[Dovecot] Dovecot namespace solved while writing; preparing to refilter
Hi!
My plea to readers:
Pls., people who only want strictly technical issues to read, and frown at any broader context regardless how intrinsically related, but not strictly technically related, it might be, skip all the way, all the way to, search for exact words: "strictly technical" or visually, find two lines of sole "===" characters. Thank you!
Upon umptieth failure, and having cloned the system onto another same arch, much more: same MBO-model box (cloning and restoring clean is my defence to get the system into as clean a state as can be, after any longer time online --I had had systems comprimised, and now I am a little paranoid)...
So, after weeks of some failures in some phases of installations of dovecot and friends (as explained further in this text), I cloned the same system, but from previously taken clean backup, used it some time, and now I want to update the mailbox back because now the first system is in clean state, having I restored from clean backup...
This is a Debian weekly testing install, which I clone btwn two same MBO-model boxes to keep it as clean as a non-expert user like me can have it... To a large extent I do trust installing and update/upgrading my systems from the weekly builds (but hey, why don't they PGP-sign those as kernel tarballs and as Grsecurity or Tor-browser tarballs are signed? any Debian developer reading this, why not?)... because I can check with some trust the weekly builds' sums for integrity, but how and why could or would I trust simply installing anything straight from the internet?
By cloning (I used to dd disk dump when cloning, but nowadays it seems faster and reliable enough with Sysresccd's fsarchiver, so I dd just the small boot partition), by cloning I keep the system as close to clean as those non-pgp-signed weekly builds allow...
Now add to that that the real FFmpeg is not allowed into Debian, and I am a fan of it (I very much use it, it's running almost all the time, on some or other of my systems), but you have to get it through deb-multimedia.org if you want it on Debian (what freedom is that, banning programs from official repositories?!)... and add to that that I want Grsecurity/Pax at all cost, in my system, and not:
http://www.nsa.gov/research/selinux/
which I don't want in my system, at all cost, but to which the Debian current leadership seems to be total-blind-fidelity bound to...
Add those and you get pretty much all the basic ingredients of my fight for freedom and true privacy which are layed siege onto in the GNU/Linux Operating System and the few related other free OS's, in most of its flavors and branches and deployments of the day, from the outside and also from the inside.
Because even with the long-delayed-in-updating gNewSense, for insufficient developer power (I mean: too few), probably, what's the use of the fine deblobbed kernel if they put SELinux into it? Where's freedom with what I suspect can not be other than fake security with surreptitious surveillance?
(BTW, go and ask people, but not loudly, who compile their Gentoo's --there' a link to my short post on forums.gentoo.org a few lines below-- like I compile (on other systems of mine), only a minority of very uninformed or some special entities' aficionados use anything other than Grsecurity on their Hardened Gentoos --and Gentoo is unquestionably the leader in hardening-- it's not just me, it's only that I am loud about it)...
But I also tried to call this issue to GNU-freedom seeking people's attention such as here:
https://lists.nongnu.org/archive/html/gnewsense-users/2013-09/msg00001.html and entire thread: Grsecurity on gNewSense, but for real?
I didn't mean to dwell on these issues here, and it is not the reason I write my messege to dovecot-mailing list, but this is the broad perspective of my, and I am sure not only my case, of my deployment of dovecot and broadly these are the reasons why I deploy it on my system.
No, this broader picture I don't think is not off-topic. I did think hard about it... No, I believe it is good to mention these issues in this post-Snowden era when the scale and scope of total surveillance can not be successfully sneered and scoffed at and dismissed, like some "exceptional" (Obama talking to the U.S. of A. nation in September 2013, in his quest for support, thankfully lacking, of then being planned Iraq-2003-like-in-pretence-and-lies attack-to-be on Syria)... like some "exceptional" people would want it (that's the Gentoo Forum's link mentioned above)...
http://forums.gentoo.org/viewtopic-t-967806.html A case of actual protection of my Gentoo box by Grsecurity
At least these issues should not be anymore successfully sneered and scoffed at and dismissed, but we're all less and less free as mankind...
And, since I don't connect to my SOHO network the box which I open to the internet, I have mails to refilter into the very probably clean cloned box... And I need to refilter using dovecot (which I finally got to work)...
These lines, all the dozen or so paragraphs from the beginning up unto here, do appear first for reading, but are written just about all the very last, after the rest of the text below has already been written, except the final proofreading notes intersparsed).
=============================================================================
Now nearly only strictly technical I go, for the sake of people who prefer so.
That maildir mailbox being all poorly sorted (I must have made other mistakes, I am just still new and generally lack expertise in all these true mailer tools; but very impressed I am with them! thanks Sirainen, thanks Varshavchik, thanks MuttDude, thanks Venema, and all, I admire you people!), so I removed the old Maildir and I made this scriptlet:
This is my configuration:
me@mybox:# dovecot -n # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.10.9-grsec-130827 x86_64 Debian jessie/sid auth_debug = yes mail_debug = yes mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = acl quota mail_privileged_group = mail namespace { hidden = yes inbox = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u prefix = "#mbox/" separator = / } namespace { location = maildir:~/Maildir prefix = separator = / } passdb { args = dovecot driver = pam } protocols = " imap" ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd } protocol imap { mail_plugins = acl quota imap_acl imap_quota mail_log notify } me@mybox:#
cd ~ maildirmake Maildir maildirmake -f Drafts Maildir/ maildirmake -f Sent Maildir/ maildirmake -f someFolder1 Maildir/ maildirmake -f someFolder2 Maildir/ maildirmake -f someFolder2.Facebk Maildir/
One note: pls. don't get me wrong, I hate Stasibook (Facebk above is less typing, but it's for Facebook mail), I just would like to learn enough to teach and get at least some of my friends who "socialize" there out of reach of those stasi-like entities that Zuck and his Gang serve all the "socializing" users' data to, which is so hard a task for me to do, but which desire keeps me moving in this steep-learning-curve quest of mine that got me this far where I am now, with dovecot and other tools. That is the reason I am still subscribed there, to be able to follow what my people do, occasionally. I'm not logging into that walled-off sewage-like stasi hole featuring as virtual garden!
I saved that scriplet as maildirmake_00.sh, then
$ chmod 755 maildirmake_00.sh
and ran it.
me@mybox:~$ ./maildirmake_00.sh
And I have, I guess so far, all correct:
me@mybox:~$ ls -la Maildir/ total 40 drwx------ 10 mr mr 4096 Oct 1 23:06 . drwxr-xr-x 33 mr mr 4096 Oct 1 23:06 .. drwx------ 2 mr mr 4096 Oct 1 23:06 cur drwx------ 5 mr mr 4096 Oct 1 23:06 .Drafts drwx------ 5 mr mr 4096 Oct 1 23:06 .someFolder1 drwx------ 5 mr mr 4096 Oct 1 23:06 .someFolder2 drwx------ 5 mr mr 4096 Oct 1 23:06 .someFolder2.Facebk drwx------ 2 mr mr 4096 Oct 1 23:06 new drwx------ 5 mr mr 4096 Oct 1 23:06 .Sent drwx------ 2 mr mr 4096 Oct 1 23:06 tmp me@mybox:~$
I really hope no mistake I made so far.
someFolder1 and someFolder2 are for two different servers I get my mail from. Will probably need to tell some more about them later if the thread develops, when the problems I have are more fully explained/solved/expanded.
Now the dovecot. It has, in Debian, and I'm on weekly testing branch, currently up to date, actually last week's, that's just a little behind... It has 15-mailboxes.conf like this (only pasting non-commented lines),
/etc/dovecot/conf.d/15-mailboxes.conf
namespace inbox { mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Trash { special_use = \Trash } mailbox Sent { special_use = \Sent } }
[ here is a time lapse of cca 5-10 hours ]
Well, since I began writing, I realized that I can get the namespace to work properly, but exactly only without the above: /etc/dovecot/conf.d/15-mailboxes.conf (I mean with all the lines above commented out)
It kept telling me this (in the logs I find):
Error: user me: Initialization failed: namespace configuration error: Duplicate namespace prefix
Let me first say that it's I finally got closer to solution, and saw directories with mutt as ~/Maildir/this/that instead of what maildirs are: ~/Maildir/.this.that only after getting the following in the 10-mail.conf
/etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir:LAYOUT=fs mail_plugins = acl quota
namespace { separator = / location = mbox:~/mail:INBOX=/var/mail/%u inbox = yes hidden = yes list = no } namespace { separator = / prefix = location = maildir:~/Maildir }
It's what is recommended in <Namespaces.txt> on the wiki and maybe other places. But only after the 15-mailboxes.conf was completely commented out.
Now I can view my mailbox from anywhere on my network, I guess (tried from the other box and from the same box with mutt, it works!).
So namespace is solved I guess.
However, for my mail system to completely function in the right GNU/Linux way, I have to get more GNU good things together in harmony. Naming some of the other dovecot friends:
*getmail*, which hands on to *maildrop* for delivery...
And *postfix* with TLS for sending mail, via 465 port, *stunnel*... That bit feels daunting to me, really...
This namespace thing also cost me a few ounces of raw nerves and some occasional darkness in feelings...
The worse is still before my mind constantly: still not being able to send mail the normal way, since the normal way is simply not in cleartext anymore... I probably could just fine sent to port 25, but after all the political persecution and censorship that as homeland-living dissident I suffered and still suffer, I don't see that as a solution at all...
The obscured morale that I was upon me for a while is due to that stunnel connection not being yet set up... So, sending this from the web yet, I guess (prepared upfront, jealous of my time fixing systems that suffer from strange behavior or break whenever I'm longer online)...
However, since I have been writing this not really hoping to get the namespace working in the process (quite a few days I spent on it, and weeks on mail system altogether, I can only hope to get the stunnel right if I really study it as if attending university classes, I'm afraid, just like the hurdles that I went finally past cost me real studying your manuals, my GNU freedom heros!)...
...And this message I having had started some five or ten hours ago [ before the final broader picture paragraphs that are all in the beginning part of the message; this very note is at the time of the very last proofreading ], now I see that I went different direction before discovering the setup for namespace that worked for me.
How I used maildirmake (it's the maildrop's not the dovecot's one) I thought but now see doesn't probably have much to do with the solution for namespace I found.
I leave it there though, because I need to fix the mailbox by refiltering it, with the aid of the dovecot server, similar to how it is explained in:
http://wiki.dovecot.org/HowTo/RefilterMail
Because I got some syntax wrong in ~/.mailfiler for the maildrop MDA, and then I got some of those wrongly named (numbered, no a-z, only 0-9 digits in names) fake mailing-list folders that can be seen in my post on mutt mailing-list:
http://marc.info/?l=mutt-users&m=138021971816188&w=2 (the .muttrc however is completely different now, sure, than in that link)
I hope the main, the namespace dovecot part of this message may elicit someone's advice, if they got past that phase with the 15-mailboxes.conf at its default. Or it is explained in the manuals I need to give a second or a third read to understand them...
And I'll be back to report if I made ordered mails in my Maildir right with the refiltering. Just pls. allow time, I'm a late adopter, I'm 56 years of age, can't make these things as quick as you youngsters do it.
Thanks for the fine Dovecot mail server!
Miroslav Rovis Zagreb, Croatia
participants (1)
-
miro.rovis@croatiafidelis.hr