Am 19.09.17 um 00:03 schrieb Ralf Becker:
Hi Timo,
update to 2.2.32 (suggested by Aki) did not change the situation ...
Am 18.09.17 um 20:49 schrieb Timo Sirainen:
Hi Timo,
Am 18.09.17 um 12:03 schrieb Timo Sirainen:
On 18 Sep 2017, at 12.10, Ralf Becker <rb@egroupware.org <mailto:rb@egroupware.org> <mailto:rb@egroupware.org>> wrote:
On 7 Sep 2017, at 17.42, Ralf Becker <rb@egroupware.org <mailto:rb@egroupware.org> <mailto:rb@egroupware.org>> wrote: > Dovecot 2.2.31 with mailboxes in mdbox format. > > Since a couple of days some mailboxes have the problem, that sieve > rules > moving mails to folders stop working and .sieve.log in mailbox shows: > > sieve: info: started log at Sep 07 13:57:17. > error: > msgid=<20170907155704.EGroupware.S4yThVJRr12WSiJLpKbK0Bz@somedomain.egroupware.de > <mailto:20170907155704.EGroupware.S4yThVJRr12WSiJLpKbK0Bz@somedomain.egroupware.de> > <mailto:20170907155704.EGroupware.S4yThVJRr12WSiJLpKbK0Bz@somedomain.egroupware.de>>: > failed to store into mailbox 'INBOX/Munser': Mailbox doesn't exist: > INBOX/Munser. > > When I do a doveadm mailbox list -s -u <user>@<domain> I get all > folders > incl. the one mentioned above, while doveadm mailbox list without -s > shows just > user > INBOX Subscriptions are stored independently from the actual folders. So it looks like the subscription file exists and is correct, but somehow you've lost all the folders. Do you see the folders in the filesystem under user/mailboxes/ directory? Yes, the folders exist under /var/dovecot/imap/<domain>/<user>/mdbox/mailboxes/. Just doveadm mailbox list -u <user>@<domain> (without -s) does only show INBOX and user. (I can send you the list of folders via private mail, but I can not
Am 14.09.17 um 01:07 schrieb Timo Sirainen: post them on the list.)
Anything I can do to get Dovecot to eg. rescan the folders from the filesystem or any other way to fix that problem? I have it with a couple of mailboxes, so I believe it's some kind of systematic problem, nothing the users did. I can't really think of any reason why it wouldn't simply work. Especially since you're not using v2.2.32, the folder listing is always performed by listing the directories in filesystem, so there's nothing really to resync. What's your doveconf -n? You could try with mailbox_list_index=no if that happens to make any difference, but it shouldn't.
You could also try what "strace -o log -s 100 doveadm mailbox list -u user@domain" shows. Is it opening the correct mailboxes/ directory? Maybe the path is just wrong for some reason (some typo added somewhere)?
Nope it lstats the correct directories, but does not show them.
I send you the strace / sysdig output per private mail, as it contains private information of that user. Looks like you have some dovecot-acl and dovecot-acl-list files, so it has to be because Dovecot thinks the ACLs are preventing access to the user. Try deleting dovecot-acl-list to see if the problem is with
On 18 Sep 2017, at 20.12, Ralf Becker <rb@egroupware.org <mailto:rb@egroupware.org>> wrote: that. If not, look at the dovecot-acl files and/or "doveadm acl debug -u user@domain <folder that's supposed to exist>" to figure out what's wrong.
root@fra-nfs-mail:~# doveadm acl debug -u <user>@<domain> INBOX/AA doveadm(<user>@<domain>): Info: Mailbox 'AA' is in namespace 'INBOX/' doveadm(<user>@<domain>): Info: Mailbox path: /var/dovecot/imap/<domain>/<user>/mdbox/mailboxes/AA/dbox-Mails doveadm(<user>@<domain>): Info: All message flags are shared across users in mailbox doveadm(<user>@<domain>): Info: User <user>@<domain> has no rights for mailbox doveadm(<user>@<domain>): Error: User <user>@<domain> is missing 'lookup' right doveadm(<user>@<domain>): Info: Mailbox INBOX/AA is NOT visible in LIST
Ok, but when I try to fix it:
root@fra-nfs-mail:~# doveadm acl add -u <user>@<domain> INBOX/AA user=<user>@<domain> admin create delete expunge insert lookup post read write write-deleted write-seen
root@fra-nfs-mail:~# doveadm acl add -u <user>@<domain> INBOX/AA owner admin create delete expunge insert lookup post read write write-deleted write-seen
root@fra-nfs-mail:~# doveadm acl get -u <user>@<domain> INBOX/AA ID Global Rights owner admin create delete expunge insert lookup post read write write-deleted write-seen user=<user>@<domain> admin create delete expunge insert lookup post read write write-deleted write-seen
Nothing has changed :(
root@fra-nfs-mail:~# doveadm acl debug -u <user>@<domain> INBOX/AA doveadm(<user>@<domain>): Info: Mailbox 'AA' is in namespace 'INBOX/' doveadm(<user>@<domain>): Info: Mailbox path: /var/dovecot/imap/<domain>/<user>/mdbox/mailboxes/AA/dbox-Mails doveadm(<user>@<domain>): Info: All message flags are shared across users in mailbox doveadm(<user>@<domain>): Info: User <user>@<domain> has no rights for mailbox doveadm(<user>@<domain>): Error: User <user>@<domain> is missing 'lookup' right doveadm(<user>@<domain>): Info: Mailbox INBOX/AA is NOT visible in LIST
How to fix that situation?
Is there a way to reset acl of all folders of a user to all rights for the owner?
root@fra-nfs-mail:/var/dovecot/imap/<domain>/<user># find -name "dovecot-acl*" ./mdbox/mailboxes/INBOX/dbox-Mails/dovecot-acl ./mdbox/mailboxes/AA/dbox-Mails/dovecot-acl ./mdbox/dovecot-acl-list
Ralf
Here's my config:
root@fra-nfs-mail:~# doveadm config -n # 2.2.32 (dfbe293d4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.20 (7cd71ba) # OS: Linux 4.4.0-93-generic x86_64 auth_cache_negative_ttl = 2 mins auth_cache_size = 10 M auth_cache_ttl = 5 mins auth_master_user_separator = * auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#" default_client_limit = 3500 default_process_limit = 512 disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it doveadm_port = 12345 first_valid_uid = 90 listen = * log_path = /dev/stderr mail_access_groups = dovecot mail_gid = dovecot mail_location = mdbox:~/mdbox mail_log_prefix = "%s(%u %p): " mail_max_userip_connections = 200 mail_plugins = acl quota notify replication mail_log mail_uid = dovecot managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave vnd.dovecot.debug mbox_min_index_size = 1000 B mdbox_rotate_size = 50 M namespace inboxes { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX/ separator = / subscriptions = no } namespace subs { hidden = yes list = no location = prefix = separator = / } namespace users { location = mdbox:%%h/mdbox:INDEXPVT=~/shared/%%u prefix = user/%%n/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/dovecot-dict-master-auth.conf driver = dict master = yes } passdb { args = /etc/dovecot/dovecot-dict-auth.conf driver = dict } plugin { acl = vfile acl_shared_dict = file:/var/dovecot/imap/%d/shared-mailboxes.db mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcp:10.44.99.1 quota = dict:User quota::ns=INBOX/:file:%h/dovecot-quota quota_rule = *:storage=100GB sieve = ~/sieve/dovecot.sieve sieve_after = /var/dovecot/sieve/after.d/ sieve_before = /var/dovecot/sieve/before.d/ sieve_dir = ~/sieve sieve_extensions = +editheader sieve_user_log = ~/.sieve.log } postmaster_address = admins@egroupware.org protocols = imap pop3 lmtp sieve quota_full_tempfail = yes replication_dsync_parameters = -d -n INBOX -l 30 -U service aggregator { fifo_listener replication-notify-fifo { user = dovecot } unix_listener replication-notify { user = dovecot } } service auth-worker { user = $default_internal_user } service doveadm { inet_listener { port = 12345 } inet_listener { port = 26 } vsz_limit = 512 M } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 5 service_count = 1 vsz_limit = 64 M } service imap { executable = imap process_limit = 2048 vsz_limit = 512 M } service lmtp { inet_listener lmtp { port = 24 } unix_listener lmtp { mode = 0666 } vsz_limit = 512 M } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { executable = pop3 } service postlogin { executable = script-login -d rawlog -b -t } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = dovecot mode = 0660 user = dovecot } } ssl_cert = </etc/certs/mail.egroupware.org.pem ssl_key = # hidden, use -P to show it userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-dict-auth.conf driver = dict } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = yes protocol lda { mail_plugins = acl quota notify replication mail_log acl sieve quota } protocol imap { mail_max_userip_connections = 200 mail_plugins = acl quota notify replication mail_log acl imap_acl quota imap_quota } protocol lmtp { mail_max_lock_timeout = 25 secs mail_plugins = acl quota notify replication mail_log acl sieve quota }
-- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0