Doveadm sync: Can't create mailbox mail_public/public: Permission denied if synchronize all the available namespaces

vkosharskiy at gmail.com vkosharskiy at gmail.com
Sat Jun 9 11:10:04 EEST 2018


I have old dovecot server:
(# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.14.15-3.el7xen.x86_64 x86_64 CentOS Linux release 7.4.1708 
(Core)

and new dovecot server:
# 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.devel (61b47828)
# OS: Linux 4.14.47-5.el7xen.x86_64 x86_64 CentOS Linux release 7.5.1804 
(Core)

I try to sync old server with doveadm sync with parameter -N (Synchronize  all 
the available namespaces)

Sync successfull in log, but destination server in log have "Can't create 
mailbox mail_public/public: Permission denied."

Config dumps, logs in attaches.
-------------- next part --------------
# 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.devel (61b47828)
# OS: Linux 4.14.47-5.el7xen.x86_64 x86_64 CentOS Linux release 7.5.1804 (Core)  
auth_cache_negative_ttl = 0
auth_cache_size = 1 k
auth_cache_ttl = 30 mins
auth_cache_verify_password_with_worker = yes
auth_failure_delay = 10 secs
auth_mechanisms = plain cram-md5 digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_stats = yes
auth_worker_max_count = 20
disable_plaintext_auth = no
doveadm_password =  # hidden, use -P to show it
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
lmtp_rcpt_check_quota = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_attachment_dir = /srv/vmail/imap/attaches
mail_attachment_min_size = 64 k
mail_gid = 10000
mail_location = mdbox:~
mail_log_prefix = "%s(%u): "
mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual"
mail_temp_dir = /srv/vmail/imap/tmp
mail_uid = 10000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify
mbox_write_locks = fcntl
namespace {
  hidden = no
  inbox = no
  list = children
  location = mdbox:/srv/vmail/imap/domains/%%d/%%u:INDEXPVT=~/mail_shared/%%u
  prefix = mail_shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace {
  hidden = no
  inbox = no
  list = children
  location = mdbox:/srv/vmail/imap/domains/%d/_mail_public:INDEXPVT=~/mail_public
  prefix = mail_public/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    comment = Drafts
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    comment = Sent
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    comment = Spam
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    comment = Trash
    special_use = \Trash
  }
  mailbox VirusMail {
    auto = subscribe
    comment = VirusMail
    special_use = \Junk
  }
  mailbox virtual/All {
    special_use = \All
  }
  prefix = 
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap_pass.conf.ext
  driver = ldap
}
plugin {
  acl = vfile:/etc/dovecot/acl/global.acl:cache_secs=300
  acl_shared_dict = file:/srv/vmail/imap/domains/%d/shared-acl.db
  fts = lucene
  fts_autoindex = yes
  fts_autoindex_exclude = \Junk
  fts_autoindex_exclude2 = \Trash
  fts_lucene = mime_parts
  mail_crypt_save_version = 0
  quota = count:User quota
  quota_grace = 10%%
  quota_rule = *:storage=512M
  quota_rule2 = Trash:storage=+10%%
  quota_rule3 = Spam:storage=+10%%
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  quota_warning = storage=95%% quota-warning 95 %u %d
  quota_warning1 = storage=100%% quota-exceeded 100 %u %d
  quota_warning2 = -storage=100%% quota-warning below %u %d
  recipient_delimiter = +
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /srv/vmail/sieve/sieve.conf.d/after
  sieve_before = /srv/vmail/sieve/sieve.conf.d/before
  sieve_default = /srv/vmail/sieve/default.sieve
  sieve_extensions = +notify +imapflags +imap4flags
  sieve_global_dir = /srv/imap/sieve/global
  sieve_max_actions = 128
  sieve_max_redirects = 16
  sieve_max_script_size = 1M
  sieve_user_log = ~/.dovecot.sieve.log
}
protocols = imap lmtp pop3 sieve
service auth {
  unix_listener /var/spool/postfix-external/private/dovecot-auth {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = $default_internal_user
}
service dict {
  unix_listener dict {
    mode = 0777
  }
}
service doveadm {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = doveadm-server
  extra_groups = 
  group = 
  idle_kill = 0
  inet_listener {
    port = 41999
  }
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 1
  type = 
  unix_listener doveadm-server {
    group = 
    mode = 0600
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 0
  service_count = 1
}
service imap {
  process_limit = 1024
}
service lmtp {
  unix_listener /var/spool/postfix-internal/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 1
}
service managesieve {
  process_limit = 128
}
service old-stats {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = old-stats
  extra_groups = 
  fifo_listener old-stats-mail {
    group = 
    mode = 0600
    user = 
  }
  fifo_listener old-stats-user {
    group = 
    mode = 0600
    user = 
  }
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener old-stats {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service pop3 {
  process_limit = 1024
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 41900
  }
}
service quota-warning {
  executable = script /usr/libexec/dovecot/quota-warning.sh
  unix_listener quota-warning {
    user = mail
  }
  user = mail
}
ssl_ca = </etc/dovecot/ssl/dummy.pem
ssl_cert = </etc/dovecot/ssl/dummy.pem
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
submission_host = 127.0.0.1:25
userdb {
  args = /etc/dovecot/dovecot-ldap_user.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual quota sieve"
}
protocol lda {
  mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual quota sieve acl"
}
protocol imap {
  mail_max_userip_connections = 10
  mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual quota imap_quota imap_acl zlib imap_old_stats"
}
protocol sieve {
  mail_max_userip_connections = 5
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
}
protocol pop3 {
  mail_max_userip_connections = 10
  mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual"
}
protocol doveadm {
  mail_plugins = " acl zlib mail_log notify old_stats fts fts_lucene virtual quota acl fts fts_lucene"
}
local_name imap.example.com {
  ssl_ca = </etc/dovecot/ssl/CA_mail.pem
  ssl_cert = </etc/dovecot/ssl/mail.pem
  ssl_key =  # hidden, use -P to show it
}
-------------- next part --------------
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.14.15-3.el7xen.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core)  
auth_failure_delay = 10 secs
auth_mechanisms = plain cram-md5 digest-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_stats = yes
auth_worker_max_count = 20
disable_plaintext_auth = no
doveadm_password =  # hidden, use -P to show it
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = *
lmtp_rcpt_check_quota = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_attachment_dir = /srv/vmail/imap/attaches
mail_gid = 10000
mail_location = sdbox:~
mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual"
mail_temp_dir = /srv/vmail/imap/tmp
mail_uid = 10000
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify
mbox_write_locks = fcntl
namespace {
  hidden = no
  inbox = no
  list = children
  location = sdbox:/srv/vmail/imap/domains/%%d/%%u:INDEXPVT=~/mail_shared/%%u
  prefix = mail_shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace {
  hidden = no
  inbox = no
  list = children
  location = sdbox:/srv/vmail/imap/domains/%d/_mail_public:INDEXPVT=~/mail_public
  prefix = mail_public/
  separator = /
  subscriptions = no
  type = public
}
namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    comment = Drafts
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    comment = Sent
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    comment = Spam
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    comment = Trash
    special_use = \Trash
  }
  mailbox VirusMail {
    auto = subscribe
    comment = VirusMail
    special_use = \Junk
  }
  mailbox virtual/All {
    special_use = \All
  }
  prefix = 
  separator = /
  subscriptions = yes
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap_pass.conf.ext
  driver = ldap
}
plugin {
  acl = vfile:/etc/dovecot/acl/global.acl:cache_secs=300
  acl_shared_dict = file:/srv/vmail/imap/domains/%d/shared-acl.db
  fts = lucene
  fts_autoindex = yes
  fts_lucene = mime_parts
  mail_crypt_save_version = 0
  quota = count:User quota
  quota_grace = 10%%
  quota_rule = *:storage=512M
  quota_rule2 = Trash:storage=+10%%
  quota_rule3 = Spam:storage=+10%%
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  quota_warning = storage=95%% quota-warning 95 %u %d
  quota_warning1 = storage=100%% quota-exceeded 100 %u %d
  quota_warning2 = -storage=100%% quota-warning below %u %d
  recipient_delimiter = +
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_after = /srv/vmail/sieve/sieve.conf.d/after
  sieve_before = /srv/vmail/sieve/sieve.conf.d/before
  sieve_default = /srv/vmail/sieve/default.sieve
  sieve_extensions = +notify +imapflags +imap4flags
  sieve_global_dir = /srv/imap/sieve/global
  sieve_max_actions = 128
  sieve_max_redirects = 16
  sieve_max_script_size = 1M
  sieve_user_log = ~/.dovecot.sieve.log
}
protocols = imap lmtp pop3 sieve
service auth {
  unix_listener /var/spool/postfix-external/private/dovecot-auth {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = $default_internal_user
}
service dict {
  unix_listener dict {
    mode = 0777
  }
}
service doveadm {
  chroot = 
  client_limit = 1
  drop_priv_before_exec = no
  executable = doveadm-server
  extra_groups = 
  group = 
  idle_kill = 0
  privileged_group = 
  process_limit = 0
  process_min_avail = 0
  protocol = 
  service_count = 1
  type = 
  unix_listener doveadm-server {
    group = 
    mode = 0600
    user = 
  }
  user = 
  vsz_limit = 18446744073709551615 B
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 0
  service_count = 1
}
service imap {
  process_limit = 1024
}
service lmtp {
  unix_listener /var/spool/postfix-internal/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 1
}
service managesieve {
  process_limit = 128
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service pop3 {
  process_limit = 1024
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 41900
  }
}
service quota-warning {
  executable = script /usr/libexec/dovecot/quota-warning.sh
  unix_listener quota-warning {
    user = mail
  }
  user = mail
}
service stats {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = stats
  extra_groups = 
  fifo_listener stats-mail {
    group = 
    mode = 0600
    user = 
  }
  fifo_listener stats-user {
    group = 
    mode = 0600
    user = 
  }
  group = 
  idle_kill = 4294967295 secs
  privileged_group = 
  process_limit = 1
  process_min_avail = 0
  protocol = 
  service_count = 0
  type = 
  unix_listener stats {
    group = 
    mode = 0600
    user = 
  }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}
ssl_ca = </etc/dovecot/ssl/dummy.pem
ssl_cert = </etc/dovecot/ssl/dummy.pem
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
ssl_dh_parameters_length = 2048
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = TLSv1
submission_host = 127.0.0.1:25
userdb {
  args = /etc/dovecot/dovecot-ldap_user.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual quota sieve"
}
protocol lda {
  mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual quota sieve acl"
}
protocol imap {
  mail_max_userip_connections = 10
  mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual quota imap_quota imap_acl zlib imap_stats"
}
protocol sieve {
  mail_max_userip_connections = 5
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
}
protocol pop3 {
  mail_max_userip_connections = 10
  mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual"
}
protocol doveadm {
  mail_plugins = " acl zlib mail_log notify stats fts fts_lucene virtual expire quota acl fts fts_lucene"
}
local_name imap.example.com {
  ssl_ca = </etc/dovecot/ssl/CA_mail.pem
  ssl_cert = </etc/dovecot/ssl/mail.pem
  ssl_key =  # hidden, use -P to show it
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovesync-src_all_namespaes.log
Type: text/x-log
Size: 30036 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180609/6a02c393/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovesync-dst_all_namespaces.log
Type: text/x-log
Size: 22696 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180609/6a02c393/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part.
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180609/6a02c393/attachment-0001.sig>


More information about the dovecot mailing list