<html><head>
<style id="pgp_css" type="text/css"><!----></style><style type="text/css"><!--#x40933afcbce24d7 blockquote.cite2
{margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right: 0px; border-left: 1px solid rgb(204, 204, 204); margin-top: 3px; padding-top: 0px;}
#x40933afcbce24d7
{font-family: "Segoe UI"; font-size: 12pt;}
--></style><style id="css_styles" type="text/css"><!--blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
a img { border: 0px; }
li[style='text-align: center;'], li[style='text-align: center; '], li[style='text-align: right;'], li[style='text-align: right; '] { list-style-position: inside;}
body { font-family: Segoe UI; font-size: 12pt; }
.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb solid; padding-left: 0.3em; }--></style>
</head>
<body><div>Ok, to answer my own mail, I realized I was reading some of the error messages wrongly, it turns out that I was missing +x on a directory or two in the path for one of my groups. </div><div><br /></div><div>So I have made a bit of progress but currently stuck here.</div><div><br /></div><div>doveadm(<span style="color: rgb(97, 173, 255); background-color: rgba(0, 0, 0, 0); text-decoration: underline solid rgb(97, 173, 255);"><a href="mailto:user-externaldomain.com">user-externaldomain.com</a></span>): Debug: acl vfile: Global ACLs disabled<br />doveadm(<span style="color: rgb(97, 173, 255); background-color: rgba(0, 0, 0, 0); text-decoration: underline solid rgb(97, 173, 255);">user-externaldomain.com</span>): Error: fchown(<a href="mailto:/home/externaldomain.com/homes/user/Maildir/shared_ns1/">/home/externaldomain.com/homes/user/Maildir/shared_ns1/</a><a href="mailto:info@primarydomain.com" style="background-color: rgba(0, 0, 0, 0); font-size: 12pt;">info@primarydomain.com</a><span>, group=1092(primarydomain.com)) failed: Operation not permitted (egid=1091(externaldomain.com), group based on /home/primarydomain.com/homes/info/Maildir - see </span><a href="http://wiki2.dovecot.org/Errors/ChgrpNoPerm" style="font-size: 12pt;">http://wiki2.dovecot.org/Errors/ChgrpNoPerm</a><span>)</span></div><div>doveadm(<span style="color: rgb(97, 173, 255); background-color: rgba(0, 0, 0, 0); text-decoration: underline solid rgb(97, 173, 255);">user-externaldomain.com</span>): Error: Mailbox @<a href="mailto:/info@primarydomain.com">/info@primarydomain.com</a>/INBOX: mkdir_parents(<a href="mailto:/home/externaldomain.com/homes/user/Maildir/shared_ns1/info@primarydomain.com">/home/externaldomain.com/homes/user/Maildir/shared_ns1/info@primarydomain.com</a>/.INBOX) failed: Operation not permitted<br />doveadm(<span style="color: rgb(97, 173, 255); background-color: rgba(0, 0, 0, 0); text-decoration: underline solid rgb(97, 173, 255);">user-externaldomain.com</span>): Error: Can't open mailbox @<a href="mailto:/info@primarydomain.eu">/info@primarydomain.eu</a>/INBOX: Mailbox @<a href="mailto:/info@primarydomain.com">/info@primarydomain.com</a>/INBOX: mkdir_parents(<a href="mailto:/home/externaldomain.com/homes/user/Maildir/shared_ns1/info@primarydomain.com">/home/externaldomain.com/homes/user/Maildir/shared_ns1/info@primarydomain.com</a>/.INBOX) failed: Operation not permitted<br /></div><div><br /></div><div>I did go through the <a href="http://wiki2.dovecot.org/Errors/ChgrpNoPerm" style="background-color: rgba(0, 0, 0, 0); font-size: 12pt;">http://wiki2.dovecot.org/Errors/ChgrpNoPerm</a> page, and followed the recommended changes to the /var/mail directory, but, it did not seem to make a difference.</div><div><br /></div><div>Anyhow, I have pretty much resigned myself that it will not be possible to have shared mailboxes between domains on this system, at least with the namespaces running under each individual domain. For some reason, its bending my brain what is exactly needed. </div>
<div><br /></div>
<div>------ Original Message ------</div>
<div>From: "Andreas T (DC)" <<a href="mailto:andreas.tyrosvoutis@gmail.com">andreas.tyrosvoutis@gmail.com</a>></div>
<div>To: "<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>" <<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>></div>
<div>Sent: 2020-07-22 3:42:53 PM</div>
<div>Subject: Mailbox sharing, user to user in same domain, OK! User to user sharing in separate domains, problem. ( ... and more oh boy!)</div><div><br /></div>
<div id="x40933afcbce24d7"><blockquote cite="emeecaecb7-7ecb-44a0-990a-9021fa949b29@fattop" type="cite" class="cite2">
<div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Dovecot -n and version present at the bottom of the email for legibility.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">System is a Debian 10 + Virtualmin hosting setup for my domains</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">-------------------------------------------------------------------</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Hello everyone, my first post. Sorry for the long and confusing post, I'm pretty new to dovecot other than basic functionality.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">I recently in the last week went through the documentation for both shared (user to user) and public mailboxes and got them both working.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Took me a bit but eventually I figured it out, but I am still encountering some stubborn scenarios.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">I am having some issues with 2 types of sharing. ( I believe problem A + B are related as the error is similarly permission based error)</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">For inconsistencies in the user account names, <a href="mailto:user@domain.com">user@domain.com</a> vs user-domain.com please see issue C, which my workaround is functional.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">A.) </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Sharing user to user between in the same domain works fine.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Sharing user to user in different domains gives me some permission errors.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Permissions have been granted (to (using Linux ACL for more fine grained permissions) as far as I can tell. </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Trying to share the info "INBOX" (fullshare, same issue for single boxes as well) from the <a href="mailto:info@primarydomain.com">info@primarydomain.com</a> to <a href="mailto:user@externaldomain.com">user@externaldomain.com</a><br /><br />from <a href="mailto:info@primarydomain.com">info@primarydomain.com</a> Mailder</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br />cat dovecot-acl<br />user=user-externaldomain.com akxeilprwts<br /><br />getfacl dovecot-acl<br /># file: dovecot-acl<br /># owner: <a href="mailto:info@primarydomain.com">info@primarydomain.com</a><br /># group: primarydomain.com<br />user::rw-<br />user:<a href="mailto:user@externaldomain.com" style="">user@externaldomain.com</a>:rwx #effective:rw-<br />user:<a href="mailto:info@primarydomain.com">info@primarydomain.com</a>:rwx #effective:rw-<br />group::---<br />mask::rw-<br />other::---<br /><br /><br />doveadm acl debug -u user-externaldomain.com "@<a href="mailto:/info@primarydomain.com">/info@primarydomain.com</a>/INBOX"<br /><br />doveadm(user-externaldomain.com): Error: stat(/home/primarydomain.com/homes/info/Maildir/tmp) failed: Permission denied (euid=1121(<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>) egid=1091(holanow.com) missing +x perm: /home/primarydomain.com, we're not in group 1092(primarydomain.com), dir owned by 1126:1092 mode=0750)<br /><br />doveadm(user-externaldomain.com): Error: Can't open mailbox @<a href="mailto:/info@primarydomain.com">/info@primarydomain.com</a>/INBOX: stat(/home/primarydomain.com/homes/info/Maildir/tmp) failed: Permission denied (euid=1121(<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>) egid=1091(holanow.com) missing +x perm: /home/primarydomain.com, we're not in group 1092(primarydomain.com), dir owned by 1126:1092 mode=0750)<br /><br /><br />getfacl /home/primarydomain.com/homes/info/Maildir/tmp<br /><br /># file: home/primarydomain.com/homes/info/Maildir/tmp<br /># owner: <a href="mailto:info@primarydomain.com">info@primarydomain.com</a><br /># group: primarydomain.com<br />user::rwx<br />user:<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>:rwx<br />user:<a href="mailto:info@primarydomain.com">info@primarydomain.com</a>:rwx<br />group::---<br />mask::rwx<br />other::---<br />default:user::rwx<br />default:user:<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>:rwx<br />default:user:<a href="mailto:info@primarydomain.com">info@primarydomain.com</a>:rwx<br />default:group::---<br />default:mask::rwx<br />default:other::---<br /><br /><br /><br /> getfacl /home/primarydomain.com/homes/info/Maildir<br /><br /># file: home/primarydomain.com/homes/info/Maildir/<br /># owner: <a href="mailto:info@primarydomain.com">info@primarydomain.com</a><br /># group: primarydomain.com<br />user::rwx<br />user:<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>:rwx<br />user:<a href="mailto:info@primarydomain.com">info@primarydomain.com</a>:rwx<br />group::---<br />mask::rwx<br />other::---<br />default:user::rwx<br />default:user:<a href="mailto:user@externaldomain.com">user@externaldomain.com</a>:rwx<br />default:user:<a href="mailto:info@primarydomain.com">info@primarydomain.com</a>:rwx<br />default:group::---<br />default:mask::rwx<br />default:other::---<br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">B.) </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Public mailbox, mailboxes that are physically present on the public mail dir, work fine.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Public boxes which are symlinks to mailboxes to other users, with correct permission and ACL, always give me permission errors and do not show up publicly.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">These type of mailboxes do show up if the person already has user to user share setup with those boxes, which due to problem A, means only within the same domain.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"> </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Similar errors as to the A scenario, even if giving complete rwx access to all (user/group/other) I still get permission denied issues.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">It just feel like dovecot isn't even trying to access the files</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">C. Tiny "other" problem I have worked around already.<br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">dovecot-acl when using users via their <a href="mailto:user@domain.com">user@domain.com</a> account doesn't lookup the user correctly.</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">I already have set, </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">auth_username_translation = @- </div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">which works for when users login <span style="font-size:12pt;">but it doesn't seem to work with dovecot-acl files.</span></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">I have helper account pointers replacing the @ with - and then the ACL file works fine.<br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">Would prefer acl files contain,</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><a href="mailto:user=user1@primarydomain.com">user=user1@primarydomain.com</a> akxeilprwts<br style="text-decoration-style:solid;text-decoration-color:#FFF;" /><a href="mailto:user=user2@primarydomain.com">user=user2@primarydomain.com</a> akxeilprwts<br style="text-decoration-style:solid;text-decoration-color:#FFF;" /><div style="text-decoration-style:solid;text-decoration-color:#FFF;"></div></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">But this works and is not a show stopper.</div><span style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">user=user1-primarydomain.com akxeilprwts</span><br style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);" /><span style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">user=user2-primarydomain.com akxeilprwts</span><br style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);" /><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">--------------------------------------------</div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);">dovecot --version<br />2.3.4.1 (f79e8e7e4)<br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"><br /></div><div style="text-decoration-style: solid; text-decoration-color: rgb(255, 255, 255);"># 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf<br /># Pigeonhole version 0.5.4 ()<br /># OS: Linux 5.4.44-2-pve x86_64 Debian 10.4<br /># Hostname: vps1.abclution.com<br />doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem<br />doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem<br />auth_mechanisms = plain login<br />auth_username_translation = @-<br />mail_debug = yes<br />mail_location = maildir:~/Maildir<br />mail_plugins = acl<br />namespace inbox {<br /> inbox = yes<br /> location =<br /> mailbox Drafts {<br /> special_use = \Drafts<br /> }<br /> mailbox Junk {<br /> special_use = \Junk<br /> }<br /> mailbox Sent {<br /> special_use = \Sent<br /> }<br /> mailbox "Sent Messages" {<br /> special_use = \Sent<br /> }<br /> mailbox Trash {<br /> special_use = \Trash<br /> }<br /> prefix =<br /> separator = /<br />}<br />namespace public_ns1 {<br /> location = maildir:/home/.Public_Mailboxes:INDEX=~/Maildir/public_ns1:INDEXPVT=~/Maildir/public_ns1<br /> prefix = Public/<br /> separator = /<br /> subscriptions = no<br /> type = public<br />}<br />namespace shared_ns1 {<br /> list = yes<br /> location = maildir:%%h/Maildir:INDEX=~/Maildir/shared_ns1/%%u:INDEXPVT=~/Maildir/shared_ns1/%%u<br /> prefix = @/%%u/<br /> separator = /<br /> subscriptions = no<br /> type = shared<br />}<br />passdb {<br /> driver = pam<br />}<br />plugin {<br /> acl = vfile<br /> acl_anyone = allow<br /> acl_defaults_from_inbox = yes<br /> acl_shared_dict = file:%h/Maildir/shared-mailboxes<br />}<br />protocols = " imap pop3"<br />service auth {<br /> unix_listener auth-userdb {<br /> mode = 0777<br /> }<br />}<br />ssl_cert = </etc/dovecot/dovecot.cert.pem<br />ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM<br />ssl_dh = # hidden, use -P to show it<br />ssl_key = # hidden, use -P to show it<br />ssl_prefer_server_ciphers = yes<br />userdb {<br /> driver = passwd<br />}<br />protocol imap {<br /> mail_plugins = acl imap_acl<br />}</div>
</blockquote></div>
</body></html>