ACLs, shared, public, virtual mailboxes not working
David Mehler
dave.mehler at gmail.com
Thu Feb 15 18:11:14 EET 2018
Hello,
Thank you for your reply. Here's my acl files:
public/TestFolder dovecot-acl
anyone lr
user=user1 akxeilprwts
-user=user1
user=user2 lr
public/TestFolder1 dovecot-acl
user=user1 lr
user=user2 lr
public/dovecot-acl
user=user1 lr
user=user2 lr
and I have another dovecot-acl file in shared/office folder:
user=user1 at domain.com lrwstipekxa
user=user2 at domain.com lrwstipekxa
Thanks.
Dave.
On 2/15/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> Hi!
>
> It seems you are running 2.2.33.2 =)
>
> Also,
>
> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
> 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
> /home/vmail/public/TestFolder/dovecot-acl
> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
> /home/vmail/public/dovecot-acl
>
> it seems there are some folder specific ACLs, can you check these?
>
> Aki
>
> On 15.02.2018 10:40, David Mehler wrote:
>> Hello,
>>
>> I'm running Dovecot 2.2.3, and am having issues with my public
>> folders, shared folders, and virtual/ALl folders apparently ACLs are
>> on that list as well.
>>
>> I was debugging an unrelated problem with my smtp server and got the
>> following dovecot debug log output. Below is also a doveconf -n output
>> as well as my shared-folder definition file and my global-acls file.
>>
>> What I'm trying to accomplish is:
>>
>> 1. Have a public folder that any user on the system can put messages
>> into and respond to.
>> 2. Have a shared folder in which user1 at example.com and
>> user1 at example2.com can exchange messages.
>> 3. For each user on the system give them a Virtual/All folder for *all
>> of their messages.
>>
>> I'd appreciate any help. As an aside if anyone sees an issue with my
>> SSL ciphers list i'd appreciate knowing that as well, in brief I'm
>> trying to get the most secure list, pfs, and not worrying about
>> backware compatibility. If it's not TLS 1.2 I don't touch it.
>>
>> Thanks.
>> Dave.
>> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib01_acl_plugin.so
>> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
>> Feb 12 08:48:40 imap(user at example.com): Debug: Effective uid=999,
>> gid=999, home=/home/vmail/example.com/user
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace inbox:
>> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
>> inbox=/home/vmail/example.com/user/mail, alt=
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes
>> location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/home/vmail/public,
>> index=/home/vmail/example.com/user/mail/public,
>> indexpvt=/home/vmail/example.com/user/mail/public,
>> control=/home/vmail/example.com/user/mail/public, inbox=, alt=
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
>> Feb 12 08:48:40 imap(user at example.com): Debug: shared:
>> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
>> inbox=, alt=
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username =
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: quota: quota_over_flag
>> check: quota_over_script unset - skipping
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Spam/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Trash/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Sent/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Archives/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/logcheck/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/public/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl not
>> found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/virtual/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Junk/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/ham/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/fail2ban/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Sent/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Trash/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Maildir/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Maildir/public/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl
>> not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Deleted Items/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Archive/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Junk/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> 'public/TestFolder' matches global ACL pattern 'public/TestFolder'
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
>> /home/vmail/public/TestFolder/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
>> /home/vmail/public/TestFolder1/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
>> /home/vmail/public/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: No lookup right to
>> mailbox: public/TestFolder1
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace shared/:
>> Using permissions from : mode=0700 gid=default
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /usr/local/etc/dovecot/virtual/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /usr/local/etc/dovecot/virtual/All/dovecot-acl not found
>>
>> doveconf -n
>> # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.21 (92477967)
>> # OS: FreeBSD 11.1-RELEASE-p4 amd64
>> auth_default_realm = example.com
>> auth_mechanisms = plain login
>> auth_realms = example.com example2.com
>> dict {
>> acl = mysql:/usr/local/etc/dovecot/shared-folders.conf
>> sqlquota = mysql:/usr/local/etc/dovecot/quota.conf
>> }
>> first_valid_gid = 999
>> first_valid_uid = 999
>> hostname = mail.example.com
>> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
>> tb-lsub-flags
>> last_valid_gid = 999
>> last_valid_uid = 999
>> lda_mailbox_autocreate = yes
>> lda_mailbox_autosubscribe = yes
>> listen = 127.0.0.1 xxx.xxx.xxx.xxx
>> lmtp_rcpt_check_quota = yes
>> mail_access_groups = vmail
>> mail_fsync = never
>> mail_gid = vmail
>> mail_home = /home/vmail/%d/%n
>> mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> mail_plugins = acl mail_log notify quota quota_clone trash virtual welcome
>> zlib
>> mail_server_admin = mailto:postmaster at example.com
>> mail_uid = vmail
>> mailbox_list_index = yes
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
>> namespace {
>> hidden = no
>> list = yes
>> location =
>> maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> mailbox TestFolder {
>> auto = subscribe
>> comment = Public Folder for message sharing
>> }
>> prefix = public/
>> separator = /
>> subscriptions = yes
>> type = public
>> }
>> namespace {
>> list = yes
>> location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
>> prefix = shared/%%u/
>> separator = /
>> subscriptions = yes
>> type = shared
>> }
>> namespace {
>> location = virtual:/usr/local/etc/dovecot/virtual
>> mailbox All {
>> auto = subscribe
>> comment = All my messages
>> special_use = \All
>> }
>> prefix = virtual/
>> separator = /
>> }
>> namespace inbox {
>> inbox = yes
>> location =
>> mailbox Archive {
>> auto = no
>> special_use = \Archive
>> }
>> mailbox Archives {
>> auto = subscribe
>> special_use = \Archive
>> }
>> mailbox "Deleted Messages" {
>> auto = no
>> autoexpunge = 30 days
>> special_use = \Trash
>> }
>> mailbox Drafts {
>> auto = subscribe
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> auto = no
>> autoexpunge = 30 days
>> special_use = \Junk
>> }
>> mailbox "Junk E-mail" {
>> auto = no
>> autoexpunge = 30 days
>> special_use = \Junk
>> }
>> mailbox Sent {
>> auto = subscribe
>> special_use = \Sent
>> }
>> mailbox "Sent Items" {
>> auto = no
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> auto = no
>> special_use = \Sent
>> }
>> mailbox Spam {
>> auto = subscribe
>> autoexpunge = 30 days
>> special_use = \Junk
>> }
>> mailbox Trash {
>> auto = subscribe
>> autoexpunge = 30 days
>> special_use = \Trash
>> }
>> prefix =
>> separator = /
>> type = private
>> }
>> passdb {
>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>> driver = sql
>> }
>> plugin {
>> acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> acl_anyone = allow
>> acl_shared_dict = proxy::acl
>> imapsieve_mailbox1_before =
>> file:/usr/local/lib/dovecot/sieve/report-spam.sieve
>> imapsieve_mailbox1_causes = COPY
>> imapsieve_mailbox1_name = Spam
>> imapsieve_mailbox2_before =
>> file:/usr/local/lib/dovecot/sieve/report-ham.sieve
>> imapsieve_mailbox2_causes = COPY
>> imapsieve_mailbox2_from = Spam
>> imapsieve_mailbox2_name = *
>> mail_log_events = delete undelete expunge copy mailbox_delete
>> mailbox_rename
>> mail_log_fields = uid box msgid size
>> quota = count:User quota
>> quota_clone_dict = proxy::sqlquota
>> quota_exceeded_message = Storage quota for this account has been
>> exceeded, please try again later.
>> quota_grace = 10%%
>> quota_status_nouser = DUNNO
>> quota_status_overquota = 552 5.2.2 Mailbox is full
>> quota_status_success = DUNNO
>> quota_vsizes = true
>> quota_warning = storage=100%% quota-exceeded 100 %u
>> quota_warning2 = storage=95%% quota-warning 95 %u
>> quota_warning3 = storage=90%% quota-warning 90 %u
>> quota_warning4 = storage=85%% quota-warning 85 %u
>> quota_warning5 = storage=75%% quota-warning 75 %u
>> sieve = ~/.dovecot.sieve
>> sieve_before = /home/vmail/sieve/before.d
>> sieve_default = /home/vmail/sieve/default.sieve
>> sieve_dir = ~/sieve
>> sieve_extensions = +notify +imapflags
>> sieve_global_dir = /home/vmail/sieve
>> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>> sieve_max_redirects = 30
>> sieve_max_script_size = 1M
>> sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
>> sieve_plugins = sieve_imapsieve sieve_extprograms
>> sieve_user_log = /home/vmail/sieve/sieve_error.log
>> trash = /usr/local/etc/dovecot/trash.conf
>> welcome_script = welcome %u
>> welcome_wait = yes
>> }
>> postmaster_address = postmaster at example.com
>> protocols = imap lmtp sieve
>> sendmail_path = /usr/local/sbin/sendmail
>> service auth-worker {
>> user = $default_internal_user
>> }
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> unix_listener auth-userdb {
>> group = vmail
>> mode = 0666
>> user = vmail
>> }
>> }
>> service dict {
>> unix_listener dict {
>> group = vmail
>> mode = 0660
>> user = vmail
>> }
>> }
>> service imap-login {
>> inet_listener imap {
>> address = 127.0.0.1
>> port = 143
>> }
>> inet_listener imaps {
>> address = xxx.xxx.xxx.xxx
>> port = 993
>> ssl = yes
>> }
>> }
>> service imap {
>> executable = imap
>> }
>> service lmtp {
>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> }
>> service managesieve-login {
>> inet_listener sieve {
>> address = 127.0.0.1
>> port = 4190
>> }
>> }
>> service quota-status {
>> client_limit = 1
>> executable = quota-status -p postfix
>> unix_listener /var/spool/postfix/private/dovecot-quota {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> }
>> service quota-warning {
>> executable = script /usr/local/etc/dovecot/quota-warning.sh
>> unix_listener quota-warning {
>> group = vmail
>> mode = 0660
>> user = vmail
>> }
>> user = vmail
>> }
>> service welcome {
>> executable = script /usr/local/etc/dovecot/welcome.sh
>> unix_listener welcome {
>> user = vmail
>> }
>> user = vmail
>> }
>> ssl = required
>> ssl_cert = </usr/local/etc/ssl/acme/example.com/fullchain.pem
>> ssl_cipher_list =
>> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 at STRENGTH
>> ssl_dh_parameters_length = 2048
>> ssl_key = # hidden, use -P to show it
>> ssl_options = no_compression
>> ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>> userdb {
>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>> driver = sql
>> }
>> protocol lmtp {
>> mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib quota sieve
>> }
>> protocol lda {
>> mail_fsync = optimized
>> mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib sieve
>> }
>> protocol imap {
>> mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib imap_acl imap_quota imap_sieve imap_zlib last_login
>> }
>>
>> shared-folders.conf
>> connect = DatabaseConnectionParameters
>> # For shared mailboxes
>> map {
>> pattern = shared/shared-boxes/user/$to/$from
>> table = user_shares
>> value_field = dummy
>>
>> fields {
>> from_user = $from
>> to_user = $to
>> }
>> }
>>
>> # To share mailbox to anyone uncomment acl_anyone=allow in
>> # 90-acl.conf
>> map {
>> pattern = shared/shared-boxes/anyone/$from
>> table = anyone_shares
>> value_field = dummy
>>
>> fields {
>> from_user = $from
>> }
>> }
>>
>> global-acls
>> public/TestFolder user=user lrwstipekxa
>
>
More information about the dovecot
mailing list