Questions on supporting Shared Mailboxes using imapc://

Nathan Coulson nathan at bravenet.com
Fri Nov 6 17:37:53 UTC 2015 

On 2015-10-09 10:33 AM, Nathan Coulson wrote:
>
> I was not able to get a shared mailbox setup working using imapc. 
> Tested using mailboxes on the same server, as well as other servers.
>
> We are using dovecot 2.2.10 from Centos 7, following the guide at 
> http://wiki2.dovecot.org/SharedMailboxes/ClusterSetup
>
>
> imapc_host=192.168.5.5 #(Local dovecot server)
> imapc_master_user= %u
> imapc_password=TempPass
> #imapc_user=test2 at example.com # Added for testing.
> namespace {
>   type = shared
>   separator = /
>   prefix = shared/%%u/
>   list = children
>   location = imapc:~/shared/%%u/
> }
> namespace { # used as a control to verify that shared mailboxes work
>   type = shared
>   separator = /
>   prefix = shared2/%%u/
>   list = children
>   location = sdbox:%%h:INDEXPVT=~/shared2/%%u
> }
>
>
> dict {
>   acl = mysql:/etc/dovecot/dovecot-sql_aggelos_shares.conf.ext
> }
>
> plugin {
>   acl = vfile
>   acl_shared_dict = proxy::acl
> }
>
> mail_plugins = acl
>
> protocol imap {
>   mail_plugins = acl imap_acl
> }
>
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
>
>
> passdb { # for master user logins
>   driver = sql
>   args = /etc/dovecot/dovecot-sql_aggelos_aclmaster.conf.ext
>   master = yes
>   pass = yes
> }
>
> userdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
>
>
>
>
>
> I can login using test2 at example.com*test at example.com (and see all of 
> test2's email), and it looks like it authenticates ok via imap, but 
> shared never shows up.  No issues using shared2 which uses direct 
> access to the mailbox
>
>
> doveadm acl debug -u test at example.com shared/test2 at example.com (Fails, 
> uses imapc)
>
> doveadm(test at example.com): Info: Mailbox 'INBOX' is in namespace 
> 'shared/test2 at example.com/'
> doveadm(test at example.com): Info: Mailbox path: 
> /misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.INBOX
> doveadm(test at example.com): Info: All message flags are shared across 
> users in mailbox
> doveadm(test at example.com): Info: User test at example.com has no rights 
> for mailbox
> doveadm(test at example.com): Error: User test at example.com is missing 
> 'lookup' right
> doveadm(test at example.com): Info: Mailbox shared/test2 at example.com is 
> NOT visible in LIST
>
>
>
> doveadm acl debug -u test at example.com shared/test2 at example.com/Junk 
> (Fails, contains a folder that exists)
> doveadm(test at example.com): Info: Mailbox 'Junk' is in namespace 
> 'shared/test2 at example.com/'
> doveadm(test at example.com): Info: Mailbox path: 
> /misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.Junk
> doveadm(test at example.com): Info: All message flags are shared across 
> users in mailbox
> doveadm(test at example.com): Info: User test at example.com has no rights 
> for mailbox
> doveadm(test at example.com): Error: User test at example.com is missing 
> 'lookup' right
> doveadm(test at example.com): Info: Mailbox shared/test2 at example.com/Junk 
> is NOT visible in LIST
>
>
> doveadm acl debug -u test at example.com shared/test2 at example.com/z 
> (Fails,  contains a folder that does not exist.  Expected result)
>
> doveadm(test at example.com): Error: Mailbox 'z' in namespace 
> 'shared/test2 at example.com/' doesn't exist in 
> /misc/1/2/mail/test at example.com-4/shared/test2 at example.com/.z
>
>
>
> doveadm acl debug -u test at example.com shared2/test2 at example.com 
> (Works, using direct storage)
>
> doveadm(test at example.com): Info: Mailbox 'INBOX' is in namespace 
> 'shared2/test2 at example.com/'
> doveadm(test at example.com): Info: Mailbox path: 
> /misc/1/2/mail/test2 at example.com-87/mailboxes/INBOX/dbox-Mails
> doveadm(test at example.com): Info: Per-user private flags in mailbox: \Seen
> doveadm(test at example.com): Info: User test at example.com has rights: 
> lookup read write-seen
> doveadm(test at example.com): Info: Mailbox found from dovecot-acl-list
> doveadm(test at example.com): Info: User test2 at example.com found from ACL 
> shared dict
> doveadm(test at example.com): Info: Mailbox shared2/test2 at example.com is 
> visible in LIST
>
>
>
> It feels like the acl information in the vfiles is not available when 
> using imapc.
>
>
>
> Our setup is as follows: (Currently does not use Dovecot Director, but 
> has the same issues where shared mailboxes may not be local on the 
> server)
> * Front servers, that are running dovecot (proxy to backend servers)
> * Backend Servers, each handle their own local users.
>
>
> Thank you
>

Adding to this, Is it possible to set the location for the VFile's when 
using imapc?  If so, I believe that would allow this to work. (Available 
over NFS [later GFS2] on remote servers,  Technically we could also use 
the storage directly but I was concerned about 2 dovecot processes on 
different servers using the same sdbox storage location).


-- 
Nathan Coulson
System Administrator for Bravenet
www.bravenet.com
nathan at bravenet.com

More information about the dovecot mailing list