[Dovecot] ACL with IMAP proxying
Alexis Lelion
alexis.lelion at gmail.com
Fri Jan 6 13:36:15 EET 2012
Hello,
I'm trying to use ACLs to restrict subscription on public mailboxes, but
I went into trouble.
My setup is made of two servers, and users are shared between them via a
proxy. User authentication is done with LDAP, and credentials aren't
shared between the mailservers. Instead, the proxies are using master
password.
The thing is that when the ACLs are checked, it actually doesn't give
the user login, but the master login, which is useless.
Is there a way to use the first part of destuser as it is done when
fetching info from the userdb?
Any help is appreciated,
Thansk!
Alexis
--------------------------------------------------
ACL bug logs :
104184 Jan 6 12:09:35 mail02 dovecot: imap(user at domain): Debug: acl: acl
username = proxy
104185 Jan 6 12:09:35 mail02 dovecot: imap(user at domain): Debug: acl: owner
= 0
104186 Jan 6 12:09:35 mail02 dovecot: imap(user at domain): Debug: acl vfile:
Global ACL directory: (none)
104187 Jan 6 12:09:35 mail02 dovecot: imap(user at domain): Debug: Namespace
: type=public, prefix=Shared., sep=., inbox=no, hidden=no, list=yes,
subscriptions=no location=maildir:/var/vmail/domain/Shared
--------------------------------------------------
Output of "dovecot -n"
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.3 ext3
auth_debug = yes
auth_master_user_separator = *
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
first_valid_uid = 150
lmtp_proxy = yes
login_trusted_networks = mail01.ip
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%n
mail_nfs_storage = yes
mail_plugins = acl
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location = maildir:/var/vmail/%d/%n
prefix =
separator = .
type = private
}
namespace {
location = maildir:/var/vmail/domain/Shared
prefix = Shared.
separator = .
subscriptions = no
type = public
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
recipient_delimiter = +
sieve_after = /var/lib/dovecot/sieve/after.d/
sieve_before = /var/lib/dovecot/sieve/pre.d/
sieve_dir = /var/vmail/%d/%n/sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
}
postmaster_address = user at domain
protocols = " imap lmtp sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service lmtp {
inet_listener lmtp {
address = mail02.ip
port = 24
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
ssl = required
ssl_cert = </etc/ssl/mailcert.pem
ssl_key = </etc/ssl/private/mailkey.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
verbose_proctitle = yes
protocol doveadm {
auth_socket_path = director-userdb
}
protocol lda {
mail_plugins = sieve
}
protocol imap {
imap_id_send = name
mail_plugins = acl imap_acl
}
protocol lmtp {
passdb {
args = /etc/dovecot/dovecot-sql-lmtp.conf
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-ldap-lmtp.conf
driver = ldap
}
}
More information about the dovecot
mailing list