Public namespace - configuration help (new to Dovecot) - version 2.3.x
Hi all,
I'm configuring a public namespace for an existing Dovecot install, I have the public namespace configured and working in a basic manner (it can be subscribed to in an MUA and mail can be moved into it for a specified user named in the dovecot-acl file).
I've followed the official docs:
When I configure the MUA (Thunderbird) I can see the public namespace and a subfolder that I've manually created underneath (with new/cur/tmp folders, parent public folders also has a new tmp cur directories, mail cannot be moved into public top level folder), but it is displayed as below when subscribed to:
public^subfolder
I've resolved this by changing the separator to a / , however as per my doveconf -n below I then received a separator conflict, which I resolved by changing the separator for the default namespace to also be a / . As the default namespace is already using period ( . ) on the production servers, I'd like to continue using this separator and not / separator. The existing install of a couple of hundred mailboxes and I'm concerned I'll break the mailboxes /any existing sieve filters.
I would like the public folder to display with an empty prefix as below, but I understand you cannot have two 'prefix =' (empty prefixes) :
subfolder
doveconf -n output below:
2.3.21.1 (d492236fa0): /etc/dovecot/dovecot.conf
Pigeonhole version 0.5.21.1 (49005e73)
OS: Linux 5.10.0-35-cloud-amd64 x86_64 Debian 11.11
Hostname: imap-server.hostname.co.uk
auth_verbose = yes default_vsz_limit = 0 doveadm_password = # hidden, use -P to show it first_valid_gid = 8 first_valid_uid = 8 last_valid_gid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = 8 mail_location = maildir:~/Maildir mail_plugins = " notify replication acl" mail_uid = 8 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader imapflags namespace { list = no location = maildir:/srv/vmail/public:INDEXPVT=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / <--- I'd like this to be a . instead } namespace subscriptions { hidden = yes list = no location = prefix = subscriptions/ <--- had to put something here because inbox namespace was empty subscriptions = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile mail_replica = tcps:other-replica.domain.co.uk:port number sieve = ~/.dovecot.sieve sieve_before = /etc/dovecot/common.sieve sieve_dir = ~/sieve sieve_extensions = +editheader +imapflags } postmaster_address = postmaster@domain.co.uk protocols = " imap sieve pop3" replication_dsync_parameters = -d -N -l 15 -U -T 10 replication_max_conns = 24 service aggregator { fifo_listener replication-notify-fifo { user = mail } unix_listener replication-notify { user = mail } } service auth { unix_listener /var/run/dovecot-exim-bridge { mode = 0660 user = Debian-exim } } service doveadm { inet_listener { port = <replica port number> ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 512 process_min_avail = 4 service_count = 1 } service imap { process_limit = 1024 } service managesieve-login { inet_listener sieve { port = <port number> } process_min_avail = 1 service_count = 8 vsz_limit = 256 M } service managesieve { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = <path/to/fullchain.pem ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_client_ca_dir = /etc/ssl/certs ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap override_fields = home=/var/mail/%u uid=mail gid=mail } protocol lda { mail_plugins = " notify replication acl sieve" } protocol imap { mail_max_userip_connections = 32 mail_plugins = " notify replication acl acl" } protocol sieve { mail_max_userip_connections = 10 managesieve_logout_format = bytes=%i/%o managesieve_max_line_length = 64 k }
Also the public folder is not displayed in Roundcube webmail in folder sections to be subscribed to.
doveadm mailbox list -u <username>
I appreciate that replication does not work with public mailboxes, I'll have to look at that further.
Many thanks
Dan
On 26/08/25, Daniel Botting via dovecot (dovecot@dovecot.org) wrote:
I'm configuring a public namespace for an existing Dovecot install, I have the public namespace configured and working in a basic manner (it can be subscribed to in an MUA and mail can be moved into it for a specified user named in the dovecot-acl file).
I would like the public folder to display with an empty prefix as below, but I understand you cannot have two 'prefix =' (empty prefixes) :
<snip>
namespace { list = no location = maildir:/srv/vmail/public:INDEXPVT=~/Maildir/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = ... prefix = separator = / <--- I'd like this to be a . instead } namespace subscriptions { hidden = yes list = no location = prefix = subscriptions/ <--- had to put something here because inbox namespace was empty subscriptions = yes }
The examples at https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/public_sha... has the prefix for subscriptions set simply as 'prefix =', but with a specific 'location' defined together with an 'alias_for'. Do the defaults (once the location path is correct) not work for you?
Regarding separators the rules are set out here: https://doc.dovecot.org/2.3/configuration_manual/namespace/#hierarchy-separa..., although you've probably seen that. Note that "The ^ separator is troublesome with Thunderbird"...but I don't see why that might be causing the issue you've seen. Anyhow for Maildir the default separator appears to be "." (see the 'namespace/separator' config docs) -- perhaps comment out the separator settings and try another MUA?
Rory
Hi Rory,
Thanks for your prompt response last night, much appreciated.
I'm currently rebuilding my test infra at the moment, I'll let you know further when I've tested.
Many thanks
Daniel
On 27/08/25, Daniel Botting via dovecot (dovecot@dovecot.org) wrote:
Thanks for your prompt response last night, much appreciated.
I'm currently rebuilding my test infra at the moment, I'll let you know further when I've tested.
I used the official Docker image to debug things. It made the edit/check/redo cycle much faster for me.
https://github.com/rorycl/dovecot-config has some instructions and example configs.
Hi Rory,
Thank you for your help, much appreciated.
I have rebuilt my test mail infra and resolved the two problems I was experiencing (I think it was / at the end instead of a dot):
public^subfolder
Followed this: https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/public_sha...
Public folder not showing in roundcube, I worked out that the dovecot-acl file must be in the relevant mailbox (subfolder), once the acl is set for that user it shows up. If you comment out the line it disappears.
I have another question please, if I may.
LDAP is currently used to lookup users and their relevant password in dovecot-ldap.conf.ext file, what I'm looking to do is lookup the ldap group they would belong to for the dovecot-acl file. I'll illustrate below:
dovecot-acl file example:
user=testuser lr
what I'd like to replace with is:
dovecot-acl file
group=ldap_user_group lr
I've been doing lots of reading this afternoon, but if you are or anyone else is able to point me in the right direction that would be really appreciated.
Many thanks
Daniel
On 01/09/25, Daniel Botting via dovecot (dovecot@dovecot.org) wrote:
LDAP is currently used to lookup users and their relevant password in dovecot-ldap.conf.ext file, what I'm looking to do is lookup the ldap group they would belong to for the dovecot-acl file. I'll illustrate below:
dovecot-acl file example:
user=testuser lr
what I'd like to replace with is:
dovecot-acl file
group=ldap_user_group lr
Hi. I'm certainly no LDAP expert, but the Debian Trixie config for 2.4.x seems helpful. You can check it out here:
https://salsa.debian.org/sur5r/dovecot/-/blob/master/debian/conf/conf.d/auth...
I assume you can swap out 'user' in the example with 'group'?
passdb ldap { ... fields { user=%{ldap:uid} ... } }
Best wishes, Rory
Apologies for the delay in replying, I got it working, I'll follow-up with further information.
I've got a few additional questions as below:
1/ The v2.3 docs here - https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/public_sha... (right up the top of the page, first config example box).
They advise - When creating any namespaces, you must also have a private namespace.
Our current config for inbox namespace (users mailboxes) is below:
namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = }
The public mailbox config is working as I would expect:
a/ mail is delivered to the public mailboxes by the MTA (Exim4) b/ mail is delivered by the LDA to the user inboxes
Does it still need type = private in that block?
2/ I had until today the below in the config:
https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/public_sha...
Minus the last two lines (I wasn't sure if needed):
alias_for = INBOX/ # the INBOX namespace's prefix location = <same as mail_location>:SUBSCRIPTIONS=subscriptions-shared
I've restarted Dovecot and it still seems to work as expected (mail delivery and users only being able to subscribe to those files that dovecot-acl specifies they should have access to), do I need this block?
3/ I'm not configuring read-only-maildirs and only one public namespace (it happens to be in this section of the docs, unless I'm misunderstanding something), but it is possible that a public mailbox (directory name) could have the same name as a folder in the users inboxes. Do I need to configure INDEX and CONTROL directories to avoid problems or is it just for multiple public namespaces?
https://doc.dovecot.org/2.3/configuration_manual/shared_mailboxes/public_sha...
Many thanks as always
Daniel
participants (2)
-
daniel.botting@codethink.co.uk
-
Rory Campbell-Lange