<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello everyone<br>
<p><span>sorry i'm not very experienced and also my english</span><span
class="to"><span><span><br>
</span></span></span></p>
I installed a centos 7 server with ispconfig postfix dovecot 2.2.36
and roundcube, this server is only a mail archive, so my need is
that ALL the mailboxes are read-only on roundcube/imap and any user
must NOT delete the messages. ... so I configured dovecot's ALC
following the guide <a class="moz-txt-link-rfc2396E" href="https://wiki2.dovecot.org/ACL">"https://wiki2.dovecot.org/ACL"</a> I think I did
everything correctly and I don't get errors but entering the webmail
roundcube I CAN DELETE MESSAGES ..... it seems that the acl have no
effect ....<br>
<br>
added to the dovecot configuration file /etc/dovecot/dovecot.conf<br>
______________________________________<br>
....<br>
plugin {<br>
acl = vfile: / etc / dovecot / dovecot-acl<br>
}<br>
.....<br>
protocol imap {<br>
mail_plugins = $ mail_plugins imap_acl<br>
}<br>
mail_plugins = acl<br>
.....<br>
______________________________________<br>
<br>
created the "global" file /etc/dovecot/dovecot-acl and inserted that
the test user has only lookup and reading rights (lr):<br>
<br>
* <a class="moz-txt-link-abbreviated" href="mailto:user=test@test.com">user=test@test.com</a> lr<br>
______________________________________<br>
<br>
my dovecot.conf<br>
*********************************<br>
listen = *,[::]<br>
protocols = imap pop3<br>
auth_mechanisms = plain login<br>
disable_plaintext_auth = no<br>
log_timestamp = "%Y-%m-%d %H:%M:%S "<br>
mail_privileged_group = vmail<br>
ssl_cert = </etc/postfix/smtpd.cert<br>
ssl_key = </etc/postfix/smtpd.key<br>
ssl_protocols = !SSLv3<br>
passdb {<br>
args = /etc/dovecot-sql.conf<br>
driver = sql<br>
}<br>
userdb {<br>
driver = prefetch<br>
}<br>
userdb {<br>
args = /etc/dovecot-sql.conf<br>
driver = sql<br>
}<br>
plugin {<br>
acl = vfile:/etc/dovecot/dovecot-acl<br>
quota = dict:user::<a class="moz-txt-link-freetext" href="file:/var/vmail/%d/%n/.quotausage">file:/var/vmail/%d/%n/.quotausage</a><br>
sieve=/var/vmail/%d/%n/.sieve<br>
}<br>
service auth {<br>
unix_listener /var/spool/postfix/private/auth {<br>
group = postfix<br>
mode = 0660<br>
user = postfix<br>
}<br>
unix_listener auth-userdb {<br>
group = vmail<br>
mode = 0600<br>
user = vmail<br>
}<br>
user = root<br>
}<br>
service lmtp {<br>
unix_listener /var/spool/postfix/private/dovecot-lmtp {<br>
group = postfix<br>
mode = 0600<br>
user = postfix<br>
}<br>
}<br>
service imap-login {<br>
client_limit = 1000<br>
process_limit = 500<br>
}<br>
protocol imap {<br>
mail_plugins = $mail_plugins imap_acl<br>
mail_plugins = quota imap_quota<br>
}<br>
protocol pop3 {<br>
pop3_uidl_format = %08Xu%08Xv<br>
mail_plugins = quota<br>
}<br>
protocol lda {<br>
mail_plugins = sieve quota<br>
postmaster_address = root@localhost<br>
}<br>
protocol lmtp {<br>
postmaster_address = <a class="moz-txt-link-abbreviated" href="mailto:admin@htmlservices.it">admin@htmlservices.it</a><br>
mail_plugins = quota sieve<br>
}<br>
mail_plugins = $mail_plugins quota<br>
mail_plugins = acl<br>
*********************************<br>
<br>
my dovecot-acl<br>
*********************************<br>
* <a class="moz-txt-link-abbreviated" href="mailto:user=test@test.com">user=test@test.com</a> lr<br>
*********************************<br>
<br>
"debug"<br>
*********************************<br>
[root@archivio ~]# doveadm -Dv acl debug -u <a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a> INBOX<br>
Debug: Loading modules from directory: /usr/lib64/dovecot<br>
Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so<br>
Debug: Loading modules from directory: /usr/lib64/dovecot/doveadm<br>
Debug: Module loaded:
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so<br>
Debug: Skipping module doveadm_expire_plugin, because dlopen()
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_expire_plugin.so:
undefined symbol: expire_set_deinit (this is usually intentional, so
just ignore this message)<br>
Debug: Skipping module doveadm_quota_plugin, because dlopen()
failed: /usr/lib64/dovecot/doveadm/lib10_doveadm_quota_plugin.so:
undefined symbol: quota_user_module (this is usually intentional, so
just ignore this message)<br>
Debug: Module loaded:
/usr/lib64/dovecot/doveadm/lib10_doveadm_sieve_plugin.so<br>
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen()
failed:
/usr/lib64/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so:
undefined symbol: lucene_index_iter_deinit (this is usually
intentional, so just ignore this message)<br>
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed:
/usr/lib64/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined
symbol: fts_user_get_language_list (this is usually intentional, so
just ignore this message)<br>
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen()
failed: /usr/lib64/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so:
undefined symbol: mail_crypt_box_get_pvt_digests (this is usually
intentional, so just ignore this message)<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Added userdb setting:
mail=maildir:/var/vmail/test.com/test/Maildir<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Added userdb setting:
plugin/quota_rule=*:storage=0B<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Added userdb setting:
plugin/sieve=/var/vmail/test.com/test/.sieve<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Effective uid=5000, gid=5000,
home=/var/vmail/test.com/test<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl: No acl_shared_dict setting -
shared mailbox listing is disabled<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: maildir++:
root=/var/vmail/test.com/test/Maildir, index=, indexpvt=, control=,
inbox=/var/vmail/test.com/test/Maildir, alt=<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl: initializing backend with data:
vfile:/etc/dovecot/dovecot-acl<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl: acl username = <a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a><br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl: owner = 1<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl vfile: Global ACL file:
/etc/dovecot/dovecot-acl<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: Mailbox 'INBOX' is in namespace ''<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: Mailbox path:
/var/vmail/test.com/test/Maildir<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: All message flags are shared across
users in mailbox<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: Mailbox 'INBOX' matches global ACL
pattern '*'<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Debug: acl vfile: file
/var/vmail/test.com/test/Maildir/dovecot-acl not found<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: User <a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a> has rights: lookup
read<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: Mailbox in user's private namespace<br>
doveadm(<a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a>): Info: Mailbox INBOX is visible in LIST<br>
[root@archivio ~]#<br>
*********************************<br>
<br>
if I see the line "Info: User <a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a> has rights: lookup read"
it seems that the ACL (lookup and read) are correctly applied,<br>
<div>but as I was saying above, entering the user <a class="moz-txt-link-abbreviated" href="mailto:test@test.com">test@test.com</a> on
the webmail, I can do everything I want to also delete the e-mails
..... these are days I try to understand but I don't understand
what I'm wrong and how to solve .... <br>
</div>
<div>thank you all in advance</div>
</body>
</html>