Hello,
I have successfully setup dovecot with chroot but there are two things yet
- submission_host problem (I posted message 2 days ago)
- Problem with acl's and sharing:
all maildirs are located in: /var/mail/jdoe@example.com/Maildir so: mail_chroot=/var/mail
I setup acls with:
10-mail.conf ... namespace { type = private separator = / prefix =. inbox = yes hidden = no list = yes subscriptions = yes }
namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = yes list = yes } ...
90-acl.conf ... plugin { acl = vfile:cache_secs=5 }
plugin { acl_shared_dict = file:/%i.db } ...
Setting acl is no problem there are dovecot-acl dovecot-acl-list in Maildir.
and dictionary /var/mail/xxx.db contains list od shares
I can also see shared folder in my IMAP client but when trying to subscribe i got error:
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory Error: Namespace 'shared/': Could not lookup home for user jdoe@example.com
/var/dovecot/auth-userdb is not accessible because chroot. But why userdb is necessary in this case ?
I hope there is a solution without disabling chroot.
Below my basic configuration.
Regards, Bambero
2.0.13: /etc/dovecot/dovecot.conf
OS: OpenBSD 5.0 i386
auth_mechanisms = plain login digest-md5 cram-md5 apop default_internal_user = _dovecot default_login_user = _dovenull first_valid_gid = 1000 first_valid_uid = 1000 last_valid_gid = 10000 last_valid_uid = 10000 mail_chroot = /var/mail mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mbox_write_locks = fcntl mmap_disable = yes passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { autocreate = Trash autocreate2 = Spam autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Spam autosubscribe3 = Sent autosubscribe4 = Drafts quota = maildir:User quota sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_global_path = /etc/sieve/default.sieve } protocols = imap pop3 sieve sieve service auth { unix_listener auth-client { mode = 0660 user = _exim } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_ca = /etc/ssl/ca-bundle.crt ssl_cert = </etc/ssl/mycert.crt ssl_key = </etc/ssl/private/mycert.key submission_host = 127.0.0.1 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } valid_chroot_dirs = /var/mail protocol lda { mail_plugins = sieve quota autocreate } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_plugins = quota imap_quota autocreate } protocol pop3 { mail_plugins = quota imap_quota autocreate pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }
On Sun, 2011-11-13 at 17:25 +0100, Bambero wrote:
all maildirs are located in: /var/mail/jdoe@example.com/Maildir
So this is /var/mail/%u/Maildir template.
namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
You can replace this with:
location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
Although if this is used outside chroot (e.g. lmtp, doveadm) it won't work correctly..
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory
This is done because you used %%h, to look up home directory from userdb. If you don't use %%h, it's not done.
On Tue, Nov 15, 2011 at 8:44 PM, Timo Sirainen <tss@iki.fi> wrote:
On Sun, 2011-11-13 at 17:25 +0100, Bambero wrote:
all maildirs are located in: /var/mail/jdoe@example.com/Maildir
So this is /var/mail/%u/Maildir template.
namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
You can replace this with:
location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
Although if this is used outside chroot (e.g. lmtp, doveadm) it won't work correctly..
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory
This is done because you used %%h, to look up home directory from userdb. If you don't use %%h, it's not done.
Thanks but my db backend returns home dir in chroot like /test@example.com
while the realpath with no chroot is: /var/mail/test@example.com
So both locations in this case are the same location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
On Wed, 2011-11-16 at 15:54 +0100, Bambero wrote:
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory
This is done because you used %%h, to look up home directory from userdb. If you don't use %%h, it's not done.
Thanks but my db backend returns home dir in chroot like /test@example.com
while the realpath with no chroot is: /var/mail/test@example.com
So both locations in this case are the same location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
Yes, they are the same, but the difference is that with the second one you shouldn't fail with the userdb lookup error. Right?
On Wed, Nov 16, 2011 at 3:59 PM, Timo Sirainen <tss@iki.fi> wrote:
On Wed, 2011-11-16 at 15:54 +0100, Bambero wrote:
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory
This is done because you used %%h, to look up home directory from userdb. If you don't use %%h, it's not done.
Thanks but my db backend returns home dir in chroot like /test@example.com
while the realpath with no chroot is: /var/mail/test@example.com
So both locations in this case are the same location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
Yes, they are the same, but the difference is that with the second one you shouldn't fail with the userdb lookup error. Right?
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
On Wed, Nov 16, 2011 at 5:23 PM, Bambero <bambero@gmail.com> wrote:
On Wed, Nov 16, 2011 at 3:59 PM, Timo Sirainen <tss@iki.fi> wrote:
On Wed, 2011-11-16 at 15:54 +0100, Bambero wrote:
Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No such file or directory
This is done because you used %%h, to look up home directory from userdb. If you don't use %%h, it's not done.
Thanks but my db backend returns home dir in chroot like /test@example.com
while the realpath with no chroot is: /var/mail/test@example.com
So both locations in this case are the same location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u location = maildir:/%%u/Maildir:INDEX=~/Maildir/shared/%%u
Yes, they are the same, but the difference is that with the second one you shouldn't fail with the userdb lookup error. Right?
Thanks a lot it almost helped. But now there is another problem: Nov 16 17:13:45 zeus exim[10613]: 2011-11-16 17:13:45 1RQi7C-0001lG-BX ** test@apisoft.pl R=localuser T=local_delivery: Child process of local_delivery transport (running command "/usr/local/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain") was terminated by signal 11 (Segmentation fault)
But it anly appear if user has .sieve filter with mail redirection (uses submission_host)
Sorry wrong thread. I this case you were right now everything work fine.
participants (2)
-
Bambero
-
Timo Sirainen