All,
Dovecot 2.3.13 under Freebsd 11.3, installed via pkg.
I had a question related to dovecot and OSX mail.app.
My primary mailer is "alpine". Sometimes I need to see a message in a graphical app so I occasionally turn to mail.app.
I keep a lot of old mail. Mail.app on recent macos versions insist on downloading *everything* for easier searching and indexing. Most of which I don't need. (20G of mail over the last 20+ years, plus a bunch of mailing lists I keep archived, but only read when I need to search them).
ios mail doesn't do this. Subscriptions don't work (in mail.app, subscriptions are only for public/shared folders).
Ergo, is there a server-side way to make just one client not able to see/list/download ALL folders? Perhaps by presenting them as subscription folders, or perhaps by hiding them in the namespace.
I'm not unwilling to configure an alternate namespace for myself. (It's helps that I'm the sysadmin here).
Ideally, this would be a thing I could only set for my account -- match on a user-agent/username string of some sort?
(My other option has been "create a different username and forward to myself there", but this feels like it should be solvable).
-Dan
My doveconf follows:
# 2.3.13 (89f716dc2): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 11.4-RELEASE-p3 amd64 # Hostname: prime.gushi.org disable_plaintext_auth = no mail_full_filesystem_access = yes mail_location = mbox:%h/mail:INBOX=%h/.mail:INDEX=/var/db/indexes/%u namespace { alias_for = hidden = yes list = no location = prefix = mail/ separator = / } namespace { alias_for = hidden = no list = yes location = prefix = ~/mail/ separator = / subscriptions = yes } namespace { alias_for = hidden = yes list = no location = prefix = ~%u/mail/ separator = / } namespace { hidden = no list = yes location = mbox:~%u/.incoming/ prefix = Inbounds/ separator = / } namespace inbox { inbox = yes location = prefix = separator = / } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } service imap-login { inet_listener imap { port = 143 } inet_listener imap_other { port = 1143 } inet_listener imaps { port = 993 ssl = yes } inet_listener imaps_other { port = 1993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3_other { port = 1110 } inet_listener pop3s { port = 995 ssl = yes } inet_listener pop3s_other { port = 1995 ssl = yes } } ssl_cert =
--
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org
On Sat, 13 Feb 2021, Dan Mahoney (Gushi) wrote:
To answer my own question here, I added the following namespace:
namespace { separator = / prefix = partial/ location = mbox:~%u/.partial-mail/ list = yes hidden = no }
And then, in my home directory, created a ~/.partial-mail folder, that I could add symlinks to for mailboxes I actually care about (really, just inbox, but I like having options).
The final bit of the puzzle, to suppress mail.app's stupidity, was to go into my "Advanced IMAP Configuration" (which every other MUA would call "IMAP Configuration") :)
And set "IMAP Path Prefix" to "partial" (note the no trailing /)
Dovecot happily follows symlinks and this lets me offer it to any other user who needs this, without my having to create any extra databases under the hood.
And because I've overridden my main prefix, I don't get my usual default folders (i.e. everything in ~/mail that any normal user would get)
This is better than a per-user override (and I think per-MUA override never would have worked), since this is an accessable knob in the config.
Despite the fact that I have hidden set to "no", any user who doesn't have this magic folder will simply not see it. (That said, I'll try setting it to "yes" to see if it behaves.)
Now let's just hope icloud keychain doesn't helpfully set this same variable on other systems, like my ios devices.
I should *probably* for the sake of completeness, symlink in the "Special" folders. (Drafts, etc)
Best,
-Dan
All,
Dovecot 2.3.13 under Freebsd 11.3, installed via pkg.
I had a question related to dovecot and OSX mail.app.
My primary mailer is "alpine". Sometimes I need to see a message in a graphical app so I occasionally turn to mail.app.
I keep a lot of old mail. Mail.app on recent macos versions insist on downloading *everything* for easier searching and indexing. Most of which I don't need. (20G of mail over the last 20+ years, plus a bunch of mailing lists I keep archived, but only read when I need to search them).
ios mail doesn't do this. Subscriptions don't work (in mail.app, subscriptions are only for public/shared folders).
Ergo, is there a server-side way to make just one client not able to see/list/download ALL folders? Perhaps by presenting them as subscription folders, or perhaps by hiding them in the namespace.
I'm not unwilling to configure an alternate namespace for myself. (It's helps that I'm the sysadmin here).
Ideally, this would be a thing I could only set for my account -- match on a user-agent/username string of some sort?
(My other option has been "create a different username and forward to myself there", but this feels like it should be solvable).
-Dan
My doveconf follows:
# 2.3.13 (89f716dc2): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 11.4-RELEASE-p3 amd64 # Hostname: prime.gushi.org disable_plaintext_auth = no mail_full_filesystem_access = yes mail_location = mbox:%h/mail:INBOX=%h/.mail:INDEX=/var/db/indexes/%u namespace { alias_for = hidden = yes list = no location = prefix = mail/ separator = / } namespace { alias_for = hidden = no list = yes location = prefix = ~/mail/ separator = / subscriptions = yes } namespace { alias_for = hidden = yes list = no location = prefix = ~%u/mail/ separator = / } namespace { hidden = no list = yes location = mbox:~%u/.incoming/ prefix = Inbounds/ separator = / } namespace inbox { inbox = yes location = prefix = separator = / } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size } service imap-login { inet_listener imap { port = 143 } inet_listener imap_other { port = 1143 } inet_listener imaps { port = 993 ssl = yes } inet_listener imaps_other { port = 1993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3_other { port = 1110 } inet_listener pop3s { port = 995 ssl = yes } inet_listener pop3s_other { port = 1995 ssl = yes } } ssl_cert =
--
"I love you forever eternally."
-Connaian Expression
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org
On 14 Feb 2021, at 01:21, Dan Mahoney (Gushi) danm@prime.gushi.org wrote:
To answer my own question here, I added the following namespace:
namespace { separator = / prefix = partial/ location = mbox:~%u/.partial-mail/ list = yes hidden = no }
And then, in my home directory, created a ~/.partial-mail folder, that I could add symlinks to for mailboxes I actually care about (really, just inbox, but I like having options).
Interesting solution, but I have concerns and I wonder how this will actually work for you, long term.
Despite the fact that I have hidden set to "no", any user who doesn't have this magic folder will simply not see it. (That said, I'll try setting it to "yes" to see if it behaves.)
I don't think that is what hidden means in the config. The path would not be visible in the client because it doesn't fit the maildir pattern of having a leading / for the name.
Now let's just hope icloud keychain doesn't helpfully set this same variable on other systems, like my ios devices.
And that is my main concern. I think you will find that iCloud sync WILL, in fact, synchronize those settings across devices. If I were you I would set this up as a different account on your Mac (in Internet accounts), disable that account use on your iOS device and only have it enabled on your Mac and then it should not matter.
I should *probably* for the sake of completeness, symlink in the "Special" folders. (Drafts, etc)
That should work, I would think, as long as everything in the chain is OK with symlinks (which is my other main concern with this).
I might set up my iOS clients with something like this that shows all the mail folders EXCEPT Archives on those devices.
-- LOOSE TEETH DON'T NEED MY HELP Bart chalkboard Ep. AABF16
On Sun, 14 Feb 2021, @lbutlr wrote:
On 14 Feb 2021, at 01:21, Dan Mahoney (Gushi) danm@prime.gushi.org wrote:
To answer my own question here, I added the following namespace:
namespace { separator = / prefix = partial/ location = mbox:~%u/.partial-mail/ list = yes hidden = no }
And then, in my home directory, created a ~/.partial-mail folder, that I could add symlinks to for mailboxes I actually care about (really, just inbox, but I like having options).
Interesting solution, but I have concerns and I wonder how this will actually work for you, long term.
Despite the fact that I have hidden set to "no", any user who doesn't have this magic folder will simply not see it. (That said, I'll try setting it to "yes" to see if it behaves.)
I don't think that is what hidden means in the config. The path would not be visible in the client because it doesn't fit the maildir pattern of having a leading / for the name.
Hidden apparently ONLY affects the imap NAMESPACE command, which I don't even know if mail.app uses. For my use case, it worked with it both on and off.
Now let's just hope icloud keychain doesn't helpfully set this same variable on other systems, like my ios devices.
And that is my main concern. I think you will find that iCloud sync WILL, in fact, synchronize those settings across devices. If I were you I would set this up as a different account on your Mac (in Internet accounts), disable that account use on your iOS device and only have it enabled on your Mac and then it should not matter.
The new path did get added to keychain under "internet accounts", but did not sync over to my phone (which still shows a prefix of /). I suspect the new setting would get pulled in if I provisioned a "new" device.
Apple documents this poorly. But if it does turn out to be painful, two different accounts (one "thin", one "thick") is the right answer.
I should *probably* for the sake of completeness, symlink in the "Special" folders. (Drafts, etc)
That should work, I would think, as long as everything in the chain is OK with symlinks (which is my other main concern with this).
Thusfar, seems to be. Symlinks (permissions willing) are listed as one of the ways recommended to do shared/public folders. They would break if dovecot did a chroot, but it doesn't.
I might set up my iOS clients with something like this that shows all the mail folders EXCEPT Archives on those devices.
IOS doesn't attempt to download every message in the list to cache and index it, only MacOS. That *coupled* with the broken "subscribe" mechanism is the issue. Ironically I'm working with a 128G flash macbook air, and a 256G flash iphone, so if IOS did do this, it would be easier on the phone.
This was a tuneable until about OSX lion, after which the option became to not download *attachments*.
(Apologies to those on-list, I realize this is slightly off-topic, but maybe it will help someone else. Dovecot is powerful enough to help with this stupidity).
Stay safe out there, everyone.
-Dan
--
"It's three o'clock in the morning. It's too late for 'oops'. After Locate Updates, don't even go there."
-Paul Baecker January 3, 2k Indeed, sometime after 3AM
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org
participants (2)
-
@lbutlr
-
Dan Mahoney (Gushi)