several misc questions, public folders and sharing, quota, ssl
Aki Tuomi
aki.tuomi at dovecot.fi
Sat Apr 15 00:11:33 EEST 2017
Can you try turning mail_debug=yes and posting logs?
Also if possible, can you try telnetting to the server and issuing
a LOGIN username password
a SELECT public/TestFolder1
with debug turned on?
ACL plugin is needed *iff* you want to *restrict* access.
Aki
> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hi Aki,
>
> Thanks for your reply. Sorry, hit the reply to and not the reply to all option.
>
> So, even when a folder is a public folder I'm still needing to use the
> acl plugin?
>
>
> The public/TestFolder is showing up, the public/TestFolder1 is not.
>
> Thanks.
> Dave.
>
>
> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> > Please keep responses on the list. Thank you. =)
> >
> > Without ACL plugin there is no way to restrict access, it's free for all.
> >
> > my site is a very tiny few user site, but ...
> >
> > auth_mechanisms = login plain
> > mail_attribute_dict = file:%h/Mail/dovecot-attributes
> > mail_location = sdbox:~/Mail
> > mail_plugins = stats quota fts fts_lucene
> > namespace inbox {
> > inbox = yes
> > list = yes
> > location =
> > mailbox Drafts {
> > special_use = \Drafts
> > }
> > mailbox Sent {
> > special_use = \Sent
> > }
> > mailbox "Sent Messages" {
> > special_use = \Sent
> > }
> > mailbox Spam {
> > auto = subscribe
> > special_use = \Junk
> > }
> > mailbox Trash {
> > special_use = \Trash
> > }
> > prefix =
> > separator = .
> > subscriptions = yes
> > type = private
> > }
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf.ext
> > driver = sql
> > }
> > plugin {
> > fts = lucene
> > fts_lucene = whitespace_chars=@.
> > imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
> > imapsieve_mailbox1_causes = COPY
> > imapsieve_mailbox1_name = Spam
> > imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
> > imapsieve_mailbox2_causes = COPY
> > imapsieve_mailbox2_from = Spam
> > imapsieve_mailbox2_name = *
> > quota = count:User quota
> > quota_vsizes = yes
> > recipient_delimiter = +
> > sieve = ~/.dovecot.sieve
> > sieve_dir = ~/sieve
> > sieve_extensions = +notify +imapflags
> > sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
> > sieve_plugins = sieve_imapsieve sieve_extprograms
> > stats_refresh = 30
> > }
> > protocols = imap lmtp
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > mode = 0666
> > }
> > user = $default_internal_user
> > }
> > service doveadm {
> > inet_listener http {
> > address = 127.0.0.1
> > port = 38080
> > }
> > }
> > service imap-login {
> > inet_listener imap {
> > port = 143
> > }
> > inet_listener imaps {
> > port = 993
> > ssl = yes
> > }
> > }
> > service lmtp {
> > inet_listener lmtp {
> > address = 127.0.0.1
> > port = 8025
> > }
> > }
> > service stats {
> > fifo_listener stats-mail {
> > mode = 0666
> > }
> > }
> > ssl = required
> > ssl_cert = #
> > ssl_cipher_list =
> > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA
> > ssl_dh_parameters_length = 4096
> > ssl_key = #
> > ssl_prefer_server_ciphers = yes
> > ssl_protocols = !SSLv2 !SSLv3
> > submission_host = 127.0.0.1:25
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf.ext
> > driver = sql
> > }
> > protocol imap {
> > mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve
> > }
> > protocol lmtp {
> > mail_plugins = stats quota fts fts_lucene sieve
> > }
> > protocol lda {
> > mail_plugins = stats quota fts fts_lucene sieve
> > }
> >
> > Aki
> >
> >> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote:
> >>
> >>
> >> Hello Aki,
> >>
> >> Thank you for your reply.
> >>
> >> I've implemented your changes and thanks for the @STRENGTH reminder, I
> >> had forgotten about that one.
> >>
> >> I'll check out the acl plugin. Is it required when sharing a public
> >> folder or are public folders usable by all? I know it is for shared
> >> folders.
> >>
> >> The TestFolder1 is still not showing up in public not sure why
> >> everything looks good.
> >>
> >> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports
> >> along the way.
> >>
> >> I was wondering if I could take a look at your dovecot configuration
> >> files and a doveconf -n output?
> >>
> >> Thanks.
> >> Dave.
> >>
> >>
> >> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >> >
> >> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com>
> >> >> wrote:
> >> >>
> >> >>
> >> >> Hello,
> >> >>
> >> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
> >> >> optimize how the system is running and have a few misc questions.
> >> >>
> >> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
> >> >> ensure these cipherlist is appropriate:
> >> >>
> >> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
> >> >>
> >> >
> >> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
> >> >
> >> >> Next, a new feature that I'm trying for is virtual folders that store
> >> >> All messages. My understanding of this is that it stores a version of
> >> >> every received message in one place? I've got the virtual plugin
> >> >> loaded and have:
> >> >>
> >> >> mailbox virtual/All {
> >> >> comment = All my messages
> >> >> special_use = \All
> >> >> }
> >> >>
> >> >> I've got a directory /home/vmail/example.com/username/virtual under
> >> >> which is an ALL folder both directories are accessible to the vmail
> >> >> user, yet there's no contents in this folder and it's showing up
> >> >> nowhere.
> >> >>
> >> >
> >> > Configuring virtual all folder:
> >> >
> >> > namespace {
> >> > prefix = virtual
> >> > location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual
> >> > comment = All my messages
> >> > special_use = \All
> >> > mailbox All {
> >> > auto = subscribe
> >> > }
> >> > }
> >> >
> >> > ==== /etc/dovecot/virtual/All/dovecot-virtual ====
> >> > *
> >> > all
> >> > ==== EOF ===
> >> >
> >> >> Next, quota warnings, are not being sent at all. I set up a testuser
> >> >> with a quota of 2 mb, then sent a message to that user getting the box
> >> >> to 95% full, and no message. Took the user overquota with the next
> >> >> message, still nothing, and a third message did trigger my custom
> >> >> quota exceeded message and the message was bounced.
> >> >>
> >> >
> >> > I would recommend you using
> >> >
> >> > mail_plugins = $mail_plugins quota quota_clone
> >> >
> >> > plugin {
> >> > quota = count:User quota
> >> > quota_clone_dict = proxy::sqlquota
> >> > quota_vsizes = true
> >> > }
> >> >
> >> > Also,
> >> >
> >> > "Note that the warning is ONLY executed at the exact time when the limit
> >> > is
> >> > being crossed, so when you're testing it you have to do it by crossing
> >> > the
> >> > limit by saving a new mail. If something else besides Dovecot updates
> >> > quota
> >> > so that the limit is crossed, the warning is never executed."
> >> >
> >> >> I'm wanting to implement public folders. My mailboxes are all
> >> >> virtual, and they are stored under /home/vmail/example.com/username
> >> >> and /home/vmail/example.org/username in the maildir format. I've got
> >> >> one user uid and gid of 999 name of vmail who owns all the mailboxes.
> >> >> I've separated out public folders storing them under
> >> >> /home/vmail/public. I've created one mailbox called TestFolder and
> >> >> new, cur, and tmp directories under it. This is what it looks like:
> >> >
> >> > <snip />
> >> >
> >> >> The public/TestFolder is showing up fine and I can switch to it. The
> >> >> public/TestFolder1 is not showing up at all so I'm not seeing it and
> >> >> can't switch to it. Any ideas?
> >> >>
> >> >
> >> > Not sure why it's not showing up, *but*, you could add
> >> > :INDEXPVT=%h/public
> >> > to the folder, to keep per-user indexes separate.
> >> >
> >> >> My second question involves public folders and domain sharing. Are
> >> >> public folders accessible to all users and all domains? I've got two
> >> >> domains example.com and example.org i'd like to create a folder that
> >> >> some users in example.com can share with some users in example.org,
> >> >> not necessarily all users in those domains should be able to see the
> >> >> folders.
> >> >>
> >> >
> >> > Dovecot does not, as per such, care about your domains. It cares about
> >> > user
> >> > names. If you want to do this kind of thing, please consult ACL plugin.
> >> > https://wiki2.dovecot.org/ACL
> >> >
> >> >> Ideas welcome.
> >> >>
> >> >> Thanks.
> >> >> Dave.
> >> >>
> >> >
> >> > Some other comments, if you are using SSL, you can drop cram-md5 as
> >> > auth
> >> > mech, it's not storage-safe.
> >> >
> >> > you should use mail_location = maildir:~/maildir:LAYOUT=fs
> >> >
> >> > to avoid your other things in user's home being interprepted as mail
> >> > directories.
> >> >
> >> > why are you setting these?
> >> > maildir_broken_filename_sizes = yes
> >> > maildir_empty_new = yes
> >> > maildir_very_dirty_syncs = yes
> >> >
> >> > and in general I see lots of overconfiguring, dovecot defaults are
> >> > usually
> >> > right, and setting various things just for the fun of it, can cause
> >> > problems.
> >> >
> >> > Aki
> >> >
> >
More information about the dovecot
mailing list