[Dovecot] Chroot

Sun Nov 13 18:25:55 EET 2011

Hello,

I have successfully setup dovecot with chroot but there are two things yet
1. submission_host problem (I posted message 2 days ago)
2. Problem with acl's and sharing:

all maildirs are located in: /var/mail/jdoe at example.com/Maildir
so:
mail_chroot=/var/mail

I setup acls with:

10-mail.conf
...
namespace {
  type = private
  separator = /
  prefix =.
  inbox = yes
  hidden = no
  list = yes
  subscriptions = yes
}

namespace {
  type = shared
  separator = /
  prefix = shared/%%u/
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  subscriptions = yes
  list = yes
}
...

90-acl.conf
...
plugin {
  acl = vfile:cache_secs=5
}

plugin {
  acl_shared_dict = file:/%i.db
}
...

Setting acl is no problem
there are
  dovecot-acl
  dovecot-acl-list
in Maildir.

and dictionary /var/mail/xxx.db contains list od shares

I can also see shared folder in my IMAP client but when trying to
subscribe i got error:

Error: userdb lookup: connect(/var/dovecot/auth-userdb) failed: No
such file or directory
Error: Namespace 'shared/': Could not lookup home for user jdoe at example.com

/var/dovecot/auth-userdb is not accessible because chroot. But why
userdb is necessary in this case ?

I hope there is a solution without disabling chroot.

Below my basic configuration.

Regards,
Bambero

# 2.0.13: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.0 i386
auth_mechanisms = plain login digest-md5 cram-md5 apop
default_internal_user = _dovecot
default_login_user = _dovenull
first_valid_gid = 1000
first_valid_uid = 1000
last_valid_gid = 10000
last_valid_uid = 10000
mail_chroot = /var/mail
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  autocreate = Trash
  autocreate2 = Spam
  autocreate3 = Sent
  autocreate4 = Drafts
  autosubscribe = Trash
  autosubscribe2 = Spam
  autosubscribe3 = Sent
  autosubscribe4 = Drafts
  quota = maildir:User quota
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +notify +imapflags
  sieve_global_path = /etc/sieve/default.sieve
}
protocols = imap pop3 sieve sieve
service auth {
  unix_listener auth-client {
    mode = 0660
    user = _exim
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl_ca = /etc/ssl/ca-bundle.crt
ssl_cert = </etc/ssl/mycert.crt
ssl_key = </etc/ssl/private/mycert.key
submission_host = 127.0.0.1
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
valid_chroot_dirs = /var/mail
protocol lda {
  mail_plugins = sieve quota autocreate
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
  mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
  mail_plugins = quota imap_quota autocreate
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}