Permissions for shared mail don't work
Hello,
(Sorry if you already received this mail. I sent it without having subscribed to the list, but I never got any confirmation; so I assumed it has been filtered by the anti-spam or something.)
I'm using dovecot v.2.1.7 on Debian Sid, and the output of dovecot -n is available here: http://paste.fulltxt.net/C-O
I'm trying to make the mailbox of (system) user "spam" available to user "ted". I followed these instructions: http://wiki2.dovecot.org/SharedMailboxes/Permissions and it doesn't seem to work. To be more precise:
- I manually (and recursively) changed the permissions of all files in ~spam/Mail to 660 (and 770 for the directories);
- I manually (and recursively) changed the group owner of everything in ~spam/Mail to "mailperso", where "mailperso" is a group whose users are spam and ted;
- I added « mail_access_groups=mailperso » into my dovecot config;
- and I restarted dovecot.
But still, when I send a new email to spam, it appears as being owned by group "spam" and having permissions set to 600, so I can't access it with user "ted". I also tried to set the setgid bit for ~spam/Mail, it didn't change anything, and when I recursively set the setgid for all subdirectories of ~spam/Mail, it gives new mails the correct group (mailperso) but not the correct permissions.
Have I missed something, or is this a bug?
Thanks in advance and best regards,
Damien
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 17 Oct 2014, Damien Desfontaines wrote:
I'm trying to make the mailbox of (system) user "spam" available to user "ted". I followed these instructions: http://wiki2.dovecot.org/SharedMailboxes/Permissions and it doesn't seem to work. To be more precise:
- I manually (and recursively) changed the permissions of all files in ~spam/Mail to 660 (and 770 for the directories);
- I manually (and recursively) changed the group owner of everything in ~spam/Mail to "mailperso", where "mailperso" is a group whose users are spam and ted;
- I added « mail_access_groups=mailperso » into my dovecot config;
- and I restarted dovecot.
But still, when I send a new email to spam, it appears as being owned by group "spam" and having permissions set to 600, so I can't access it with user "ted". I also tried to set the setgid bit for ~spam/Mail, it didn't change anything, and when I recursively set the setgid for all subdirectories of ~spam/Mail, it gives new mails the correct group (mailperso) but not the correct permissions.
Please post (here in the list)
ls -al ~spam/Mail ~spam/Mail/{new,cur}
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVEC2gnz1H7kL/d9rAQKEIAf/b0xU5NqG1UqMy0umd+5PAmuLDf6I/IWU zD7hN/l8X2XPP2sGi5r8SkfIKZCVR/H+KLuZVJoNM5xeGlfg9c51Pd8UPrVlAlsE DnWDdJYY0+TXyqrY+chfK6rqH6+AF5EKIRioKfZmdlaK+jrQc4hHTRJIfCLpx2Ok 7MBHsCcAlPUrhpFAjmek8ylHHRlTZFvDfQei80PBRs7g7ULS+sVPgr1oSggQ1NbY o0j04LMtgcUZwrYNvOj2fr4jzUZkpoohvX2AgDbnEzzrilAYKmVfYUcjBj4Gn3+n T9CyWQCRVf1NKCAkqeH5HXaw6VcDGFUPtJVpNaZKn/ItbhfZHgqu1w== =dUq7 -----END PGP SIGNATURE-----
Hello,
Here it is: http://paste.fulltxt.net/Xzoq9v
You can actually see when I manually changed all permissions, around October 12, and the fact that the messages received afterwards don't have the correct permissions.
Best,
Damien
On Fri, Oct 17, 2014 at 08:26:10AM +0200, Steffen Kaiser wrote:
On Fri, 17 Oct 2014, Damien Desfontaines wrote:
I'm trying to make the mailbox of (system) user "spam" available to user "ted". I followed these instructions: http://wiki2.dovecot.org/SharedMailboxes/Permissions and it doesn't seem to work. To be more precise:
- I manually (and recursively) changed the permissions of all files in ~spam/Mail to 660 (and 770 for the directories);
- I manually (and recursively) changed the group owner of everything in ~spam/Mail to "mailperso", where "mailperso" is a group whose users are spam and ted;
- I added « mail_access_groups=mailperso » into my dovecot config;
- and I restarted dovecot.
But still, when I send a new email to spam, it appears as being owned by group "spam" and having permissions set to 600, so I can't access it with user "ted". I also tried to set the setgid bit for ~spam/Mail, it didn't change anything, and when I recursively set the setgid for all subdirectories of ~spam/Mail, it gives new mails the correct group (mailperso) but not the correct permissions.
Please post (here in the list)
ls -al ~spam/Mail ~spam/Mail/{new,cur}
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Damien Desfontaines wrote:
Here it is: http://paste.fulltxt.net/Xzoq9v
You can actually see when I manually changed all permissions, around October 12, and the fact that the messages received afterwards don't have the correct permissions.
how do you deliver new messages to spam's INBOX?
On Fri, Oct 17, 2014 at 08:26:10AM +0200, Steffen Kaiser wrote:
On Fri, 17 Oct 2014, Damien Desfontaines wrote:
I'm trying to make the mailbox of (system) user "spam" available to user "ted". I followed these instructions: http://wiki2.dovecot.org/SharedMailboxes/Permissions and it doesn't seem to work. To be more precise: - I manually (and recursively) changed the permissions of all files in ~spam/Mail to 660 (and 770 for the directories); - I manually (and recursively) changed the group owner of everything in ~spam/Mail to "mailperso", where "mailperso" is a group whose users are spam and ted; - I added « mail_access_groups=mailperso » into my dovecot config; - and I restarted dovecot.
But still, when I send a new email to spam, it appears as being owned by group "spam" and having permissions set to 600, so I can't access it with user "ted". I also tried to set the setgid bit for ~spam/Mail, it didn't change anything, and when I recursively set the setgid for all subdirectories of ~spam/Mail, it gives new mails the correct group (mailperso) but not the correct permissions.
Please post (here in the list)
ls -al ~spam/Mail ~spam/Mail/{new,cur}
Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQEVAwUBVEJltnD1/YhP6VMHAQI7GAf+NfwOhFasVnecOXWLhrJWO4CNxk7e7A8x 42VudckKbY4WvgvnehhNWTvXYyJUPlDYpyijLWly2T3X2zjsQzwYiR6WCTxUCq5I mncZ7VEiMHRW+qsAQ5UWsZsrkcJy161m8+G3ZzcTyX18O1Zt0UL0DwQ1T2xRUuQx YMVdcvpEP0cygid6NBuT8x6+6MNMpJs3/G+M3SeOOdCgxOdIyYNYPSnlvWc07eJ2 6JC0TBXZ1Nnwf9XHLcSetR6tRBtN5aOQwTl6lpWa9rz31a5LXvR9W1kU19yqVQPA Be2VOwLCJW/eruYqXbxDg/eJZZiZRvnArNjBpteT4RdbDmgit3+SUQ== =KDpC -----END PGP SIGNATURE-----
On Sat, Oct 18, 2014 at 03:05:58PM +0200, Steffen wrote:
Damien Desfontaines wrote:
Here it is: http://paste.fulltxt.net/Xzoq9v
You can actually see when I manually changed all permissions, around October 12, and the fact that the messages received afterwards don't have the correct permissions.
how do you deliver new messages to spam's INBOX?
By sending an e-mail to spam.whatever@desfontain.es ?
(I'm not sure I understand the question?)
Damien
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Damien Desfontaines wrote:
On Sat, Oct 18, 2014 at 03:05:58PM +0200, Steffen wrote:
Damien Desfontaines wrote:
Here it is: http://paste.fulltxt.net/Xzoq9v
You can actually see when I manually changed all permissions, around October 12, and the fact that the messages received afterwards don't have the correct permissions.
how do you deliver new messages to spam's INBOX?
By sending an e-mail to spam.whatever@desfontain.es ?
(I'm not sure I understand the question?)
How does your MTA deliver the messages to the INBOX, do you use Dovecor LDA, LMTP or the MTA?
Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQEVAwUBVEN76nD1/YhP6VMHAQKdygf+JNdSRmEzuUuSzeYTdpBy5lVs9lNVjEP3 WIYbQCySmquUNNxiBGNA/qHqeUol/43JpaoO8Bx3YppPcm/S1pl+oyOkX0GX4Nvu 6XSort0Gk9hPHROTL+xSfXXjwVe1AFJP9V8jjwngl8sAQo467Mn90G4VWlQm37WU jAgZS8oO/mEkiNJrNAOM14OyeTBGJ6wGsUn0QcUCK7D14At6clDvLzVjVOUdY+sa ZK6Mgm9FxnatLLsiZ2rM388h8zfhLFnRiW6PT+ksFV0Vch4hA3mNeOHBLy1PU07+ fxs02OU/mAbg5I6uw93XaQZWmCXFcfmrWGTjp9ZhIsy9m7Wf9rQNKQ== =pUXt -----END PGP SIGNATURE-----
On Sun, Oct 19, 2014 at 10:52:59AM +0200, Steffen wrote:
how do you deliver new messages to spam's INBOX?
By sending an e-mail to spam.whatever@desfontain.es ?
(I'm not sure I understand the question?)
How does your MTA deliver the messages to the INBOX, do you use Dovecor LDA, LMTP or the MTA?
The MTA itself delivers it, I think. Here are my config files :
- http://paste.fulltxt.net/xx31R (/etc/postfix/main.cf)
- and http://paste.fulltxt.net/t9iXRBIH (/etc/postfix/master.cf)
Best,
Damien
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 19 Oct 2014, Damien Desfontaines wrote:
On Sun, Oct 19, 2014 at 10:52:59AM +0200, Steffen wrote:
how do you deliver new messages to spam's INBOX?
By sending an e-mail to spam.whatever@desfontain.es ?
(I'm not sure I understand the question?)
How does your MTA deliver the messages to the INBOX, do you use Dovecor LDA, LMTP or the MTA?
The MTA itself delivers it, I think. Here are my config files :
- http://paste.fulltxt.net/xx31R (/etc/postfix/main.cf)
- and http://paste.fulltxt.net/t9iXRBIH (/etc/postfix/master.cf)
I don't use Postfix, but neither Postfix nor Maildrop honor Dovecot's permission settings obviously. So, you need to re-configure those to set the Unix permissions, too.
I'd recommend to reconfigure Postfix to use Dovecot LMTP: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
or Dovecot LDA. However, if you use maildrop filtering, you have to switch to Dovecot Pigeonhole Sieve filtering.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVESrcHz1H7kL/d9rAQIDlggAgN1l0PA0yWYVIMIpuehVb0bKkdiKsDh1 adP899zThrl8/gKC6TQLldbCi92Kxnudt+yCZef07oFoiZxy3Xj+o7jECJrWI900 LLG1TrwR2IX2jmwKL3XNR2F5nOJl2ePp8YI5LxYZiys2eZ1Ug9Ks0klJTEBzKCY3 cZqad5+T7C1Lp39IjJF9ILPUWaCIFgkTgWBt/TvgXx6zj4zYxFL1bweN2zZOteFz m3nm8GcWlfXs2R9zc7Lpn+SM8IjRAZKB+/PtF2eqDHxQ+D8mddIqDFQhSK30sjfq Cf5ZMB7/+jEzSi4DdEnNwrsSGyuoJCEA5Ekoj1zR5M0HNOWMKy4V6A== =1q+8 -----END PGP SIGNATURE-----
Hi,
Sorry for the crazy latency. I just did that, it works like a charm. And apparently, my postfix aliases still work.
Thanks a lot!
Damien
On Mon, Oct 20, 2014 at 08:27:59AM +0200, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 19 Oct 2014, Damien Desfontaines wrote:
On Sun, Oct 19, 2014 at 10:52:59AM +0200, Steffen wrote:
how do you deliver new messages to spam's INBOX?
By sending an e-mail to spam.whatever@desfontain.es ?
(I'm not sure I understand the question?)
How does your MTA deliver the messages to the INBOX, do you use Dovecor LDA, LMTP or the MTA?
The MTA itself delivers it, I think. Here are my config files :
- http://paste.fulltxt.net/xx31R (/etc/postfix/main.cf)
- and http://paste.fulltxt.net/t9iXRBIH (/etc/postfix/master.cf)
I don't use Postfix, but neither Postfix nor Maildrop honor Dovecot's permission settings obviously. So, you need to re-configure those to set the Unix permissions, too.
I'd recommend to reconfigure Postfix to use Dovecot LMTP: http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
or Dovecot LDA. However, if you use maildrop filtering, you have to switch to Dovecot Pigeonhole Sieve filtering.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVESrcHz1H7kL/d9rAQIDlggAgN1l0PA0yWYVIMIpuehVb0bKkdiKsDh1 adP899zThrl8/gKC6TQLldbCi92Kxnudt+yCZef07oFoiZxy3Xj+o7jECJrWI900 LLG1TrwR2IX2jmwKL3XNR2F5nOJl2ePp8YI5LxYZiys2eZ1Ug9Ks0klJTEBzKCY3 cZqad5+T7C1Lp39IjJF9ILPUWaCIFgkTgWBt/TvgXx6zj4zYxFL1bweN2zZOteFz m3nm8GcWlfXs2R9zc7Lpn+SM8IjRAZKB+/PtF2eqDHxQ+D8mddIqDFQhSK30sjfq Cf5ZMB7/+jEzSi4DdEnNwrsSGyuoJCEA5Ekoj1zR5M0HNOWMKy4V6A== =1q+8 -----END PGP SIGNATURE-----
participants (3)
-
Damien Desfontaines
-
Steffen
-
Steffen Kaiser