Shared mailbox visible but not readable
Kees van Vloten
keesvanvloten at gmail.com
Thu Feb 17 17:34:09 UTC 2022
After the previous thread, I am now able to see / list the structure of
a shared mailbox but cannot see the messages.
doveadm acl get -u test2 INBOX
ID Global Rights
user=test1 admin create delete expunge insert lookup post read
write write-deleted write-seen
dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-10-amd64 x86_64 Debian 11.2 ext4
# Hostname: server.example.com
auth_debug = yes
auth_default_realm = EXAMPLE.COM
auth_gssapi_hostname = server.example.com
auth_krb5_keytab = /etc/keytab/dovecot.keytab
auth_master_user_separator = *
auth_mechanisms = gssapi gss-spnego plain
auth_realms = EXAMPLE.COM
auth_verbose = yes
first_valid_gid = 986
first_valid_uid = 990
hostname = server.example.com
imap_client_workarounds = tb-extra-mailbox-sep
imap_max_line_length = 2 M
login_greeting = Dovecot ready.
mail_debug = yes
mail_gid = 986
mail_location =
maildir:/srv/mail/vmail/example.com/%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEX=/srv/mail/vmail/example.com/%n/index:CONTROL=/srv/mail/vmail/example.com/%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%n/volatile
mail_plugins = zlib notify push_notification listescape acl
mail_shared_explicit_inbox = yes
mail_uid = 990
namespace {
hidden = no
list = children
location =
maildir:/srv/mail/vmail/example.com/%%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEXPVT=/srv/mail/vmail/example.com/%n/index_shared/%%u:CONTROL=/srv/mail/vmail/example.com/%%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%%n/volatile
prefix = shared~%%n~
separator = ~
subscriptions = no
type = shared
}
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Inbox {
auto = subscribe
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = ~
subscriptions = yes
type = private
}
passdb {
args = username_format=%u /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/ldap_user_to_principal.conf.ext
driver = ldap
pass = yes
}
passdb {
args = nopassword=y allow_nets=127.0.0.1/32
driver = static
}
passdb {
driver = pam
}
plugin {
acl = vfile
acl_defaults_from_inbox = yes
acl_shared_dict = file:/srv/mail/dovecot/lib/shared-mailboxes.db
acl_user = %n
autocreate = Trash
autocreate2 = Drafts
autocreate3 = Sent
autosubscribe = Trash
autosubscribe2 = Drafts
autosubscribe3 = Sent
}
protocols = " imap lmtp submission"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imap_local {
address = 127.0.0.1
port = 144
ssl = no
}
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 1
}
service indexer-worker {
vsz_limit = 2 G
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service submission-login {
inet_listener submission {
port = 465
ssl = yes
}
}
ssl = required
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
ssl_client_ca_dir = /etc/ssl/certs
ssl_curve_list = X25519:secp521r1:secp384r1:prime256v1
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
submission_client_workarounds = whitespace-before-path
submission_relay_host = localhost
userdb {
args = /etc/dovecot/ldap_user_domain.conf.ext
driver = ldap
result_success = continue
}
userdb {
args = uid=vmail gid=vmail home=/srv/mail/vmail allow_all_users=yes
driver = static
}
protocol lmtp {
mail_plugins = zlib notify push_notification listescape acl
}
protocol lda {
mail_plugins = zlib notify push_notification listescape acl
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = zlib notify push_notification listescape acl imap_acl
}
Server-side logging:
Feb 17 18:19:46 server dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=wnsM+TnYeNt/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=144#011rport=56184#011resp=<hidden>
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing passdb
lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): pass search:
base=OU=User Accounts,OU=Interactive
Users,OU=Groupware,DC=example,DC=com scope=subtree
filter=(&(objectClass=user)(sAMAccountName=test1)(memberOf:1.2.840.113556.1.4.1941:=CN=mail_user-example.com,OU=Mail
Domains,OU=Groups,DC=example,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fields=userPrincipalName
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): result:
userPrincipalName=test1 at example.com; userPrincipalName unused
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1 at example.com,127.0.0.1,<wnsM+TnYeNt/AAAB>): username changed
test1 at example.com -> test1
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): allow_nets: Matching for
network 127.0.0.1/32
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished passdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
auth(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Auth request finished
Feb 17 18:19:46 server dovecot: auth: Debug: client passdb out:
OK#0111#011user=test1#011k5principals=test1 at example.com
Feb 17 18:19:46 server dovecot: auth: Debug: master in:
REQUEST#011674496513#011982757#0111#011bdc4ed95a66c86ed9e287682de2cc297#011session_pid=982760#011request_auth_token
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): user search: base=OU=User
Accounts,OU=Interactive Users,OU=Groupware,DC=example,DC=com
scope=subtree
filter=(&(objectClass=user)(sAMAccountName=test1)(memberOf:1.2.840.113556.1.4.1941:=CN=mail_user-,OU=Mail
Domains,OU=Groups,DC=example,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fields=
Feb 17 18:19:46 server dovecot: auth: Debug: auth client connected
(pid=982759)
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): no fields returned by the server
Feb 17 18:19:46 server dovecot: auth:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): unknown user
Feb 17 18:19:46 server dovecot: auth: Debug:
ldap(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Performing userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug:
static(test1,127.0.0.1,<wnsM+TnYeNt/AAAB>): Finished userdb lookup
Feb 17 18:19:46 server dovecot: auth: Debug: master userdb out:
USER#011674496513#011test1#011uid=990#011gid=986#011home=/srv/mail/vmail#011auth_mech=PLAIN#011auth_token=7f5013248866ebfbfb636b8de817aad6ac5af767
Feb 17 18:19:46 server dovecot: imap-login: Login: user=<test1>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=982760, secured,
session=<wnsM+TnYeNt/AAAB>
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: Effective uid=990, gid=986, home=/srv/mail/vmail
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: Namespace inbox: type=private, prefix=, sep=~, inbox=yes,
hidden=no, list=yes, subscriptions=yes
location=maildir:/srv/mail/vmail/example.com/test1/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEX=/srv/mail/vmail/example.com/test1/index:CONTROL=/srv/mail/vmail/example.com/test1/control:VOLATILEDIR=/srv/mail/vmail/example.com/test1/volatile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: fs: root=/srv/mail/vmail/example.com/test1/store,
index=/srv/mail/vmail/example.com/test1/index, indexpvt=,
control=/srv/mail/vmail/example.com/test1/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: owner = 1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: Namespace : type=shared, prefix=shared~%n~, sep=~, inbox=no,
hidden=no, list=children, subscriptions=no
location=maildir:/srv/mail/vmail/example.com/%n/store:LAYOUT=fs:FULLDIRNAME=0_FolderContent:UTF-8:INDEXPVT=/srv/mail/vmail/example.com/test1/index_shared/%u:CONTROL=/srv/mail/vmail/example.com/%n/control:VOLATILEDIR=/srv/mail/vmail/example.com/%n/volatile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: shared: root=/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: fts: Indexes disabled for namespace 'shared~%n~'
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: owner = 0
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: fs: root=/srv/mail/vmail/example.com/test2/INBOX/store, index=,
indexpvt=/srv/mail/vmail/example.com/test1/index_shared/test2/INBOX,
control=/srv/mail/vmail/example.com/test2/INBOX/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: acl username = test2/INBOX
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: owner = 1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: fs: root=/srv/mail/vmail/example.com/test2/INBOX/store, index=,
indexpvt=/srv/mail/vmail/example.com/test1/index_shared/test2/INBOX,
control=/srv/mail/vmail/example.com/test2/INBOX/control, inbox=, alt=
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: initializing backend with data: vfile
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: acl username = test1
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl: owner = 0
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: acl vfile: Global ACLs disabled
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: Mailbox shared~test2~INBOX: Mailbox opened because: SELECT
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Logged out in=245 out=1711 deleted=0 expunged=0 trashed=0 hdr_count=0
hdr_bytes=0 body_count=0 body_bytes=0
Client-side logging:
S[0x55ae80a7bb00]: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE LITERAL+ STARTTLS AUTH=GSSAPI AUTH=GSS-SPNEGO AUTH=PLAIN]
Dovecot ready.
C[0x55ae808c12d0]: 1 login "test1" ""
S[0x55ae80a7bb00]: 1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE
SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY
SPECIAL-USE ACL RIGHTS=texk] Logged in
C[0x55ae808c12d0]: 2 capability
S[0x55ae80a7bb00]: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE
SNIPPET=FUZZY PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY
SPECIAL-USE ACL RIGHTS=texk
S[0x55ae80a7bb00]: 2 OK Capability completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 3 ID ("x-originating-ip" "192.168.10.106")
S[0x55ae80a7bb00]: * ID ("name" "Dovecot")
S[0x55ae80a7bb00]: 3 OK ID completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 4 namespace
S[0x55ae80a7bb00]: * NAMESPACE (("" "~")) (("shared~" "~")) NIL
S[0x55ae80a7bb00]: 4 OK Namespace completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 5 LIST "" ""
S[0x55ae80a7bb00]: * LIST (\Noselect) "~" ""
S[0x55ae80a7bb00]: 5 OK List completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 6 select "INBOX"
S[0x55ae80a7bb00]: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
S[0x55ae80a7bb00]: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted
\Seen \Draft \*)] Flags permitted.
S[0x55ae80a7bb00]: * 1 EXISTS
S[0x55ae80a7bb00]: * 0 RECENT
S[0x55ae80a7bb00]: * OK [UIDVALIDITY 1637177527] UIDs valid
S[0x55ae80a7bb00]: * OK [UIDNEXT 2] Predicted next UID
S[0x55ae80a7bb00]: * OK [HIGHESTMODSEQ 10] Highest
S[0x55ae80a7bb00]: 6 OK [READ-WRITE] Select completed (0.001 + 0.000 secs).
C[0x55ae808c12d0]: 7 UID SEARCH (UNSEEN NOT DELETED)
S[0x55ae80a7bb00]: * SEARCH
S[0x55ae80a7bb00]: 7 OK Search completed (0.001 + 0.001 secs).
C[0x55ae808c12d0]: 8 select "shared~test2~INBOX"
S[0x55ae80a7bb00]: * OK [CLOSED] Previous mailbox closed.
S[0x55ae80a7bb00]: 8 NO [CANNOT] Invalid mailbox name
'shared~test2~INBOX': Missing namespace prefix 'shared~test2/INBOX~'
(0.001 + 0.001 secs).
C[0x55ae808c12d0]: 9 logout
S[0x55ae80a7bb00]: * BYE Logging out
This issue I am facing is this:
8 NO [CANNOT] Invalid mailbox name 'shared~test2~INBOX': Missing
namespace prefix 'shared~test2/INBOX~'
The server-side seems to think everything is fine:
Feb 17 18:19:46 server dovecot: imap(test1)<982760><wnsM+TnYeNt/AAAB>:
Debug: Mailbox shared~test2~INBOX: Mailbox opened because: SELECT
But I do not get to see any messages in test2's shared mailbox.
How to debug this?
Or better: how to fix it :-) ??
- Kees
More information about the dovecot
mailing list