[Dovecot] Shared mboxes
I've been looking at some documentation on shared mail accounts. But I'm getting mixed thoughts on how this can or should be done.
I use mbox for all my pop and imap folders since I've converted from a uw-imap server. The first thing that makes me wonder about setup is that I've been told to not use maildir and mbox on the same machine, although I'm not really sure why since it seems this would work OK, but anyway, I'm guessing I should stick with mbox for the shared accounts.
Secondly, I'm sure I'd need a namespace to use which ever format, so there's private, public, and shared types. Most of the stuff I'm reading seems to suggest "public" as a type instead of "shared". So what's shared for anyway?
I want to use this shared account so that email can be sent to this account, and be shared by only a few people, but I'm reading where locks and such don't work with mbox, so in my mind, how do you avoid corruption and why not just make a normal account and let people hack away at the data?
I've not even got to the questions in my mind about how to set up the account, but figured if I could get the above straight, I might be able to fuddle my way through it.
Help would be truly appreciated.
steve campbell
On 3/5/2012 1:30 PM, Steve Campbell wrote:
I've been looking at some documentation on shared mail accounts. But I'm getting mixed thoughts on how this can or should be done.
I use mbox for all my pop and imap folders since I've converted from a uw-imap server. The first thing that makes me wonder about setup is that I've been told to not use maildir and mbox on the same machine, although I'm not really sure why since it seems this would work OK, but anyway, I'm guessing I should stick with mbox for the shared accounts.
Secondly, I'm sure I'd need a namespace to use which ever format, so there's private, public, and shared types. Most of the stuff I'm reading seems to suggest "public" as a type instead of "shared". So what's shared for anyway?
I want to use this shared account so that email can be sent to this account, and be shared by only a few people, but I'm reading where locks and such don't work with mbox, so in my mind, how do you avoid corruption and why not just make a normal account and let people hack away at the data?
I've not even got to the questions in my mind about how to set up the account, but figured if I could get the above straight, I might be able to fuddle my way through it.
Help would be truly appreciated.
Start here: http://wiki.dovecot.org/SharedMailboxes
-- Stan
On 3/5/2012 6:16 PM, Stan Hoeppner wrote:
On 3/5/2012 1:30 PM, Steve Campbell wrote:
I've been looking at some documentation on shared mail accounts. But I'm getting mixed thoughts on how this can or should be done.
I use mbox for all my pop and imap folders since I've converted from a uw-imap server. The first thing that makes me wonder about setup is that I've been told to not use maildir and mbox on the same machine, although I'm not really sure why since it seems this would work OK, but anyway, I'm guessing I should stick with mbox for the shared accounts.
Secondly, I'm sure I'd need a namespace to use which ever format, so there's private, public, and shared types. Most of the stuff I'm reading seems to suggest "public" as a type instead of "shared". So what's shared for anyway?
I want to use this shared account so that email can be sent to this account, and be shared by only a few people, but I'm reading where locks and such don't work with mbox, so in my mind, how do you avoid corruption and why not just make a normal account and let people hack away at the data?
I've not even got to the questions in my mind about how to set up the account, but figured if I could get the above straight, I might be able to fuddle my way through it.
Help would be truly appreciated. Start here: http://wiki.dovecot.org/SharedMailboxes That's where most of my questions originated, but thanks for the reply.
(Sorry for the first response - I sent it to the poster, not the list).
Maybe I'm misunderstanding concepts here and I'm trying to use something I don't need to use. I'm really new to dovecot, and as I learn all the ins and outs, I'm finding a lot of this doesn't seem to be "turning on any light bulbs" until after I've played with it a while.
What I've done in the past with the old imap server is to create an account (unix account), so the smtp server puts the mbox (what is referred to as the INbox) in /var/spool/mail. Users who needed to "share" this mailbox would be give the account user name and the password for this account and would add an Imap account to their mail client. This would sometimes cause locking problems or client corruption due to email removals mostly. This is basically a normal, non-shared account.
Now that I've moved to dovecot on a new, updated server, I'd like to use the facilities of dovecot for the truly shared accounts. I'm not sure if I need to create the account like before, but seems like I'd have to in order to get the smtp server to deliver new email to /var/spool/mail/%u.
As I see it, I've got to create a namespace for shared accounts and configure this on the multiple-user's clients so that when they access the Inbox and imap files under /home/%u/mail, they don't butt heads, so they're some locking involved. I could use acls for this, but don't have to according to the documentation. I can grant permissions to each user that is included in the acl, and I can create dovecot "groups" to use as a basis for this permission.
I'm hoping this is pretty much the way it's done, and I want to keep with mbox format for all files and folders. I'm also hoping that this is the way it's supposed to be used, but I get conflicting ideas about what the documentation is really telling me.
Anyway, I'll play with this and see where I get. I've still not found out where to create these dovecot "groups" other than it seems to use a userdb file somewhere.
Thanks for the help so far
steve
On 3/6/2012 8:28 AM, Steve Campbell wrote:
http://wiki.dovecot.org/SharedMailboxes That's where most of my questions originated, but thanks for the reply.
Steve, all the information you need is behind that link.
Maybe I'm misunderstanding concepts here
Very possibly.
What I've done in the past with the old imap server is to create an account (unix account), so the smtp server puts the mbox (what is referred to as the INbox) in /var/spool/mail. Users who needed to "share" this mailbox would be give the account user name and the password for this account and would add an Imap account to their mail client. This would sometimes cause locking problems or client corruption due to email removals mostly. This is basically a normal, non-shared account.
Locking problems with multiple users hitting mbox files is unavoidable. The same is true when a single user hits an mbox from multiple client devices simultaneously--PC, smart phone, tablet, etc. Which is why you do not want to use mbox file format for shared mailboxes, but maildir instead, because each email is a separate file. Please note, from the link I provided:
Maildir: Per-user \Seen flag
With Maildir a dovecot-shared file controls if the \Seen flags are shared or private. The file must be created separately inside each Maildir, although if the file already exists in the Maildir root it's automatically copied for newly created mailboxes. If dovecot-shared file doesn't exist in Maildir, the \Seen flags are shared. If it exists, the \Seen flag state is stored only in the user's index files. By making each user have their own private index files, you can make the \Seen flag private for the users.
Simple concept above: each user of the shared mailbox sees "new" mail. One user accessing new mail and marking it as read doesn't mark that message as read for other shared users. You can not do this with mbox file format, only maildir.
Maildir: Keyword sharing
Make sure you don't try to use per-user CONTROL directory. Otherwise dovecot-keywords file doesn't get shared and keyword mapping breaks.
Other mailbox formats
Currently you can't have any per-user flags with other mailbox formats than Maildir.
-- Stan
On 3/6/2012 3:17 PM, Stan Hoeppner wrote:
On 3/6/2012 8:28 AM, Steve Campbell wrote:
http://wiki.dovecot.org/SharedMailboxes That's where most of my questions originated, but thanks for the reply. Steve, all the information you need is behind that link.
I've gone over that set of links on that page a dozen times. Perhaps I'm trying to put a square peg in a round hole by using mbox, but they keep providing information on it, so I guess I was just pounding away.
But then there's that "don't use maildir and mbox together". All of the accounts on this server are carry-overs from the UW-IMAP server, so perhaps I should have converted those to maildir. Seems as though it's OK when they don't apply to the same type namespace.
Maybe I'm misunderstanding concepts here Very possibly.
What I've done in the past with the old imap server is to create an account (unix account), so the smtp server puts the mbox (what is referred to as the INbox) in /var/spool/mail. Users who needed to "share" this mailbox would be give the account user name and the password for this account and would add an Imap account to their mail client. This would sometimes cause locking problems or client corruption due to email removals mostly. This is basically a normal, non-shared account. Locking problems with multiple users hitting mbox files is unavoidable. The same is true when a single user hits an mbox from multiple client devices simultaneously--PC, smart phone, tablet, etc. Which is why you do not want to use mbox file format for shared mailboxes, but maildir instead, because each email is a separate file. Please note, from the link I provided:
I've experienced that type of locked mailbox before on the old server. Users insist on accessing their email account as a pop account on their desktop with the "check for new mail every so many minutes" turned on and still keep their smartphones on while accessing it as an imap account so they can still download the files to their desktop when they return.
Maildir: Per-user \Seen flag
With Maildir a dovecot-shared file controls if the \Seen flags are shared or private. The file must be created separately inside each Maildir, although if the file already exists in the Maildir root it's automatically copied for newly created mailboxes. If dovecot-shared file doesn't exist in Maildir, the \Seen flags are shared. If it exists, the \Seen flag state is stored only in the user's index files. By making each user have their own private index files, you can make the \Seen flag private for the users.
Simple concept above: each user of the shared mailbox sees "new" mail. One user accessing new mail and marking it as read doesn't mark that message as read for other shared users. You can not do this with mbox file format, only maildir.
Maildir: Keyword sharing
Make sure you don't try to use per-user CONTROL directory. Otherwise dovecot-keywords file doesn't get shared and keyword mapping breaks.
Other mailbox formats
Currently you can't have any per-user flags with other mailbox formats than Maildir.
So just to clarify, is it OK to have a maildir account setup on this server for these shared/imap access only accounts along with the mbox accounts already on there?
Thanks for the patience and help
steve
On 3/6/2012 3:01 PM, Steve Campbell wrote:
I've experienced that type of locked mailbox before on the old server. Users insist on accessing their email account as a pop account on their desktop with the "check for new mail every so many minutes" turned on and still keep their smartphones on while accessing it as an imap account so they can still download the files to their desktop when they return.
Using IMAP on the phone and POP on the PC doesn't make any sense. Is there a (valid) reason why these people insist on this phone/IMAP and PC/POP setup? This seems seriously counter intuitive/productive.
So just to clarify, is it OK to have a maildir account setup on this server for these shared/imap access only accounts along with the mbox accounts already on there?
Yes. With Dovecot it is possible to specify mail_location on a per user basis:
http://wiki.dovecot.org/MailLocation
You can even do a split mailbox type setup per user using multiple namespaces, for example specifying that INBOX use mbox with all other mail being stored in maildir format:
http://wiki.dovecot.org/Namespaces
Thanks for the patience and help
Sure thing.
-- Stan
On 3/7/2012 3:47 PM, Stan Hoeppner wrote:
On 3/6/2012 3:01 PM, Steve Campbell wrote:
I've experienced that type of locked mailbox before on the old server. Users insist on accessing their email account as a pop account on their desktop with the "check for new mail every so many minutes" turned on and still keep their smartphones on while accessing it as an imap account so they can still download the files to their desktop when they return. Using IMAP on the phone and POP on the PC doesn't make any sense. Is there a (valid) reason why these people insist on this phone/IMAP and PC/POP setup? This seems seriously counter intuitive/productive. The bulk of these type users are sales staff. They use their desktop when their in the office. For years, the only type of email account we used was pop just because that was the way it was. We used horde for webmail, which read these type of accounts just fine. Once they needed email in the field, it was necessary to either set up their phones to use pop and keep email on the server so that they could download the email to their desktop, or use imap on the phones. They typically don't use any folders they've created on the imap account when accessing mail on the desktop.
It would be a nightmare going to each desktop, finding a time when each and every user would have the time to allow us to change things, and switching all of the accounts.
It may not seem to be a good way of doing things, but it's just the way our system here has evolved. Now that we're down to skeleton-type staffing, it's not easy to find the time and manpower to accomplish change when it "ain't broke". The occasional locked mailbox was easier to resolve that the massive change to all user's accounts. This all came about because I installed a new server to replace the old, and dovecot became the pop/imap server.
So just to clarify, is it OK to have a maildir account setup on this server for these shared/imap access only accounts along with the mbox accounts already on there? Yes. With Dovecot it is possible to specify mail_location on a per user basis:
http://wiki.dovecot.org/MailLocation
You can even do a split mailbox type setup per user using multiple namespaces, for example specifying that INBOX use mbox with all other mail being stored in maildir format:
http://wiki.dovecot.org/Namespaces
Thanks for the patience and help Sure thing.
Again, thanks for the help.
participants (2)
-
Stan Hoeppner
-
Steve Campbell