Shared mailbox visible but not readable

Kees van Vloten keesvanvloten at gmail.com
Thu Feb 17 17:34:09 UTC 2022


After the previous thread, I am now able to see / list the structure of 
a shared mailbox but cannot see the messages.

doveadm acl get -u test2 INBOX
ID         Global Rights
user=test1        admin create delete expunge insert lookup post read 
write write-deleted write-seen


dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.2 ext4
# Hostname: server.example.com
auth_debug = yes
auth_default_realm = EXAMPLE.COM
auth_gssapi_hostname = server.example.com
auth_krb5_keytab = /etc/keytab/dovecot.keytab
auth_master_user_separator = *
auth_mechanisms = gssapi gss-spnego plain
auth_realms = EXAMPLE.COM
auth_verbose = yes
first_valid_gid = 986
first_valid_uid = 990
hostname = server.example.com
imap_client_workarounds = tb-extra-mailbox-sep
imap_max_line_length = 2 M
login_greeting = Dovecot ready.
mail_debug = yes
mail_gid = 986
mail_location = 
maildir:/srv/mail/vmail/example.com/%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEX=/srv/mail/vmail/example.com/%n/index:CONTROL=/srv/mail/vmail/example.com/%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%n/volatile
mail_plugins = zlib notify push_notification listescape acl
mail_shared_explicit_inbox = yes
mail_uid = 990
namespace {
   hidden = no
   list = children
   location = 
maildir:/srv/mail/vmail/example.com/%%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEXPVT=/srv/mail/vmail/example.com/%n/index_shared/%%u:CONTROL=/srv/mail/vmail/example.com/%%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%%n/volatile
   prefix = shared~%%n~
   separator = ~
   subscriptions = no
   type = shared
}
namespace inbox {
   hidden = no
   inbox = yes
   list = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Inbox {
     auto = subscribe
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
   separator = ~
   subscriptions = yes
   type = private
}
passdb {
   args = username_format=%u /etc/dovecot/master-users
   driver = passwd-file
   master = yes
}
passdb {
   args = /etc/dovecot/ldap_user_to_principal.conf.ext
   driver = ldap
   pass = yes
}
passdb {
   args = nopassword=y allow_nets=127.0.0.1/32
   driver = static
}
passdb {
   driver = pam
}
plugin {
   acl = vfile
   acl_defaults_from_inbox = yes
   acl_shared_dict = file:/srv/mail/dovecot/lib/shared-mailboxes.db
   acl_user = %n
   autocreate = Trash
   autocreate2 = Drafts
   autocreate3 = Sent
   autosubscribe = Trash
   autosubscribe2 = Drafts
   autosubscribe3 = Sent
}
protocols = " imap lmtp submission"
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap-login {
   inet_listener imap {
     port = 0
   }
   inet_listener imap_local {
     address = 127.0.0.1
     port = 144
     ssl = no
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   process_min_avail = 1
}
service indexer-worker {
   vsz_limit = 2 G
}
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
service submission-login {
   inet_listener submission {
     port = 465
     ssl = yes
   }
}
ssl = required
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
ssl_client_ca_dir = /etc/ssl/certs
ssl_curve_list = X25519:secp521r1:secp384r1:prime256v1
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
submission_client_workarounds = whitespace-before-path
submission_relay_host = localhost
userdb {
   args = /etc/dovecot/ldap_user_domain.conf.ext
   driver = ldap
   result_success = continue
}
userdb {
   args = uid=vmail gid=vmail home=/srv/mail/vmail allow_all_users=yes
   driver = static
}
protocol lmtp {
   mail_plugins = zlib notify push_notification listescape acl
}
protocol lda {
   mail_plugins = zlib notify push_notification listescape acl
}
protocol imap {
   mail_max_userip_connections = 50
   mail_plugins = zlib notify push_notification listescape acl imap_acl
}


Server-side logging:
Feb 17 18:19:46 server dovecot: auth: Debug: client in: 
AUTH#0111#011PLAIN#011service=imap#011secured#011session=wnsM+TnYeNt/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=144#011rport=56184#011resp=<hidden>
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing passdb 
lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): pass search: 
base=OU=User Accounts,OU=Interactive 
Users,OU=Groupware,DC=example,DC=com scope=subtree 
filter=(&(objectClass=user)(sAMAccountName=test1)(memberOf:1.2.840.113556.1.4.1941:=CN=mail_user-example.com,OU=Mail 
Domains,OU=Groups,DC=example,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) 
fields=userPrincipalName
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): result: 
userPrincipalName=test1 at example.com; userPrincipalName unused
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): username changed 
test1 at example.com -> test1
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): allow_nets: Matching for 
network 127.0.0.1/32
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
auth(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Auth request finished
Feb 17 18:19:46 server dovecot: auth: Debug: client passdb out: 
OK#0111#011user=test1#011k5principals=test1 at example.com
Feb 17 18:19:46 server dovecot: auth: Debug: master in: 
REQUEST#011674496513#011982757#0111#011bdc4ed95a66c86ed9e287682de2cc297#011session_pid=982760#011request_auth_token
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): user search: base=OU=User 
Accounts,OU=Interactive Users,OU=Groupware,DC=example,DC=com 
scope=subtree 
filter=(&(objectClass=user)(sAMAccountName=test1)(memberOf:1.2.840.113556.1.4.1941:=CN=mail_user-,OU=Mail 
Domains,OU=Groups,DC=example,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) 
fields=
Feb 17 18:19:46 server dovecot: auth: Debug: auth client connected 
(pid=982759)
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): no fields returned by the server
Feb 17 18:19:46 server dovecot: auth: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): unknown user
Feb 17 18:19:46 server dovecot: auth: Debug: 
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: 
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: master userdb out: 
USER#011674496513#011test1#011uid=990#011gid=986#011home=/srv/mail/vmail#011auth_mech=PLAIN#011auth_token=7f5013248866ebfbfb636b8de817aad6ac5af767
Feb 17 18:19:46 server dovecot: imap-login: Login: user=<test1>, 
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=982760, secured, 
session=<wnsM+TnYeNt/AAAB>
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: Effective uid=990, gid=986, home=/srv/mail/vmail
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: Namespace inbox: type=private, prefix=, sep=~, inbox=yes, 
hidden=no, list=yes, subscriptions=yes 
location=maildir:/srv/mail/vmail/example.com/test1/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEX=/srv/mail/vmail/example.com/test1/index:CONTROL=/srv/mail/vmail/example.com/test1/control:VOLATILEDIR=/srv/mail/vmail/example.com/test1/volatile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: fs: root=/srv/mail/vmail/example.com/test1/store, 
index=/srv/mail/vmail/example.com/test1/index, indexpvt=, 
control=/srv/mail/vmail/example.com/test1/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: owner = 1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: Namespace : type=shared, prefix=shared~%n~, sep=~, inbox=no, 
hidden=no, list=children, subscriptions=no 
location=maildir:/srv/mail/vmail/example.com/%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEXPVT=/srv/mail/vmail/example.com/test1/index_shared/%u:CONTROL=/srv/mail/vmail/example.com/%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%n/volatile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: shared: root=/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: fts: Indexes disabled for namespace 'shared~%n~'
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: owner = 0
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: fs: root=/srv/mail/vmail/example.com/test2/INBOX/store, index=, 
indexpvt=/srv/mail/vmail/example.com/test1/index_shared/test2/INBOX, 
control=/srv/mail/vmail/example.com/test2/INBOX/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: acl username = test2/INBOX
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: owner = 1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: fs: root=/srv/mail/vmail/example.com/test2/INBOX/store, index=, 
indexpvt=/srv/mail/vmail/example.com/test1/index_shared/test2/INBOX, 
control=/srv/mail/vmail/example.com/test2/INBOX/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl: owner = 0
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: Mailbox shared~test2~INBOX: Mailbox opened because: SELECT
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Logged out in=245 out=1711 deleted=0 expunged=0 trashed=0 hdr_count=0 
hdr_bytes=0 body_count=0 body_bytes=0



Client-side logging:
S[0x55ae80a7bb00]: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID 
ENABLE IDLE LITERAL+ STARTTLS AUTH=GSSAPI AUTH=GSS-SPNEGO AUTH=PLAIN] 
Dovecot ready.
C[0x55ae808c12d0]: 1 login "test1" ""
S[0x55ae80a7bb00]: 1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID 
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS 
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH 
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE 
SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY 
SPECIAL-USE ACL RIGHTS=texk] Logged in
C[0x55ae808c12d0]: 2 capability
S[0x55ae80a7bb00]: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID 
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS 
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN 
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH 
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE 
SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY 
SPECIAL-USE ACL RIGHTS=texk
S[0x55ae80a7bb00]: 2 OK Capability completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 3 ID ("x-originating-ip" "192.168.10.106")
S[0x55ae80a7bb00]: * ID ("name" "Dovecot")
S[0x55ae80a7bb00]: 3 OK ID completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 4 namespace
S[0x55ae80a7bb00]: * NAMESPACE (("" "~")) (("shared~" "~")) NIL
S[0x55ae80a7bb00]: 4 OK Namespace completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 5 LIST "" ""
S[0x55ae80a7bb00]: * LIST (\Noselect) "~" ""
S[0x55ae80a7bb00]: 5 OK List completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 6 select "INBOX"
S[0x55ae80a7bb00]: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
S[0x55ae80a7bb00]: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted 
\Seen \Draft \*)] Flags permitted.
S[0x55ae80a7bb00]: * 1 EXISTS
S[0x55ae80a7bb00]: * 0 RECENT
S[0x55ae80a7bb00]: * OK [UIDVALIDITY 1637177527] UIDs valid
S[0x55ae80a7bb00]: * OK [UIDNEXT 2] Predicted next UID
S[0x55ae80a7bb00]: * OK [HIGHESTMODSEQ 10] Highest
S[0x55ae80a7bb00]: 6 OK [READ-WRITE] Select completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 7 UID SEARCH (UNSEEN NOT DELETED)
S[0x55ae80a7bb00]: * SEARCH
S[0x55ae80a7bb00]: 7 OK Search completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 8 select "shared~test2~INBOX"
S[0x55ae80a7bb00]: * OK [CLOSED] Previous mailbox closed.
S[0x55ae80a7bb00]: 8 NO [CANNOT] Invalid mailbox name 
'shared~test2~INBOX': Missing namespace prefix 'shared~test2/INBOX~' 
(0.001 + 0.001 secs).
C[0x55ae808c12d0]: 9 logout
S[0x55ae80a7bb00]: * BYE Logging out


This issue I am facing is this:
  8 NO [CANNOT] Invalid mailbox name 'shared~test2~INBOX': Missing 
namespace prefix 'shared~test2/INBOX~'

The server-side seems to think everything is fine:
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>: 
Debug: Mailbox shared~test2~INBOX: Mailbox opened because: SELECT


But I do not get to see any messages in test2's shared mailbox.
How to debug this?
Or better: how to fix it :-) ??

- Kees


More information about the dovecot mailing list