ACLs, shared, public, virtual mailboxes not working
David Mehler
dave.mehler at gmail.com
Thu Feb 15 10:40:51 EET 2018
Hello,
I'm running Dovecot 2.2.3, and am having issues with my public
folders, shared folders, and virtual/ALl folders apparently ACLs are
on that list as well.
I was debugging an unrelated problem with my smtp server and got the
following dovecot debug log output. Below is also a doveconf -n output
as well as my shared-folder definition file and my global-acls file.
What I'm trying to accomplish is:
1. Have a public folder that any user on the system can put messages
into and respond to.
2. Have a shared folder in which user1 at example.com and
user1 at example2.com can exchange messages.
3. For each user on the system give them a Virtual/All folder for *all
of their messages.
I'd appreciate any help. As an aside if anyone sees an issue with my
SSL ciphers list i'd appreciate knowing that as well, in brief I'm
trying to get the most secure list, pfs, and not worrying about
backware compatibility. If it's not TLS 1.2 I don't touch it.
Thanks.
Dave.
Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
/usr/local/lib/dovecot/lib01_acl_plugin.so
Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
/usr/local/lib/dovecot/lib02_imap_acl_plugin.so
Feb 12 08:48:40 imap(user at example.com): Debug: Effective uid=999,
gid=999, home=/home/vmail/example.com/user
Feb 12 08:48:40 imap(user at example.com): Debug: Namespace inbox:
type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
Feb 12 08:48:40 imap(user at example.com): Debug: fs:
root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
inbox=/home/vmail/example.com/user/mail, alt=
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
user at example.com
Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes
location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
Feb 12 08:48:40 imap(user at example.com): Debug: fs:
root=/home/vmail/public,
index=/home/vmail/example.com/user/mail/public,
indexpvt=/home/vmail/example.com/user/mail/public,
control=/home/vmail/example.com/user/mail/public, inbox=, alt=
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
user at example.com
Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
Feb 12 08:48:40 imap(user at example.com): Debug: shared:
root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
user at example.com
Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
Feb 12 08:48:40 imap(user at example.com): Debug: fs:
root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
inbox=, alt=
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
backend with data:
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
user at example.com
Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
file: /usr/local/etc/dovecot/global-acls
Feb 12 08:48:40 imap(user at example.com): Debug: quota: quota_over_flag
check: quota_over_script unset - skipping
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Spam/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Trash/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Sent/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Archives/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/logcheck/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/public/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
'public/TestFolder' matches global ACL pattern 'public/TestFolder'
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl not
found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/virtual/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/.Junk/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/ham/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/fail2ban/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/.Sent/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/.Trash/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Maildir/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Maildir/public/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl
not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Deleted Items/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Archive/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/home/vmail/example.com/user/mail/Junk/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
'public/TestFolder' matches global ACL pattern 'public/TestFolder'
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
/home/vmail/public/TestFolder/dovecot-acl
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
/home/vmail/public/TestFolder1/dovecot-acl
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
/home/vmail/public/dovecot-acl
Feb 12 08:48:40 imap(user at example.com): Debug: acl: No lookup right to
mailbox: public/TestFolder1
Feb 12 08:48:40 imap(user at example.com): Debug: Namespace shared/:
Using permissions from : mode=0700 gid=default
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/usr/local/etc/dovecot/virtual/dovecot-acl not found
Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
/usr/local/etc/dovecot/virtual/All/dovecot-acl not found
doveconf -n
# 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: FreeBSD 11.1-RELEASE-p4 amd64
auth_default_realm = example.com
auth_mechanisms = plain login
auth_realms = example.com example2.com
dict {
acl = mysql:/usr/local/etc/dovecot/shared-folders.conf
sqlquota = mysql:/usr/local/etc/dovecot/quota.conf
}
first_valid_gid = 999
first_valid_uid = 999
hostname = mail.example.com
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
last_valid_gid = 999
last_valid_uid = 999
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = 127.0.0.1 xxx.xxx.xxx.xxx
lmtp_rcpt_check_quota = yes
mail_access_groups = vmail
mail_fsync = never
mail_gid = vmail
mail_home = /home/vmail/%d/%n
mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
mail_plugins = acl mail_log notify quota quota_clone trash virtual welcome zlib
mail_server_admin = mailto:postmaster at example.com
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
namespace {
hidden = no
list = yes
location = maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
mailbox TestFolder {
auto = subscribe
comment = Public Folder for message sharing
}
prefix = public/
separator = /
subscriptions = yes
type = public
}
namespace {
list = yes
location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace {
location = virtual:/usr/local/etc/dovecot/virtual
mailbox All {
auto = subscribe
comment = All my messages
special_use = \All
}
prefix = virtual/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = no
special_use = \Archive
}
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox "Deleted Messages" {
auto = no
autoexpunge = 30 days
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox "Junk E-mail" {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Items" {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
mailbox Trash {
auto = subscribe
autoexpunge = 30 days
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
acl_anyone = allow
acl_shared_dict = proxy::acl
imapsieve_mailbox1_before =
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
quota = count:User quota
quota_clone_dict = proxy::sqlquota
quota_exceeded_message = Storage quota for this account has been
exceeded, please try again later.
quota_grace = 10%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_vsizes = true
quota_warning = storage=100%% quota-exceeded 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
quota_warning5 = storage=75%% quota-warning 75 %u
sieve = ~/.dovecot.sieve
sieve_before = /home/vmail/sieve/before.d
sieve_default = /home/vmail/sieve/default.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /home/vmail/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
sieve_max_redirects = 30
sieve_max_script_size = 1M
sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_user_log = /home/vmail/sieve/sieve_error.log
trash = /usr/local/etc/dovecot/trash.conf
welcome_script = welcome %u
welcome_wait = yes
}
postmaster_address = postmaster at example.com
protocols = imap lmtp sieve
sendmail_path = /usr/local/sbin/sendmail
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
inet_listener imap {
address = 127.0.0.1
port = 143
}
inet_listener imaps {
address = xxx.xxx.xxx.xxx
port = 993
ssl = yes
}
}
service imap {
executable = imap
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/dovecot-quota {
group = postfix
mode = 0660
user = postfix
}
}
service quota-warning {
executable = script /usr/local/etc/dovecot/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service welcome {
executable = script /usr/local/etc/dovecot/welcome.sh
unix_listener welcome {
user = vmail
}
user = vmail
}
ssl = required
ssl_cert = </usr/local/etc/ssl/acme/example.com/fullchain.pem
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 at STRENGTH
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome zlib quota sieve
}
protocol lda {
mail_fsync = optimized
mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome zlib sieve
}
protocol imap {
mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome zlib imap_acl imap_quota imap_sieve imap_zlib last_login
}
shared-folders.conf
connect = DatabaseConnectionParameters
# For shared mailboxes
map {
pattern = shared/shared-boxes/user/$to/$from
table = user_shares
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
# To share mailbox to anyone uncomment acl_anyone=allow in
# 90-acl.conf
map {
pattern = shared/shared-boxes/anyone/$from
table = anyone_shares
value_field = dummy
fields {
from_user = $from
}
}
global-acls
public/TestFolder user=user lrwstipekxa
More information about the dovecot
mailing list