[Dovecot] Shared mailbox ACL

Fri Jan 24 11:40:41 EET 2014

Hi everyone,

I am having some trouble with shared folders in trying to replicate how we use them with a Cyrus backend.

The auth database is Samba4 active directory, so I am using an LDAP lookup to authenticate and forcing the UID and GID to be all the same. I have a post-login script that sets the group ACL, and this seems to be working fine. /mnt/mail is an NFS mount to a FreeNAS machine, and there is only one Dovecot server connecting to that NFS share.

I have been able to get the inbox of the shared mailbox to appear in Thunderbird, but I would like to allow all subfolders to have the same ACLs. Is there a way to do this without having an ACL entry for each folder in the dovecot-acl file? I also cannot seem to create folders under the shared inbox.

Thanks.

Below is the output of /mnt/mail/acl/shared-mailboxes
shared/shared-boxes/group/accounting/accounting
1
shared/shared-boxes/group/team1/team1
1
shared/shared-boxes/group/team2/team2
1

Below is the output of dovecot -n

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-22-pve x86_64 Debian 7.3 nfs
auth_mechanisms = plain login
auth_username_format = %n
mail_debug = yes
mail_location = maildir:/mnt/mail/mailboxes/%n/Maildir:INDEX=/var/local/dovecot-indexes/%n
mail_plugins = acl
mail_shared_explicit_inbox = no
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  list = yes
  location = maildir:/mnt/mail/mailboxes/%%n/Maildir:INDEX=/var/local/dovecot-shared/%%n
  prefix = ZGroup/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_defaults_from_inbox = yes
  acl_shared_dict = file:/mnt/mail/acl/shared-mailboxes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap lmtp sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-postlogin {
  executable = script-login /usr/local/bin/postlogin.py
  user = vmail
}
service imap {
  executable = imap imap-postlogin
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = vmail
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota sieve
}
protocol lda {
  mail_plugins = quota sieve
}
protocol imap {
  mail_plugins = acl imap_acl
}