Since you have obfuscated your data it is hard to tell what's going on, especially as in your previous log you have 'user=user' and now you have user1 and user2.
You can try
doveadm rights -u victim folder
to see what sort of rights dovecot thinks it's seeing.
Aki
On 15 February 2018 at 18:11 David Mehler dave.mehler@gmail.com wrote:
Hello,
Thank you for your reply. Here's my acl files:
public/TestFolder dovecot-acl anyone lr user=user1 akxeilprwts -user=user1 user=user2 lr
public/TestFolder1 dovecot-acl user=user1 lr user=user2 lr
public/dovecot-acl user=user1 lr user=user2 lr
and I have another dovecot-acl file in shared/office folder:
user=user1@domain.com lrwstipekxa user=user2@domain.com lrwstipekxa
Thanks. Dave.
On 2/15/18, Aki Tuomi aki.tuomi@dovecot.fi wrote:
Hi!
It seems you are running 2.2.33.2 =)
Also,
Feb 12 08:48:40 imap(user@example.com): Debug: Mailbox 'public/TestFolder' matches global ACL pattern 'public/TestFolder' Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: reading file /home/vmail/public/TestFolder/dovecot-acl Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: reading file /home/vmail/public/dovecot-acl
it seems there are some folder specific ACLs, can you check these?
Aki
On 15.02.2018 10:40, David Mehler wrote:
Hello,
I'm running Dovecot 2.2.3, and am having issues with my public folders, shared folders, and virtual/ALl folders apparently ACLs are on that list as well.
I was debugging an unrelated problem with my smtp server and got the following dovecot debug log output. Below is also a doveconf -n output as well as my shared-folder definition file and my global-acls file.
What I'm trying to accomplish is:
- Have a public folder that any user on the system can put messages into and respond to.
- Have a shared folder in which user1@example.com and user1@example2.com can exchange messages.
- For each user on the system give them a Virtual/All folder for *all of their messages.
I'd appreciate any help. As an aside if anyone sees an issue with my SSL ciphers list i'd appreciate knowing that as well, in brief I'm trying to get the most secure list, pfs, and not worrying about backware compatibility. If it's not TLS 1.2 I don't touch it.
Thanks. Dave. Feb 12 08:48:40 imap(user@example.com): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so Feb 12 08:48:40 imap(user@example.com): Debug: Module loaded: /usr/local/lib/dovecot/lib02_imap_acl_plugin.so Feb 12 08:48:40 imap(user@example.com): Debug: Effective uid=999, gid=999, home=/home/vmail/example.com/user Feb 12 08:48:40 imap(user@example.com): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/ Feb 12 08:48:40 imap(user@example.com): Debug: fs: root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=, inbox=/home/vmail/example.com/user/mail, alt= Feb 12 08:48:40 imap(user@example.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 Feb 12 08:48:40 imap(user@example.com): Debug: acl: acl username = user@example.com Feb 12 08:48:40 imap(user@example.com): Debug: acl: owner = 1 Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: Global ACL file: /usr/local/etc/dovecot/global-acls Feb 12 08:48:40 imap(user@example.com): Debug: Namespace : type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public Feb 12 08:48:40 imap(user@example.com): Debug: fs: root=/home/vmail/public, index=/home/vmail/example.com/user/mail/public, indexpvt=/home/vmail/example.com/user/mail/public, control=/home/vmail/example.com/user/mail/public, inbox=, alt= Feb 12 08:48:40 imap(user@example.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 Feb 12 08:48:40 imap(user@example.com): Debug: acl: acl username = user@example.com Feb 12 08:48:40 imap(user@example.com): Debug: acl: owner = 0 Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: Global ACL file: /usr/local/etc/dovecot/global-acls Feb 12 08:48:40 imap(user@example.com): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln Feb 12 08:48:40 imap(user@example.com): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Feb 12 08:48:40 imap(user@example.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 Feb 12 08:48:40 imap(user@example.com): Debug: acl: acl username = user@example.com Feb 12 08:48:40 imap(user@example.com): Debug: acl: owner = 0 Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: Global ACL file: /usr/local/etc/dovecot/global-acls Feb 12 08:48:40 imap(user@example.com): Debug: Namespace : type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual Feb 12 08:48:40 imap(user@example.com): Debug: fs: root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=, inbox=, alt= Feb 12 08:48:40 imap(user@example.com): Debug: acl: initializing backend with data: vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 Feb 12 08:48:40 imap(user@example.com): Debug: acl: acl username = user@example.com Feb 12 08:48:40 imap(user@example.com): Debug: acl: owner = 1 Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: Global ACL file: /usr/local/etc/dovecot/global-acls Feb 12 08:48:40 imap(user@example.com): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Drafts/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Spam/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Trash/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Sent/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Archives/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/logcheck/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/public/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: Mailbox 'public/TestFolder' matches global ACL pattern 'public/TestFolder' Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/virtual/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/.Junk/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/ham/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/fail2ban/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/.Sent/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/.Trash/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Maildir/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Maildir/public/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Deleted Items/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Archive/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /home/vmail/example.com/user/mail/Junk/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: Mailbox 'public/TestFolder' matches global ACL pattern 'public/TestFolder' Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: reading file /home/vmail/public/TestFolder/dovecot-acl Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: reading file /home/vmail/public/TestFolder1/dovecot-acl Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: reading file /home/vmail/public/dovecot-acl Feb 12 08:48:40 imap(user@example.com): Debug: acl: No lookup right to mailbox: public/TestFolder1 Feb 12 08:48:40 imap(user@example.com): Debug: Namespace shared/: Using permissions from : mode=0700 gid=default Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /usr/local/etc/dovecot/virtual/dovecot-acl not found Feb 12 08:48:40 imap(user@example.com): Debug: acl vfile: file /usr/local/etc/dovecot/virtual/All/dovecot-acl not found
doveconf -n # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: FreeBSD 11.1-RELEASE-p4 amd64 auth_default_realm = example.com auth_mechanisms = plain login auth_realms = example.com example2.com dict { acl = mysql:/usr/local/etc/dovecot/shared-folders.conf sqlquota = mysql:/usr/local/etc/dovecot/quota.conf } first_valid_gid = 999 first_valid_uid = 999 hostname = mail.example.com imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags last_valid_gid = 999 last_valid_uid = 999 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = 127.0.0.1 xxx.xxx.xxx.xxx lmtp_rcpt_check_quota = yes mail_access_groups = vmail mail_fsync = never mail_gid = vmail mail_home = /home/vmail/%d/%n mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/ mail_plugins = acl mail_log notify quota quota_clone trash virtual welcome zlib mail_server_admin = mailto:postmaster@example.com mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify imapsieve vnd.dovecot.imapsieve namespace { hidden = no list = yes location = maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public mailbox TestFolder { auto = subscribe comment = Public Folder for message sharing } prefix = public/ separator = / subscriptions = yes type = public } namespace { list = yes location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace { location = virtual:/usr/local/etc/dovecot/virtual mailbox All { auto = subscribe comment = All my messages special_use = \All } prefix = virtual/ separator = / } namespace inbox { inbox = yes location = mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = subscribe special_use = \Archive } mailbox "Deleted Messages" { auto = no autoexpunge = 30 days special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = no autoexpunge = 30 days special_use = \Junk } mailbox "Junk E-mail" { auto = no autoexpunge = 30 days special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Trash { auto = subscribe autoexpunge = 30 days special_use = \Trash } prefix = separator = / type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 acl_anyone = allow acl_shared_dict = proxy::acl imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_clone_dict = proxy::sqlquota quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_grace = 10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = true quota_warning = storage=100%% quota-exceeded 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u quota_warning5 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_before = /home/vmail/sieve/before.d sieve_default = /home/vmail/sieve/default.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_dir = /home/vmail/sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute sieve_max_redirects = 30 sieve_max_script_size = 1M sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_user_log = /home/vmail/sieve/sieve_error.log trash = /usr/local/etc/dovecot/trash.conf welcome_script = welcome %u welcome_wait = yes } postmaster_address = postmaster@example.com protocols = imap lmtp sieve sendmail_path = /usr/local/sbin/sendmail service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { address = 127.0.0.1 port = 143 } inet_listener imaps { address = xxx.xxx.xxx.xxx port = 993 ssl = yes } } service imap { executable = imap } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/dovecot-quota { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/etc/dovecot/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } service welcome { executable = script /usr/local/etc/dovecot/welcome.sh unix_listener welcome { user = vmail } user = vmail } ssl = required ssl_cert =
shared-folders.conf connect = DatabaseConnectionParameters # For shared mailboxes map { pattern = shared/shared-boxes/user/$to/$from table = user_shares value_field = dummy
fields { from_user = $from to_user = $to } }
# To share mailbox to anyone uncomment acl_anyone=allow in # 90-acl.conf map { pattern = shared/shared-boxes/anyone/$from table = anyone_shares value_field = dummy
fields { from_user = $from } }
global-acls public/TestFolder user=user lrwstipekxa