Help with imapc and Shared Folder in a Cluster
Hi,
I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something?
Someone have this setup workings?
Follow the doveadm acl debug and my dovecot configuration:
# doveadm -Dv acl debug -u test1@testemail.net shared/test2/Sent
Apr 22 22:56:08 Debug: Loading modules from directory: /usr/lib64/dovecot Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_fts_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_virtual_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_zlib_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib21_fts_solr_plugin.so Apr 22 22:56:08 Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so Apr 22 22:56:08 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so Apr 22 22:56:08 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): Started userdb lookup Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19783,uid=0): Client connected (fd=10) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): auth USER input: test1@testemail.net home=/home/vmail/testemail.net/test1 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): Finished userdb lookup (username=test1@testemail.net home=/home/vmail/testemail.net/test1 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: Added userdb setting: plugin/quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Effective uid=89, gid=89, home=/home/vmail/testemail.net/test1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=UserQuota backend=maildir args= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=* bytes=8589934592 messages=229376 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=Trash bytes=+104857600 messages=0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=8160437862 (95%) messages=0 reverse=no command=quota-warning 95 test1@testemail.net 2 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7730941132 (90%) messages=0 reverse=no command=quota-warning 90 test1@testemail.net 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7301444403 (85%) messages=0 reverse=yes command=quota-warning 85 test1@testemail.net 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=UserQuota bytes=10485760 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=Quota Usage backend=dict args=:noenforcing:proxy::sqlquota Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=Quota Usage bytes=0 (10%) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota-dict: user=test1@testemail.net, uri=proxy::sqlquota, noenforcing=1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test1/Maildir, index=, indexpvt=, control=, inbox=/home/vmail/testemail.net/test1/Maildir, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace : type=shared, prefix=shared/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=imapc:~/Maildir/shared/%u/ Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: fts: Indexes disabled for namespace 'shared/%n/' Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace Virtual: type=private, prefix=Virtual/, sep=/, inbox=no, hidden=yes, list=no, subscriptions=no location=virtual:/etc/dovecot/virtual:INDEX=~/Maildir/virtual Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: fs: root=/etc/dovecot/virtual, index=/home/vmail/testemail.net/test1/Maildir/virtual, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota2_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): Started userdb lookup Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): auth USER input: test2@testemail.net home=/home/vmail/testemail.net/test2 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): Finished userdb lookup (username=test2@testemail.net home=/home/vmail/testemail.net/test2 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=UserQuota backend=maildir args= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=* bytes=8589934592 messages=229376 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=Trash bytes=+104857600 messages=0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=8160437862 (95%) messages=0 reverse=no command=quota-warning 95 test2@testemail.net 2 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7730941132 (90%) messages=0 reverse=no command=quota-warning 90 test2@testemail.net 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7301444403 (85%) messages=0 reverse=yes command=quota-warning 85 test2@testemail.net 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=UserQuota bytes=10485760 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=Quota Usage backend=dict args=:noenforcing:proxy::sqlquota Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=Quota Usage bytes=0 (10%) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota-dict: user=test2@testemail.net, uri=proxy::sqlquota, noenforcing=1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Created new connection Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Looking up IP address (reconnect_ok=true, last_connect=1619124968) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Connecting to 10.0.0.202:143 Apr 22 22:56:08 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58062) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test2@testemail.net for user test2@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE XLIST LITERAL+ NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticated successfully Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc: root=/home/vmail/testemail.net/test2/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test2/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test2@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota2_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Created new connection Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Looking up IP address (reconnect_ok=true, last_connect=1619124968) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Connecting to 10.0.0.202:143 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc: root=/home/vmail/testemail.net/test1/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test1/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58064) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:56:10 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:56:10 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19783,uid=0): Disconnected: Connection closed (fd=10)
# dovecot -n # 2.3.14 (cee3cbc0d): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.14 (1b5c82b2) # OS: Linux 3.10.0-1160.24.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) # Hostname: popimap.emailtest.net auth_cache_negative_ttl = 90 secs auth_cache_size = 50 M auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 50 default_vsz_limit = 1 G deliver_log_format = deliverytime=%{delivery_time}, msgid=%m, sender=%e, from=%f, subject="%s": %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sieve = mysql:/etc/dovecot/dovecot-dict-sieve-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 imap_capability = +XLIST imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_id_log = * imap_logout_format = in=%{input} out=%{output} deleted=%{deleted} expunged=%{expunged} autoexpunged=%{autoexpunged} trashed=%{trashed} appended=%{appended} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 2 M imapc_features = search imapc_host = 10.0.0.202 imapc_master_user = %u imapc_password = # hidden, use -P to show it last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_trusted_networks = 10.0.0.0/24 10.0.1.0/24 mail_attachment_detection_options = add-flags content-type=!image/* mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_fsync = always mail_location = maildir:~/Maildir mail_log_prefix = "%s(%u) session=<%{session}>: " mail_plugins = quota acl zlib fts fts_solr virtual maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace Virtual { hidden = yes list = no location = virtual:/etc/dovecot/virtual:INDEX=~/Maildir/virtual prefix = Virtual/ separator = / subscriptions = no } namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { comment = All my messages special_use = \All } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-deny-sql.conf.ext deny = yes driver = sql } passdb { args = password=#hidden_use-P_to_show# driver = static result_success = continue } passdb { args = /etc/dovecot/extra/master-users driver = passwd-file master = yes result_success = continue } passdb { args = /etc/dovecot/dovecot-sql.conf.ext auth_verbose = yes driver = sql result_success = continue-ok } passdb { args = /etc/dovecot/extra/extrafields-passdb driver = passwd-file result_internalfail = return-fail skip = unauthenticated } plugin { acl = vfile acl_ignore_namespace = shared/* acl_shared_dict = proxy::acl fts = solr fts_autoindex = no fts_index_timeout = 60s fts_solr = url=http://10.0.0.5:8983/solr/dovecot/ debug fts_tika = http://10.0.0.206:9998/tika/ master_user = %u push_notification_driver = ox:url=http://10.0.0.235/notify quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_max_mail_size = 60M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u 2 quota_warning2 = storage=90%% quota-warning 90 %u 1 quota_warning3 = -storage=85%% quota-warning 85 %u 0 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = dict:proxy::sieve;name=activesql sieve_before2 = /etc/dovecot/sieve/before.sieve sieve_duplicate_default_period = 1h sieve_duplicate_max_period = 1d sieve_extensions = +vacation-seconds sieve_max_redirects = 25 sieve_vacation_default_period = 1d sieve_vacation_min_period = 4h sieve_vacation_send_from_recipient = yes zlib_save = gz zlib_save_level = 6 } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%{deleted_bytes}/%m, size=%s, bytes=%i/%o protocols = imap pop3 lmtp sieve service auth { client_limit = 6524 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vmail } } service dict { process_limit = 500 unix_listener dict { group = vchkpw mode = 0660 user = vmail } } service doveadm { inet_listener { port = 2425 } } service imap-login { process_min_avail = 12 service_count = 0 } service imap-postlogin { executable = script-login /etc/dovecot/scripts/imap-postlogin.sh unix_listener imap-postlogin { group = vchkpw mode = 0660 user = vmail } user = vmail } service imap { executable = imap imap-postlogin process_limit = 8000 vsz_limit = 2 G } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 12 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { process_min_avail = 12 service_count = 0 } service pop3-postlogin { executable = script-login /etc/dovecot/scripts/pop3-postlogin.sh unix_listener pop3-postlogin { group = vchkpw mode = 0660 user = vmail } user = vmail } service pop3 { executable = pop3 pop3-postlogin } service quota-warning { executable = script /etc/dovecot/scripts/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } service stats { client_limit = 10240 unix_listener stats-writer { group = vchkpw mode = 0660 user = vmail } } ssl = no submission_host = 127.0.0.1 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_proctitle = yes protocol lmtp { mail_fsync = optimized mail_plugins = quota acl zlib fts fts_solr virtual sieve notify push_notification namespace inbox { location = mailbox Spam { autoexpunge = 31 days } mailbox Trash { autoexpunge = 31 days } prefix = } } protocol lda { mail_fsync = optimized mail_plugins = quota acl zlib fts fts_solr virtual sieve notify push_notification } protocol imap { mail_max_userip_connections = 10 mail_plugins = quota acl zlib fts fts_solr virtual imap_quota imap_acl namespace inbox { location = mailbox Spam { autoexpunge = 31 days } mailbox Trash { autoexpunge = 31 days } prefix = } } protocol sieve { mail_max_userip_connections = 2 } protocol pop3 { mail_max_userip_connections = 15 } remote 10.0.1.0/24 { protocol imap { imap_metadata = yes } } local 10.0.0.0/24 { doveadm_password = # hidden, use -P to show it }
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Additionally you are running 2.3.14 with "acl_ignore_namespace = shared/*" which will be available from 2.3.15 onwards only.
https://doc.dovecot.org/settings/plugin/aclPlugins/#acl-ignore-namespace
Markus
Someone have this setup workings?
Follow the doveadm acl debug and my dovecot configuration:
# doveadm -Dv acl debug -u test1@testemail.net shared/test2/Sent
Apr 22 22:56:08 Debug: Loading modules from directory: /usr/lib64/dovecot Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_fts_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_virtual_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib20_zlib_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/lib21_fts_solr_plugin.so Apr 22 22:56:08 Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so Apr 22 22:56:08 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Apr 22 22:56:08 Debug: Module loaded: /usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so Apr 22 22:56:08 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): Started userdb lookup Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19783,uid=0): Client connected (fd=10) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): auth USER input: test1@testemail.net home=/home/vmail/testemail.net/test1 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: auth-master: userdb lookup(test1@testemail.net): Finished userdb lookup (username=test1@testemail.net home=/home/vmail/testemail.net/test1 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C) Apr 22 22:56:08 doveadm(test1@testemail.net) session=<>: Debug: Added userdb setting: plugin/quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Effective uid=89, gid=89, home=/home/vmail/testemail.net/test1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=UserQuota backend=maildir args= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=* bytes=8589934592 messages=229376 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=Trash bytes=+104857600 messages=0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=8160437862 (95%) messages=0 reverse=no command=quota-warning 95 test1@testemail.net 2 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7730941132 (90%) messages=0 reverse=no command=quota-warning 90 test1@testemail.net 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7301444403 (85%) messages=0 reverse=yes command=quota-warning 85 test1@testemail.net 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=UserQuota bytes=10485760 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=Quota Usage backend=dict args=:noenforcing:proxy::sqlquota Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=Quota Usage bytes=0 (10%) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota-dict: user=test1@testemail.net, uri=proxy::sqlquota, noenforcing=1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test1/Maildir, index=, indexpvt=, control=, inbox=/home/vmail/testemail.net/test1/Maildir, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace : type=shared, prefix=shared/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=imapc:~/Maildir/shared/%u/ Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: fts: Indexes disabled for namespace 'shared/%n/' Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Namespace Virtual: type=private, prefix=Virtual/, sep=/, inbox=no, hidden=yes, list=no, subscriptions=no location=virtual:/etc/dovecot/virtual:INDEX=~/Maildir/virtual Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: fs: root=/etc/dovecot/virtual, index=/home/vmail/testemail.net/test1/Maildir/virtual, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota2_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): Started userdb lookup Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): auth USER input: test2@testemail.net home=/home/vmail/testemail.net/test2 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: auth-master: userdb lookup(test2@testemail.net): Finished userdb lookup (username=test2@testemail.net home=/home/vmail/testemail.net/test2 uid=89 gid=89 quota_rule=*:backend=8589934592S,229376C) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=UserQuota backend=maildir args= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=* bytes=8589934592 messages=229376 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota rule: root=UserQuota mailbox=Trash bytes=+104857600 messages=0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=8160437862 (95%) messages=0 reverse=no command=quota-warning 95 test2@testemail.net 2 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7730941132 (90%) messages=0 reverse=no command=quota-warning 90 test2@testemail.net 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota warning: bytes=7301444403 (85%) messages=0 reverse=yes command=quota-warning 85 test2@testemail.net 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=UserQuota bytes=10485760 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota root: name=Quota Usage backend=dict args=:noenforcing:proxy::sqlquota Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: Quota grace: root=Quota Usage bytes=0 (10%) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota-dict: user=test2@testemail.net, uri=proxy::sqlquota, noenforcing=1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Created new connection Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Looking up IP address (reconnect_ok=true, last_connect=1619124968) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Connecting to 10.0.0.202:143 Apr 22 22:56:08 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58062) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test2@testemail.net for user test2@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE XLIST LITERAL+ NOTIFY SPECIAL-USE QUOTA ACL RIGHTS=texk Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticated successfully Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc: root=/home/vmail/testemail.net/test2/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test2/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test2@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 1 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: quota: quota_over_flag check: quota2_over_script unset - skipping Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Created new connection Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Looking up IP address (reconnect_ok=true, last_connect=1619124968) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Connecting to 10.0.0.202:143 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc: root=/home/vmail/testemail.net/test1/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: maildir++: root=/home/vmail/testemail.net/test1/Maildir/shared/test2@testemail.net, index=, indexpvt=, control=, inbox=, alt= Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: initializing backend with data: vfile Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: acl username = test1@testemail.net Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl: owner = 0 Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: acl vfile: Global ACLs disabled Apr 22 22:56:08 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58064) Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:56:08 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:56:10 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:56:10 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:56:10 doveadm(test1@testemail.net): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19783,uid=0): Disconnected: Connection closed (fd=10)
# dovecot -n # 2.3.14 (cee3cbc0d): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.14 (1b5c82b2) # OS: Linux 3.10.0-1160.24.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) # Hostname: popimap.emailtest.net auth_cache_negative_ttl = 90 secs auth_cache_size = 50 M auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 50 default_vsz_limit = 1 G deliver_log_format = deliverytime=%{delivery_time}, msgid=%m, sender=%e, from=%f, subject="%s": %$ dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sieve = mysql:/etc/dovecot/dovecot-dict-sieve-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 imap_capability = +XLIST imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags imap_id_log = * imap_logout_format = in=%{input} out=%{output} deleted=%{deleted} expunged=%{expunged} autoexpunged=%{autoexpunged} trashed=%{trashed} appended=%{appended} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 2 M imapc_features = search imapc_host = 10.0.0.202 imapc_master_user = %u imapc_password = # hidden, use -P to show it last_valid_gid = 89 last_valid_uid = 89 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_trusted_networks = 10.0.0.0/24 10.0.1.0/24 mail_attachment_detection_options = add-flags content-type=!image/* mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_fsync = always mail_location = maildir:~/Maildir mail_log_prefix = "%s(%u) session=<%{session}>: " mail_plugins = quota acl zlib fts fts_solr virtual maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds mmap_disable = yes namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace Virtual { hidden = yes list = no location = virtual:/etc/dovecot/virtual:INDEX=~/Maildir/virtual prefix = Virtual/ separator = / subscriptions = no } namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox virtual/All { comment = All my messages special_use = \All } prefix = separator = / } passdb { args = /etc/dovecot/dovecot-deny-sql.conf.ext deny = yes driver = sql } passdb { args = password=#hidden_use-P_to_show# driver = static result_success = continue } passdb { args = /etc/dovecot/extra/master-users driver = passwd-file master = yes result_success = continue } passdb { args = /etc/dovecot/dovecot-sql.conf.ext auth_verbose = yes driver = sql result_success = continue-ok } passdb { args = /etc/dovecot/extra/extrafields-passdb driver = passwd-file result_internalfail = return-fail skip = unauthenticated } plugin { acl = vfile acl_ignore_namespace = shared/* acl_shared_dict = proxy::acl fts = solr fts_autoindex = no fts_index_timeout = 60s fts_solr = url=http://10.0.0.5:8983/solr/dovecot/ debug fts_tika = http://10.0.0.206:9998/tika/ master_user = %u push_notification_driver = ox:url=http://10.0.0.235/notify quota = maildir:UserQuota quota2 = dict:Quota Usage::noenforcing:proxy::sqlquota quota_grace = 10M quota_max_mail_size = 60M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u 2 quota_warning2 = storage=90%% quota-warning 90 %u 1 quota_warning3 = -storage=85%% quota-warning 85 %u 0 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = dict:proxy::sieve;name=activesql sieve_before2 = /etc/dovecot/sieve/before.sieve sieve_duplicate_default_period = 1h sieve_duplicate_max_period = 1d sieve_extensions = +vacation-seconds sieve_max_redirects = 25 sieve_vacation_default_period = 1d sieve_vacation_min_period = 4h sieve_vacation_send_from_recipient = yes zlib_save = gz zlib_save_level = 6 } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_fast_size_lookups = yes pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%{deleted_bytes}/%m, size=%s, bytes=%i/%o protocols = imap pop3 lmtp sieve service auth { client_limit = 6524 unix_listener auth-userdb { group = vchkpw mode = 0660 user = vmail } } service dict { process_limit = 500 unix_listener dict { group = vchkpw mode = 0660 user = vmail } } service doveadm { inet_listener { port = 2425 } } service imap-login { process_min_avail = 12 service_count = 0 } service imap-postlogin { executable = script-login /etc/dovecot/scripts/imap-postlogin.sh unix_listener imap-postlogin { group = vchkpw mode = 0660 user = vmail } user = vmail } service imap { executable = imap imap-postlogin process_limit = 8000 vsz_limit = 2 G } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 12 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { process_min_avail = 12 service_count = 0 } service pop3-postlogin { executable = script-login /etc/dovecot/scripts/pop3-postlogin.sh unix_listener pop3-postlogin { group = vchkpw mode = 0660 user = vmail } user = vmail } service pop3 { executable = pop3 pop3-postlogin } service quota-warning { executable = script /etc/dovecot/scripts/quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } service stats { client_limit = 10240 unix_listener stats-writer { group = vchkpw mode = 0660 user = vmail } } ssl = no submission_host = 127.0.0.1 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } verbose_proctitle = yes protocol lmtp { mail_fsync = optimized mail_plugins = quota acl zlib fts fts_solr virtual sieve notify push_notification namespace inbox { location = mailbox Spam { autoexpunge = 31 days } mailbox Trash { autoexpunge = 31 days } prefix = } } protocol lda { mail_fsync = optimized mail_plugins = quota acl zlib fts fts_solr virtual sieve notify push_notification } protocol imap { mail_max_userip_connections = 10 mail_plugins = quota acl zlib fts fts_solr virtual imap_quota imap_acl namespace inbox { location = mailbox Spam { autoexpunge = 31 days } mailbox Trash { autoexpunge = 31 days } prefix = } } protocol sieve { mail_max_userip_connections = 2 } protocol pop3 { mail_max_userip_connections = 15 } remote 10.0.1.0/24 { protocol imap { imap_metadata = yes } } local 10.0.0.0/24 { doveadm_password = # hidden, use -P to show it }
Thanks
Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi Markus,
really thanks for your support.
I understand your explanation but I don't understand how to apply it on master user/password side.
I must put in configuration file "imapc_password = master-secret" where "master-secret" is a fixed string, and "imapc_master_user = %u" that is replaced with "test1@testemail.net" in my case.
So I have insert in auth-master.conf:
passdb { driver = static args = password=master-secret result_success = continue }
but I don't think is right/sufficient since, if I understand what you said, the master user name will be "test1@testemail.net" (from %u) , so login format at IMAP level will be "test2@testemail.net*"test1@testemail.net"
but this require a passdb conf more similar to
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
so every %u can be master user, but the password cannot be fixed in this case, since will be the password for every users.
Should I mix passdb driver = sql with args = password=master-secret?
Or what?
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi,
after some days of debug I have found a solution to have shared folders works via imapc, even if partially.
First, in the documentation page there is an error, the right "location" should be like this:
location = imapc:%%h/Maildir
with %%h/ instead of ~/
After I have setup two passdb like these:
passdb { driver = static args = password=P4ssw0rd result_success = continue }
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
where the first is required (only on backend dovecot) when the sharing user (test2) need to login (with imapc_password) and the second (both in director and backend dovecot) when the "test1" need to login into sharing (test2) account like master user.
So acl debug works fine:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39698) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39700) doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox doveadm(test1@emailtest.net): Info: User test1@emailtest.net has rights: lookup read write write-seen write-deleted insert expunge doveadm(test1@emailtest.net): Info: Mailbox found from dovecot-acl-list doveadm(test1@emailtest.net): Info: User test2@emailtest.net found from ACL shared dict doveadm(test1@emailtest.net): Info: Mailbox shared/test2/Sent is visible in LIST
But the are still some issues, if the sharing ring is like "test2 share a folder with test1 that share a folder with test3 that share a folder test2" dovecot have a loop until max_user_connections is reached. Probably until option "acl_ignore_namespace" will be available we cannot solve this.
Moreover, if both test1 and test2 mark as read/unread the same message in a shared folder dovecot have some indexes issue:
Apr 25 21:03:56 Error: imap(test2@emailtest.net) session=<H5EBptDA3IgKQgTL>: Mailbox Sent: Timeout (180s) while waiting for lock for transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log (WRITE lock held by pid 6181) Apr 25 21:03:56 Warning: imap(test1@emailtest.net) session=<6Kn/pdDAHKxT07oG>: Transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log was locked for 180 seconds (Mailbox was synchronized) Apr 25 21:03:56 Warning: imap(test2@emailtest.net) session=<7d2ppdDAFKxT07oG>: Locking transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log took 178 seconds (syncing)
probably because INDEXPVT is not supported in imapc?
So, I should wait until 2.3.15 to have shared mailboxes via imapc work fine or I missing something?
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
On 27/04/2021 22:04 Alessio Cecchi alessio@skye.it wrote: Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi,
after some days of debug I have found a solution to have shared folders works via imapc, even if partially.
First, in the documentation page there is an error, the right "location" should be like this:
location = imapc:%%h/Maildir
with %%h/ instead of ~/
After I have setup two passdb like these:
passdb { driver = static args = password=P4ssw0rd result_success = continue }
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
where the first is required (only on backend dovecot) when the sharing user (test2) need to login (with imapc_password) and the second (both in director and backend dovecot) when the "test1" need to login into sharing (test2) account like master user.
So acl debug works fine:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39698) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39700) doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox doveadm(test1@emailtest.net): Info: User test1@emailtest.net has rights: lookup read write write-seen write-deleted insert expunge doveadm(test1@emailtest.net): Info: Mailbox found from dovecot-acl-list doveadm(test1@emailtest.net): Info: User test2@emailtest.net found from ACL shared dict doveadm(test1@emailtest.net): Info: Mailbox shared/test2/Sent is visible in LIST
But the are still some issues, if the sharing ring is like "test2 share a folder with test1 that share a folder with test3 that share a folder test2" dovecot have a loop until max_user_connections is reached. Probably until option "acl_ignore_namespace" will be available we cannot solve this.
Moreover, if both test1 and test2 mark as read/unread the same message in a shared folder dovecot have some indexes issue:
Apr 25 21:03:56 Error: imap(test2@emailtest.net) session=<H5EBptDA3IgKQgTL>: Mailbox Sent: Timeout (180s) while waiting for lock for transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log (WRITE lock held by pid 6181) Apr 25 21:03:56 Warning: imap(test1@emailtest.net) session=<6Kn/pdDAHKxT07oG>: Transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log was locked for 180 seconds (Mailbox was synchronized) Apr 25 21:03:56 Warning: imap(test2@emailtest.net) session=<7d2ppdDAFKxT07oG>: Locking transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log took 178 seconds (syncing)
probably because INDEXPVT is not supported in imapc?
So, I should wait until 2.3.15 to have shared mailboxes via imapc work fine or I missing something?
Hi,
when configuring the shared namespace like this:
location = imapc:%%h/Maildir
It only works because imapc using Maildir format internally too. This way Dovecot is told to use the sharing users home as the location for imapc indexes for the current user. That is probably the reason for the troubles with the lock transaction file. You should change it to something like this:
location = imapc:~/shared/%%u
When configured like this, the current user will store indexes for accessing the shared mailbox under the "shared" prefix in it's home directory and create folders for each user that shared mailboxes to the current user.
Using INDEXPVT additionally allows to store user private \Seen flags to shared mailboxes, so you could also choose to run without it.
All of that is not really possible as long as you can not use "acl_ignore_namespace" because access to any "shared" prefix will always be denied by acl.
Markus
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Il 28/04/21 11:49, Markus Valentin ha scritto:
On 27/04/2021 22:04 Alessio Cecchi alessio@skye.it wrote: Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi,
after some days of debug I have found a solution to have shared folders works via imapc, even if partially.
First, in the documentation page there is an error, the right "location" should be like this:
location = imapc:%%h/Maildir
with %%h/ instead of ~/
After I have setup two passdb like these:
passdb { driver = static args = password=P4ssw0rd result_success = continue }
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
where the first is required (only on backend dovecot) when the sharing user (test2) need to login (with imapc_password) and the second (both in director and backend dovecot) when the "test1" need to login into sharing (test2) account like master user.
So acl debug works fine:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39698) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39700) doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox doveadm(test1@emailtest.net): Info: User test1@emailtest.net has rights: lookup read write write-seen write-deleted insert expunge doveadm(test1@emailtest.net): Info: Mailbox found from dovecot-acl-list doveadm(test1@emailtest.net): Info: User test2@emailtest.net found from ACL shared dict doveadm(test1@emailtest.net): Info: Mailbox shared/test2/Sent is visible in LIST
But the are still some issues, if the sharing ring is like "test2 share a folder with test1 that share a folder with test3 that share a folder test2" dovecot have a loop until max_user_connections is reached. Probably until option "acl_ignore_namespace" will be available we cannot solve this.
Moreover, if both test1 and test2 mark as read/unread the same message in a shared folder dovecot have some indexes issue:
Apr 25 21:03:56 Error: imap(test2@emailtest.net) session=<H5EBptDA3IgKQgTL>: Mailbox Sent: Timeout (180s) while waiting for lock for transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log (WRITE lock held by pid 6181) Apr 25 21:03:56 Warning: imap(test1@emailtest.net) session=<6Kn/pdDAHKxT07oG>: Transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log was locked for 180 seconds (Mailbox was synchronized) Apr 25 21:03:56 Warning: imap(test2@emailtest.net) session=<7d2ppdDAFKxT07oG>: Locking transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log took 178 seconds (syncing)
probably because INDEXPVT is not supported in imapc?
So, I should wait until 2.3.15 to have shared mailboxes via imapc work fine or I missing something? Hi,
when configuring the shared namespace like this:
location = imapc:%%h/Maildir
It only works because imapc using Maildir format internally too. This way Dovecot is told to use the sharing users home as the location for imapc indexes for the current user. That is probably the reason for the troubles with the lock transaction file. You should change it to something like this:
location = imapc:~/shared/%%u
When configured like this, the current user will store indexes for accessing the shared mailbox under the "shared" prefix in it's home directory and create folders for each user that shared mailboxes to the current user.
Hi Markus,
I understand and agree that with "imapc:~/shared/%%u" indexes are stored in the right home directory for each user but I still found an issue with this configuration, and is that dovecot is looking for the "dovecot-acl" file in the wrong path, so was unable to reading rights for the mailbox, that is not visibile to user.
Please look these tests where I run:
doveadm -D acl debug -u test1@emailtest.net shared/test2/Sent
with location = imapc:~/shared/%%u dovecot-acl was not found:
Apr 28 12:31:54 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test1/shared/test2@emailtest.net/.Sent Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:31:54 doveadm(test1@emailtest.net): Debug: acl vfile: file /home/vmail/domains/emailtest.net/test1/shared/test2@emailtest.net/.Sent/dovecot-acl not found [...] Apr 28 12:31:54 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is NOT visible in LIST
with location = imapc:~/Maildir/shared/%%u dovecot-acl was not found:
Apr 28 12:40:01 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test1/Maildir/shared/test2@emailtest.net/.Sent Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:40:01 doveadm(test1@emailtest.net): Debug: acl vfile: file /home/vmail/domains/emailtest.net/test1/Maildir/shared/test2@emailtest.net/.Sent/dovecot-acl not found [...] Apr 28 12:40:01 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is NOT visible in LIST
with location = imapc:%%h/Maildir dovecot-acl was found:
Apr 28 12:34:41 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:34:41 doveadm(test1@emailtest.net): Debug: acl vfile: reading file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot-acl [...] Apr 28 12:34:41 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is visible in LIST
with traditional mailbox sharing location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u dovecot-acl was found:
Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 14:03:41 doveadm(test1@emailtest.net): Debug: acl vfile: reading file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot-acl [...] Apr 28 14:03:41 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is visible in LIST
So, what is exactly the argument after "imapc:"?
Where dovecot store indexes for user test1 or where dovecot looks for "dovecot-acl", that is under test2 home? Cannot be both since are things in different user's home directory.
Or am I wrong?
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
On 28/04/2021 14:29 Alessio Cecchi alessio@skye.it wrote:
Il 28/04/21 11:49, Markus Valentin ha scritto:
On 27/04/2021 22:04 Alessio Cecchi alessio@skye.it wrote: Il 23/04/21 09:29, Markus Valentin ha scritto:
On 4/22/21 11:49 PM, Alessio Cecchi wrote:> I'm tryng to setup Shared Mailboxes in Dovecot (2.3.14) Cluster as
explained here:
https://doc.dovecot.org/configuration_manual/shared_mailboxes/cluster_setup/
but I'm not happy:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent
doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58054) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58056) doveadm(test1@emailtest.net): Error: imapc(10.0.0.202:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. doveadm(test1@emailtest.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
ACL, master-user, master-password works fine because with regular configuration shared folders works fine and also with master-user or with master-password I can login and see and access to shared/ namespace and shared folders.
But when I try to switch location from
location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
to
location = imapc:~/Maildir/shared/%%u/ [...] imapc_host = 10.0.0.202 imapc_master_user = %u #imapc_user = %u imapc_password = Password imapc_features = search
stop working.
The relevant error is this:
Apr 22 22:57:14 doveadm(test1@testemail.net): Info: imapc(10.0.0.203:143): Connected to 10.0.0.202:143 (local 10.0.0.203:58070) Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Server capabilities: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE XLIST LITERAL+ AUTH=PLAIN AUTH=LOGIN Apr 22 22:57:14 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Authenticating as test1@testemail.net for user test2@testemail.net Apr 22 22:57:16 doveadm(test1@testemail.net): Error: imapc(10.0.0.203:143): Authentication failed: [AUTHENTICATIONFAILED] Authentication failed. Apr 22 22:57:16 doveadm(test1@testemail.net): Debug: imapc(10.0.0.203:143): Disconnected Apr 22 22:57:16 doveadm(test1@testemail.net): Error: Can't open mailbox shared/test2/Sent: Authentication failed: [AUTHENTICATIONFAILED] Authentication failed.
Please note "Authenticating as test1@testemail.net for user test2@testemail.net" failed.
So my question is, the documentation page is update and right or I missing something? Hi,
from my perspective it is likely that test1@testemail.net can't be authenticated as a master user which is required for this setup to work.
From the cluster setup page:
"You’ll need to setup master user logins to work for all the users. The logged in user becomes the master user. The master user doesn’t actually have any special privileges. "
Hi,
after some days of debug I have found a solution to have shared folders works via imapc, even if partially.
First, in the documentation page there is an error, the right "location" should be like this:
location = imapc:%%h/Maildir
with %%h/ instead of ~/
After I have setup two passdb like these:
passdb { driver = static args = password=P4ssw0rd result_success = continue }
passdb { driver = sql args = /etc/dovecot/dovecot-sql-master.conf.ext master = yes result_success = continue }
where the first is required (only on backend dovecot) when the sharing user (test2) need to login (with imapc_password) and the second (both in director and backend dovecot) when the "test1" need to login into sharing (test2) account like master user.
So acl debug works fine:
# doveadm acl debug -u test1@emailtest.net shared/test2/Sent doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39698) doveadm(test1@emailtest.net): Info: imapc(10.0.0.202:143): Connected to 10.0.0.202:143 (local 10.0.0.203:39700) doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox doveadm(test1@emailtest.net): Info: User test1@emailtest.net has rights: lookup read write write-seen write-deleted insert expunge doveadm(test1@emailtest.net): Info: Mailbox found from dovecot-acl-list doveadm(test1@emailtest.net): Info: User test2@emailtest.net found from ACL shared dict doveadm(test1@emailtest.net): Info: Mailbox shared/test2/Sent is visible in LIST
But the are still some issues, if the sharing ring is like "test2 share a folder with test1 that share a folder with test3 that share a folder test2" dovecot have a loop until max_user_connections is reached. Probably until option "acl_ignore_namespace" will be available we cannot solve this.
Moreover, if both test1 and test2 mark as read/unread the same message in a shared folder dovecot have some indexes issue:
Apr 25 21:03:56 Error: imap(test2@emailtest.net) session=<H5EBptDA3IgKQgTL>: Mailbox Sent: Timeout (180s) while waiting for lock for transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log (WRITE lock held by pid 6181) Apr 25 21:03:56 Warning: imap(test1@emailtest.net) session=<6Kn/pdDAHKxT07oG>: Transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log was locked for 180 seconds (Mailbox was synchronized) Apr 25 21:03:56 Warning: imap(test2@emailtest.net) session=<7d2ppdDAFKxT07oG>: Locking transaction log file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot.index.log took 178 seconds (syncing)
probably because INDEXPVT is not supported in imapc?
So, I should wait until 2.3.15 to have shared mailboxes via imapc work fine or I missing something? Hi,
when configuring the shared namespace like this:
location = imapc:%%h/Maildir
It only works because imapc using Maildir format internally too. This way Dovecot is told to use the sharing users home as the location for imapc indexes for the current user. That is probably the reason for the troubles with the lock transaction file. You should change it to something like this:
location = imapc:~/shared/%%u
When configured like this, the current user will store indexes for accessing the shared mailbox under the "shared" prefix in it's home directory and create folders for each user that shared mailboxes to the current user.
Hi Markus,
I understand and agree that with "imapc:~/shared/%%u" indexes are stored in the right home directory for each user but I still found an issue with this configuration, and is that dovecot is looking for the "dovecot-acl" file in the wrong path, so was unable to reading rights for the mailbox, that is not visibile to user.
Please look these tests where I run:
doveadm -D acl debug -u test1@emailtest.net shared/test2/Sent
with location = imapc:~/shared/%%u dovecot-acl was not found:
Apr 28 12:31:54 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test1/shared/test2@emailtest.net/.Sent Apr 28 12:31:54 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:31:54 doveadm(test1@emailtest.net): Debug: acl vfile: file /home/vmail/domains/emailtest.net/test1/shared/test2@emailtest.net/.Sent/dovecot-acl not found [...] Apr 28 12:31:54 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is NOT visible in LIST
with location = imapc:~/Maildir/shared/%%u dovecot-acl was not found:
Apr 28 12:40:01 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test1/Maildir/shared/test2@emailtest.net/.Sent Apr 28 12:40:01 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:40:01 doveadm(test1@emailtest.net): Debug: acl vfile: file /home/vmail/domains/emailtest.net/test1/Maildir/shared/test2@emailtest.net/.Sent/dovecot-acl not found [...] Apr 28 12:40:01 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is NOT visible in LIST
with location = imapc:%%h/Maildir dovecot-acl was found:
Apr 28 12:34:41 doveadm(test1@emailtest.net): Debug: imapc(10.66.4.202:143): Authenticated successfully Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent Apr 28 12:34:41 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 12:34:41 doveadm(test1@emailtest.net): Debug: acl vfile: reading file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot-acl [...] Apr 28 12:34:41 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is visible in LIST
with traditional mailbox sharing location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u dovecot-acl was found:
Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: Mailbox 'Sent' is in namespace 'shared/test2/' Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: Mailbox path: /home/vmail/domains/emailtest.net/test2/Maildir/.Sent Apr 28 14:03:41 doveadm(test1@emailtest.net): Info: All message flags are shared across users in mailbox Apr 28 14:03:41 doveadm(test1@emailtest.net): Debug: acl vfile: reading file /home/vmail/domains/emailtest.net/test2/Maildir/.Sent/dovecot-acl [...] Apr 28 14:03:41 doveadm(test1@emailpnl.net): Info: Mailbox shared/test2/Sent is visible in LIST
So, what is exactly the argument after "imapc:"?
Where dovecot store indexes for user test1 or where dovecot looks for "dovecot-acl", that is under test2 home? Cannot be both since are things in different user's home directory.
Or am I wrong?
Hi,
i think you are right, but the problem here is that Dovecot attempts to access the ACL locally because it does not yet have the "acl_ignore_namespace" setting. This is used to tell Dovecot to not check for ACLs for the given namespace prefix. So if no ACL locally is preventing the access to the shared namespace, an imapc connection will be established and ACLs will be checked on the backend where the connection arrives. Which can be the current one or another one. The access to the other backend then will be happening with the current user as master user, trying to access the sharing users mailbox, this is the situation where ACLs will/should be applied.
Markus
Thanks
-- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
participants (2)
-
Alessio Cecchi
-
Markus Valentin