 LOGIN president@mydomain.com password a01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in a02 LIST "" "*"
- LIST (\HasNoChildren) "/" "Infected Items"
- LIST (\HasNoChildren) "/" "Recycle Bin"
- LIST (\HasNoChildren) "/" "Spam"
- LIST (\HasNoChildren) "/" "Trash"
- LIST (\HasNoChildren) "/" "Drafts"
- LIST (\HasNoChildren) "/" "Sent Mail"
- LIST (\HasNoChildren) "/" "INBOX"
- LIST (\HasNoChildren) "/" "Public/office" a02 OK List completed. a03 LOGOUT
- BYE Logging out a03 OK Logout completed.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUylCKXD1/YhP6VMHAQIPJwf/Ti25u4nPcL86QjNGeFjION9OfgNtg/XD HQ1YKLjn6usuIrBJdnNczNdBMvDrOlONmyMLOyVfLaVEREIULCb80QrSbA41eW02 UMUXo+l41QedY2O32AnHN3ugsgOJXcLQLAXsRMqehyQa5BooyWiO6xo9fzkDiqX1 nd38ubYxn2EDIuGAeHwRDtgpX/s25FZeRvsUJrFPvo7eNOePyZY3qfq8m2/LrNet AyDWh3Hon7znj64LOtgr501tuq+HMFOBH40Qmd6kkFZFRwoBxdTDnmv9qrrwVvKx 2T5/hQBzD5LWAKGEF1+MTt00sYzQHoLRzCkfVgaSQjsG1butXRJRlQ== =xKsq -----END PGP SIGNATURE-----