[Dovecot] Shared Mailboxes in a multi domain environment
Hi,
I would like to enable mailbox sharing for my users. I'm using dovecot 2.1.9 with vpopmail authentication. For security reason shared mailboxes should be available only for users of the same domain.
Dovecot's wiki suggest to enable acl like this:
plugin { # assumes mailboxes are in /var/mail/%d/%n: acl_shared_dict = file:/var/mail/%d/shared-mailboxes.db }
but in vpopmail, and also in many others configuration, mailboxes are, for example, in /var/mail/nas1/%d, /var/mail/nas2/%d and so on, so it's difficult to restrict shared mailboxes available only for the same domain. A trick could be set acl_shared_dict to /var/mail/%d-shared-mailboxes.db, but I don't know if it's safe on an NFS environment.
So, why don't provide a way to restrict shared mailboxes also for dict in SQL?
One way could be to add to "user_shares" table a column "domains" which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a "WHERE %n = domain" for the SELECT.
Are there other possible solutions? Thanks
-- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
On 17.9.2012, at 10.09, Alessio Cecchi wrote:
I would like to enable mailbox sharing for my users. I'm using dovecot 2.1.9 with vpopmail authentication. For security reason shared mailboxes should be available only for users of the same domain.
Dovecot's wiki suggest to enable acl like this:
plugin { # assumes mailboxes are in /var/mail/%d/%n: acl_shared_dict = file:/var/mail/%d/shared-mailboxes.db }
but in vpopmail, and also in many others configuration, mailboxes are, for example, in /var/mail/nas1/%d, /var/mail/nas2/%d and so on, so it's difficult to restrict shared mailboxes available only for the same domain. A trick could be set acl_shared_dict to /var/mail/%d-shared-mailboxes.db, but I don't know if it's safe on an NFS environment.
As long as all the servers have access to the file it doesn't matter where it is. You could even do something like /var/mail/nas1/shared-dict/%d.db
So, why don't provide a way to restrict shared mailboxes also for dict in SQL?
One way could be to add to "user_shares" table a column "domains" which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a "WHERE %n = domain" for the SELECT.
If you don't include %d as part of the shared namespace prefix you already restrict the users sharing within same domain, no need for extra SQL WHEREs.
Il 17/09/2012 14:44, Timo Sirainen ha scritto:
So, why don't provide a way to restrict shared mailboxes also for dict in SQL?
One way could be to add to "user_shares" table a column "domains" which is the same domain of the mailbox'owner and a config option, for acl, like acl_only_for_same_domain =yes/no so dovecot can add a "WHERE %n = domain" for the SELECT. If you don't include %d as part of the shared namespace prefix you already restrict the users sharing within same domain, no need for extra SQL WHEREs.
Good, after change my shared namespace from
namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared }
to
namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%n/ ## <<=- change %u to %n separator = / subscriptions = no type = shared }
shared mailboxes have become available only inside the same domains.
Thanks!
-- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/ @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
participants (2)
-
Alessio Cecchi
-
Timo Sirainen