[Dovecot] issues with ACL and Public Namespaces
Anton Dollmaier
antondollmaier at aditsystems.de
Tue Oct 6 17:18:39 EEST 2009
Hi all,
after configuring dovecot to serve private and Public Namespaces per
domain with ACLs per shared folder, everything worked great:
In every shared folder I created a "dovecot-acl"-file with the
permissions of every user:
> user=user5 at example.com
> user=user6 at example.com lrwstiea
The subscriptions are handled with "subscriptions=no", so every local
User can subscribe to shared folders as he likes. As the shared folders
are managed via webinterface, the cronjob creating and deleting the
folders also changes the subscriptions of every user, adding or removing
the public folders as permissions are granted.
RoundCube Webmail, Thunderbird and Outlook have no problems accessing
and using the public folders, but a customer has problems with his Mac:
In Apple Mail the folders are not visible, even when subscriptions are
previously set in another mailclient.
In RoundCube, I spottet another issue: subscribed public folders are
usable in the "Mail"-area, but no public folder is listed in the
"Folder"-settings - not even the already subscribed ones.
Setting "list=yes" to the public namespace, RC lists only the prefix
"shared" as a folder, but no subfolders - "list=children" shows no
folder at all.
As I checked the rawlog and debug-infos with "mail_debug=yes", I saw the
possible cause for my problems:
When checking the Folder Subscriptions in RoundCube, Dovecot tries to
find an ACL file for the public folders, but does not check the public
folders, but in the private Maildir:
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Loading modules from directory: /usr/lib/dovecot/modules/imap
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib01_acl_plugin.so
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_autocreate_plugin.so
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_expire_plugin.so
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Effective uid=249, gid=249, home=/var/mail/vmail/example.com/user6/
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: No acl_shared_dict setting - shared mailbox listing is disabled
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota root: name=INBOX backend=dict args=:proxy::quotadict
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=INBOX mailbox=* bytes=52428800 messages=0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=INBOX mailbox=Trash bytes=62914560 messages=0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota warning: bytes=49807360 (95%) messages=0 command=/usr/local/bin/quota-warning.sh 95
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota warning: bytes=41943040 (80%) messages=0 command=/usr/local/bin/quota-warning.sh 80
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota root: name=shared backend=dict args=example.com:ns=shared.:proxy::quotadict
> Oct 6 15:24:16 ipx02 dovecot: imap-login: Login: user=<user6 at example.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=shared mailbox=* bytes=524288000 messages=0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): expire: pattern=Trash type=expunge secs=604800
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): expire: pattern=Spam type=expunge secs=2592000
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): dict quota: user=user6 at example.com, uri=proxy::quotadict, noenforcing=0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): dict quota: user=example.com, uri=proxy::quotadict, noenforcing=0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Namespace: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): maildir: data=~/Maildir
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): maildir++: root=/var/mail/vmail/example.com/user6//Maildir, index=, control=, inbox=/var/mail/vmail/example.com/user6//Maildir
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: initializing backend with data: vfile
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: acl username = user6 at example.com
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: owner = 1
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: Global ACL directory: (null)
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Namespace: type=public, prefix=shared., sep=., inbox=no, hidden=no, list=yes, subscriptions=no
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): maildir: data=/var/mail/vmail/example.com/shared:INDEX=~/shared
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): maildir++: root=/var/mail/vmail/example.com/shared, index=/var/mail/vmail/example.com/user6//shared, control=, inbox=
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: initializing backend with data: vfile
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: acl username = user6 at example.com
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl: owner = 0
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: Global ACL directory: (null)
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Namespace : Using permissions from /var/mail/vmail/example.com/user6//Maildir: mode=0700 gid=-1
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: file /var/mail/vmail/example.com/user6//Maildir/.Sent/dovecot-acl not found
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: file /var/mail/vmail/example.com/user6//Maildir/.Spam/dovecot-acl not found
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: file /var/mail/vmail/example.com/user6//Maildir/.Trash/dovecot-acl not found
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: reading file /var/mail/vmail/example.com/user6//Maildir/dovecot-acl
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: file /var/mail/vmail/example.com/user6//Maildir/.shared.Transfer/dovecot-acl not found
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: file /var/mail/vmail/example.com/user6//Maildir/.shared.Transfer.Test1/dovecot-acl not found
> Oct 6 15:24:16 ipx02 dovecot: IMAP(user6 at example.com): Disconnected: Logged out bytes=73/819
(last three lines are important)
When checking the Folder itself, Dovecot checks in the IMHO correct folder:
> Oct 6 15:25:02 ipx02 dovecot: imap-login: Login: user=<user6 at example.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Loading modules from directory: /usr/lib/dovecot/modules/imap
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib01_acl_plugin.so
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_autocreate_plugin.so
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Module loaded: /usr/lib/dovecot/modules/imap/lib20_expire_plugin.so
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Effective uid=249, gid=249, home=/var/mail/vmail/example.com/user6/
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: No acl_shared_dict setting - shared mailbox listing is disabled
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota root: name=INBOX backend=dict args=:proxy::quotadict
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=INBOX mailbox=* bytes=52428800 messages=0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=INBOX mailbox=Trash bytes=62914560 messages=0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota warning: bytes=49807360 (95%) messages=0 command=/usr/local/bin/quota-warning.sh 95
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota warning: bytes=41943040 (80%) messages=0 command=/usr/local/bin/quota-warning.sh 80
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota root: name=shared backend=dict args=example.com:ns=shared.:proxy::quotadict
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Quota rule: root=shared mailbox=* bytes=524288000 messages=0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): expire: pattern=Trash type=expunge secs=604800
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): expire: pattern=Spam type=expunge secs=2592000
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): dict quota: user=user6 at example.com, uri=proxy::quotadict, noenforcing=0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): dict quota: user=example.com, uri=proxy::quotadict, noenforcing=0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Namespace: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): maildir: data=~/Maildir
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): maildir++: root=/var/mail/vmail/example.com/user6//Maildir, index=, control=, inbox=/var/mail/vmail/example.com/user6//Maildir
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: initializing backend with data: vfile
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: acl username = user6 at example.com
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: owner = 1
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: Global ACL directory: (null)
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Namespace: type=public, prefix=shared., sep=., inbox=no, hidden=no, list=yes, subscriptions=no
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): maildir: data=/var/mail/vmail/example.com/shared:INDEX=~/shared
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): maildir++: root=/var/mail/vmail/example.com/shared, index=/var/mail/vmail/example.com/user6//shared, control=, inbox=
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: initializing backend with data: vfile
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: acl username = user6 at example.com
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl: owner = 0
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: Global ACL directory: (null)
> Oct 6 15:25:02 ipx02 dovecot: IMAP(user6 at example.com): Namespace : Using permissions from /var/mail/vmail/example.com/user6//Maildir: mode=0700 gid=-1
> Oct 6 15:25:03 ipx02 dovecot: IMAP(user6 at example.com): acl vfile: reading file /var/mail/vmail/example.com/shared/.Transfer.Test1/dovecot-acl
> Oct 6 15:25:03 ipx02 dovecot: IMAP(user6 at example.com): expire: No expiring in mailbox: shared.Transfer.Test1
> Oct 6 15:25:03 ipx02 dovecot: IMAP(user6 at example.com): Disconnected: Logged out bytes=85/743
(last four lines are important)
Is this a possible bug related to ACL and Public Namespaces, or do I
have to create the public folders also in the local Maildir and symlink
the dovecot-acl to the public folder?
With the symlinks in place (per Folder), dovecot finds the ACL-files and
lists the folders also in RoundCube's "Folder"-pane and Apple Mail finds
the public folders too.
Upgrading to 1.2.5 failed so far, as my build-server has problems with
automake, have to look into this too.
Thanks in advance!
best regards,
Anton Dollmaier
Output of dovecot -n:
> # 1.2.3: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.18-6-686 i686 Debian 5.0.3
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap imaps pop3s pop3
> listen: *, [::]
> ssl_cert_file: /etc/dovecot/dovecot.pem
> ssl_key_file: /etc/dovecot/dovecot.pem
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> mail_max_userip_connections(default): 25
> mail_max_userip_connections(imap): 25
> mail_max_userip_connections(pop3): 10
> first_valid_uid: 249
> mail_access_groups: poponly
> mail_privileged_group: poponly
> mail_location: maildir:~/Maildir
> mail_debug: yes
> mail_executable(default): /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_plugins(default): quota imap_quota acl autocreate expire
> mail_plugins(imap): quota imap_quota acl autocreate expire
> mail_plugins(pop3): quota expire
> mail_plugin_dir(defamiult): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> imap_client_workarounds(default): netscape-eoh
> imap_client_workarounds(imap): netscape-eoh
> imap_client_workarounds(pop3):
> pop3_client_workarounds(default):
> pop3_client_workarounds(imap):
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> namespace:
> type: private
> separator: .
> inbox: yes
> list: yes
> subscriptions: yes
> namespace:
> type: public
> separator: .
> prefix: shared.
> location: maildir:/var/mail/vmail/%d/shared:INDEX=~/shared
> list: yes
> lda:
> postmaster_address: postmaster at server.example.com
> mail_plugins: quota expire
> quota_full_tempfail: yes
> auth_socket_path: /var/run/dovecot/auth-master
> log_path: /var/log/dovecot-deliver.log
> info_log_path: /var/log/dovecot-deliver.log
> sieve_global_dir: /etc/dovecot/sieve/
> sieve_global_path: /etc/dovecot/default.sieve
> auth default:
> mechanisms: plain login
> passdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> passdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql-master.conf
> userdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> socket:
> type: listen
> client:
> path: /var/spool/postfix/private/auth
> mode: 432
> user: postfix
> group: postfix
> master:
> path: /var/run/dovecot/auth-master
> mode: 432
> user: vmail
> group: vmail
> plugin:
> quota: dict:INBOX::proxy::quotadict
> quota2: dict:shared:%d:ns=shared.:proxy::quotadict
> quota_rule: *:storage=50M:messages=1000
> quota_rule2: Trash:storage=50M:messages=100
> quota2_rule: *:storage=100M:messages=1000
> quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95
> quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80
> acl: vfile
> expire: Trash 7 Spam 30
> expire_dict: proxy::expire
> autocreate: Trash
> autocreate2: Spam
> autocreate3: Sent
> autosubscribe: Trash
> autosubscribe2: Spam
> autosubscribe3: Sent
> dict:
> quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf
> expire: mysql:/etc/dovecot/dovecot-dict-expire.conf
More information about the dovecot
mailing list