several misc questions, public folders and sharing, quota, ssl
David Mehler
dave.mehler at gmail.com
Fri Apr 14 23:53:35 EEST 2017
Hi Aki,
Thanks for your reply. Sorry, hit the reply to and not the reply to all option.
So, even when a folder is a public folder I'm still needing to use the
acl plugin?
The public/TestFolder is showing up, the public/TestFolder1 is not.
Thanks.
Dave.
On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> Please keep responses on the list. Thank you. =)
>
> Without ACL plugin there is no way to restrict access, it's free for all.
>
> my site is a very tiny few user site, but ...
>
> auth_mechanisms = login plain
> mail_attribute_dict = file:%h/Mail/dovecot-attributes
> mail_location = sdbox:~/Mail
> mail_plugins = stats quota fts fts_lucene
> namespace inbox {
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> separator = .
> subscriptions = yes
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> plugin {
> fts = lucene
> fts_lucene = whitespace_chars=@.
> imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
> imapsieve_mailbox1_causes = COPY
> imapsieve_mailbox1_name = Spam
> imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Spam
> imapsieve_mailbox2_name = *
> quota = count:User quota
> quota_vsizes = yes
> recipient_delimiter = +
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> sieve_extensions = +notify +imapflags
> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
> sieve_plugins = sieve_imapsieve sieve_extprograms
> stats_refresh = 30
> }
> protocols = imap lmtp
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
> user = $default_internal_user
> }
> service doveadm {
> inet_listener http {
> address = 127.0.0.1
> port = 38080
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service lmtp {
> inet_listener lmtp {
> address = 127.0.0.1
> port = 8025
> }
> }
> service stats {
> fifo_listener stats-mail {
> mode = 0666
> }
> }
> ssl = required
> ssl_cert = #
> ssl_cipher_list =
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
> ssl_dh_parameters_length = 4096
> ssl_key = #
> ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3
> submission_host = 127.0.0.1:25
> userdb {
> args = /etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> protocol imap {
> mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
> }
> protocol lmtp {
> mail_plugins = stats quota fts fts_lucene sieve
> }
> protocol lda {
> mail_plugins = stats quota fts fts_lucene sieve
> }
>
> Aki
>
>> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote:
>>
>>
>> Hello Aki,
>>
>> Thank you for your reply.
>>
>> I've implemented your changes and thanks for the @STRENGTH reminder, I
>> had forgotten about that one.
>>
>> I'll check out the acl plugin. Is it required when sharing a public
>> folder or are public folders usable by all? I know it is for shared
>> folders.
>>
>> The TestFolder1 is still not showing up in public not sure why
>> everything looks good.
>>
>> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports
>> along the way.
>>
>> I was wondering if I could take a look at your dovecot configuration
>> files and a doveconf -n output?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> >
>> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com>
>> >> wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
>> >> optimize how the system is running and have a few misc questions.
>> >>
>> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
>> >> ensure these cipherlist is appropriate:
>> >>
>> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
>> >>
>> >
>> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
>> >
>> >> Next, a new feature that I'm trying for is virtual folders that store
>> >> All messages. My understanding of this is that it stores a version of
>> >> every received message in one place? I've got the virtual plugin
>> >> loaded and have:
>> >>
>> >> mailbox virtual/All {
>> >> comment = All my messages
>> >> special_use = \All
>> >> }
>> >>
>> >> I've got a directory /home/vmail/example.com/username/virtual under
>> >> which is an ALL folder both directories are accessible to the vmail
>> >> user, yet there's no contents in this folder and it's showing up
>> >> nowhere.
>> >>
>> >
>> > Configuring virtual all folder:
>> >
>> > namespace {
>> > prefix = virtual
>> > location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
>> > comment = All my messages
>> > special_use = \All
>> > mailbox All {
>> > auto = subscribe
>> > }
>> > }
>> >
>> > ==== /etc/dovecot/virtual/All/dovecot-virtual ====
>> > *
>> > all
>> > ==== EOF ===
>> >
>> >> Next, quota warnings, are not being sent at all. I set up a testuser
>> >> with a quota of 2 mb, then sent a message to that user getting the box
>> >> to 95% full, and no message. Took the user overquota with the next
>> >> message, still nothing, and a third message did trigger my custom
>> >> quota exceeded message and the message was bounced.
>> >>
>> >
>> > I would recommend you using
>> >
>> > mail_plugins = $mail_plugins quota quota_clone
>> >
>> > plugin {
>> > quota = count:User quota
>> > quota_clone_dict = proxy::sqlquota
>> > quota_vsizes = true
>> > }
>> >
>> > Also,
>> >
>> > "Note that the warning is ONLY executed at the exact time when the limit
>> > is
>> > being crossed, so when you're testing it you have to do it by crossing
>> > the
>> > limit by saving a new mail. If something else besides Dovecot updates
>> > quota
>> > so that the limit is crossed, the warning is never executed."
>> >
>> >> I'm wanting to implement public folders. My mailboxes are all
>> >> virtual, and they are stored under /home/vmail/example.com/username
>> >> and /home/vmail/example.org/username in the maildir format. I've got
>> >> one user uid and gid of 999 name of vmail who owns all the mailboxes.
>> >> I've separated out public folders storing them under
>> >> /home/vmail/public. I've created one mailbox called TestFolder and
>> >> new, cur, and tmp directories under it. This is what it looks like:
>> >
>> > <snip />
>> >
>> >> The public/TestFolder is showing up fine and I can switch to it. The
>> >> public/TestFolder1 is not showing up at all so I'm not seeing it and
>> >> can't switch to it. Any ideas?
>> >>
>> >
>> > Not sure why it's not showing up, *but*, you could add
>> > :INDEXPVT=%h/public
>> > to the folder, to keep per-user indexes separate.
>> >
>> >> My second question involves public folders and domain sharing. Are
>> >> public folders accessible to all users and all domains? I've got two
>> >> domains example.com and example.org i'd like to create a folder that
>> >> some users in example.com can share with some users in example.org,
>> >> not necessarily all users in those domains should be able to see the
>> >> folders.
>> >>
>> >
>> > Dovecot does not, as per such, care about your domains. It cares about
>> > user
>> > names. If you want to do this kind of thing, please consult ACL plugin.
>> > https://wiki2.dovecot.org/ACL
>> >
>> >> Ideas welcome.
>> >>
>> >> Thanks.
>> >> Dave.
>> >>
>> >
>> > Some other comments, if you are using SSL, you can drop cram-md5 as
>> > auth
>> > mech, it's not storage-safe.
>> >
>> > you should use mail_location = maildir:~/maildir:LAYOUT=fs
>> >
>> > to avoid your other things in user's home being interprepted as mail
>> > directories.
>> >
>> > why are you setting these?
>> > maildir_broken_filename_sizes = yes
>> > maildir_empty_new = yes
>> > maildir_very_dirty_syncs = yes
>> >
>> > and in general I see lots of overconfiguring, dovecot defaults are
>> > usually
>> > right, and setting various things just for the fun of it, can cause
>> > problems.
>> >
>> > Aki
>> >
>
More information about the dovecot
mailing list