[Dovecot] Shared mailboxes not working with . dot namespace separator - values truncated in SQL
Hello,
I have Dovecot configured for multiple domains (usernames are user@domain.tld) and I wanted to enable shared mailboxes.
But there is some problem - if I share a folder, other user can't see it.
In the log I foud:
Apr 22 19:21:02 veverka dovecot: imap(user@veverka.tld): Error: Couldn't create namespace 'shared.' for user petr: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u Apr 22 19:21:02 veverka dovecot: imap(user@veverka.tld): Error: Couldn't create namespace 'shared.' for user emclient@veverka: userdb didn't return a home directory, but location used it (%h): maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u
Which is weird because the user name is "petr.surname" not only "petr" and the domain is "veverka.tld" not only "veverka".
So I turned on SQL logging on my PostgreSQL and saw that Dovecot executes these queries:
2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'petr' AND domena = '' 2014-04-22 19:21:02 CEST LOG: statement: SELECT * FROM dovecot_uzivatel WHERE login = 'emclient' AND domena = 'veverka'
The first username was "petr.surname@veverka.tld" and the second one was "emclient@veverka.tld" so it seems that it was truncated right after first "." dot and I afraid that this is a bug. Then it is obvious that Dovecot can't find the home directory and complains in log (as mentioned above).
I found workaround – I had "." configured as namespace separator so I reconfigured it to "/" slash and now mailbox sharing works! But I think that it should work also with "." dot separator and the values should not be truncated in SQL queries. I tried also using '%u' in my SQL and its value was also truncated.
Values in "dovecot-acl" a "shared-mailboxes" files seem to be ok.
BTW: I have also another server with only one domain and simple user names (no dots) and there the mailbox sharing works – but now it seems that it works only accidentally. This might lead to hardly debuggable problems if someone has usernames with and without dots – mailbox sharing will work for some users but for some not.
My old configuration:
password_query = SELECT * FROM dovecot_heslo WHERE login = '%n' AND domena = '%d' user_query = SELECT * FROM dovecot_uzivatel WHERE login = '%n' AND domena = '%d' iterate_query = SELECT login AS username, domena AS domain FROM dovecot_uzivatel
namespace { type = shared separator = . prefix = shared.%%u. location = maildir:%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = yes list = children }
Had to be reconfigured to:
separator = / prefix = shared/%%u/
Used version:
# dovecot --version 2.1.7 # uname -a Linux veverka 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Regards, Franta
P.S. If you have similar problem and have to switch from "." to "/" separators, don't forget to update your Sieve scripts (with fileinto). And sometimes also reconfiguration of the client is needed (e.g. NGImap4ConnectionStringSeparator in SOGo; and Kontact/KMail stopped working and I had to recreate the account in this client).
P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part).
So I suggest update in the wiki:
n.b. If you have dots "." in your usernames (like
name.surnameorname@example.com) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to useseparator = /in such cases.
Am 23.04.2014 08:50, schrieb Frantisek Kucera:
P.P.S. Iwas thinking about this again and it is probably not possible to support this combination: dot separator + shared mailboxes + usernames with dots (including the domain part).
So I suggest update in the wiki:
n.b. If you have dots "." in your usernames (like
name.surnameorname@example.com) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to useseparator = /in such cases.
i am not sure here ,what you try to goal i have users with dots ( like test.example@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a):
Am 23.04.2014 08:50, schrieb Frantisek Kucera:
So I suggest update in the wiki:
n.b. If you have dots "." in your usernames (like
name.surnameorname@example.com) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to useseparator = /in such cases.>i am not sure here ,what you try to goal i have users with dots ( like test.example@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested
And you have "separator = ." ? I am afraid that this can't work, because if e-mail client requests folder e.g. "shared.name@example.com.some.folder" Dovecot is not able to guess where the username ends and where starts folder name. But if separator is "/" and the client requests "shared/name@example.com/some/folder" it is no problem to extract username from it and look it up in the database.
(setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users)
Franta
Am 23.04.2014 09:23, schrieb Frantisek Kucera:
Dne St 23. dubna 2014 09:10:32, Robert Schetterer napsal(a):
Am 23.04.2014 08:50, schrieb Frantisek Kucera:
So I suggest update in the wiki:
n.b. If you have dots "." in your usernames (like
name.surnameorname@example.com) it is not possible to use dot as a [[Namespaces|namespace separator]]. Don't forget to useseparator = /in such cases.>i am not sure here ,what you try to goal i have users with dots ( like test.example@example.com ) in shared namespace, setting acls on their imap subfolders works fine, just tested
And you have "separator = ." ? I am afraid that this can't work, because if e-mail client requests folder e.g. "shared.name@example.com.some.folder" Dovecot is not able to guess where the username ends and where starts folder name. But if separator is "/" and the client requests "shared/name@example.com/some/folder" it is no problem to extract username from it and look it up in the database.
(setting ACLs also worked on my server, but users were not able to see shared mailboxes of other users)
Franta
i have
separator = /
why you wanna use different ?
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a):
i have separator = / why you wanna use different ?
I don't insist on the dot :-) And I also see "/" as better and more meaningful separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed with it until I hit on this issue.
Franta
Am 23.04.2014 10:17, schrieb Frantisek Kucera:
Dne St 23. dubna 2014 09:53:18, Robert Schetterer napsal(a):
i have separator = / why you wanna use different ?
I don't insist on the dot :-) And I also see "/" as better and more meaningful separator. But the dot was default on my systems (Debian, Ubuntu) so I stayed with it until I hit on this issue.
Franta
Ok, i understand
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (2)
-
Frantisek Kucera
-
Robert Schetterer