dovecot - May 2014 - lazy_expunge and shared folders

Hi,

since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon as 
a user shares a folder. The user the folder is shared to cannot login 
anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace:
'.EXPUNGED/'

- When no folder is shared lazy_expunge is working fine, deleted mails are 
moved to the expunged namespace and can be recovered without any problems.
- Sharing folders works as long as I disable lazy_expunge.

I have used the config (with minor changes) with dovecot 2.0 for years 
without any problem. Switching to dovecot 2.2.10 (atrps repository) or 
2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together 
anymore.

Is it a bug, a known limitation or is something wrong with my config?
Any hints are welcome.

Thanks in advance,
Florian

dovecot -n

# 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) 
auth_cache_negative_ttl = 10 mins
auth_cache_size = 10 M
auth_cache_ttl = 2 hours
auth_failure_delay = 10 secs
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_gid = 105
first_valid_uid = 105
hostname = ...
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
imap_idle_notify_interval = 10 mins
last_valid_uid = 105
listen = ...
lmtp_save_to_detail_mailbox = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_gid = vimap
mail_home = /var/imap/spool/%1n/%n
mail_location = mdbox:~/mdbox
mail_plugins = " fts fts_lucene acl"
mail_temp_dir = /var/imap/tmp
mail_uid = vimap
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
copy include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
mdbox_rotate_interval = 1 days
namespace {
  list = children
  location = 
mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox/shared/%%u
  prefix = User/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace expunged {
  hidden = yes
  list = no
  location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged
  prefix = .EXPUNGED/
  separator = /
  subscriptions = no
  type = private
}
namespace inbox {
  inbox = yes
  location = mdbox:/var/imap/spool/%1n/%n/mdbox
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Learn {
    auto = subscribe
  }
  mailbox Learn/Ham {
    auto = subscribe
  }
  mailbox Learn/Spam {
    auto = subscribe
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  mailbox virtual/All {
    special_use = \All
  }
  mailbox virtual/Flagged {
    special_use = \Flagged
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /etc/dovecot/extra-users
  driver = passwd-file
}
plugin {
  acl = vfile:/var/imap/global-acls:cache_secs=300
  acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes
  fts = lucene
  fts_autoindex = yes
  fts_lucene = whitespace_chars=@.
  lazy_expunge = .EXPUNGED/
  lazy_expunge_only_last_instance = yes
  recipient_delimiter = +
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_max_actions = 32
  sieve_max_redirects = 4
  sieve_max_script_size = 1M
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster at ...
protocols = imap pop3 lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vimap
    mode = 0600
    user = vimap
  }
  user = $default_internal_user
}
service imap-login {
  process_min_avail = 4
  service_count = 0
}
service imap {
  process_limit = 1024
  vsz_limit = 256 M
}
service lmtp {
  inet_listener lmtp {
    address = ...
    port = 24
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
  service_count = 1
  vsz_limit = 64 M
}
service pop3-login {
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
  process_min_avail = 4
  service_count = 0
}
service pop3 {
  process_limit = 512
}
ssl_cert = </etc/dovecot/ssl/...
ssl_key = </etc/dovecot/ssl/...
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
userdb {
  args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n
  driver = static
}
protocol lda {
  mail_plugins = " fts fts_lucene acl sieve"
}
protocol imap {
  mail_max_userip_connections = 20
  mail_plugins = " fts fts_lucene acl imap_acl"
}
protocol lmtp {
  mail_plugins = " fts fts_lucene acl sieve"
}
protocol sieve {
  mail_max_userip_connections = 10
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
  managesieve_max_line_length = 65536
}
protocol pop3 {
  mail_max_userip_connections = 20
}

Am 20.05.2014 14:00, schrieb Florian:
> Hi,
> 
> since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon as
> a user shares a folder. The user the folder is shared to cannot login 
> anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace:
'.EXPUNGED/'
> 
> - When no folder is shared lazy_expunge is working fine, deleted mails are 
> moved to the expunged namespace and can be recovered without any problems.
> - Sharing folders works as long as I disable lazy_expunge.
> 
> I have used the config (with minor changes) with dovecot 2.0 for years 
> without any problem. Switching to dovecot 2.2.10 (atrps repository) or 
> 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together 
> anymore.
> 
> Is it a bug, a known limitation or is something wrong with my config?
> Any hints are welcome.
> 
> Thanks in advance,
> Florian
> 
> dovecot -n
> 
> # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final) 
> auth_cache_negative_ttl = 10 mins
> auth_cache_size = 10 M
> auth_cache_ttl = 2 hours
> auth_failure_delay = 10 secs
> auth_mechanisms = plain login
> auth_socket_path = /var/run/dovecot/auth-userdb
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_gid = 105
> first_valid_uid = 105
> hostname = ...
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
> imap_idle_notify_interval = 10 mins
> last_valid_uid = 105
> listen = ...
> lmtp_save_to_detail_mailbox = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c
> mail_gid = vimap
> mail_home = /var/imap/spool/%1n/%n
> mail_location = mdbox:~/mdbox
> mail_plugins = " fts fts_lucene acl"
> mail_temp_dir = /var/imap/tmp
> mail_uid = vimap
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date ihave
> mbox_write_locks = fcntl
> mdbox_rotate_interval = 1 days
> namespace {
>   list = children
>   location = 
>
mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox/shared/%%u
>   prefix = User/%%u/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace expunged {
>   hidden = yes
>   list = no
>   location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged
>   prefix = .EXPUNGED/
>   separator = /
>   subscriptions = no
>   type = private
> }
> namespace inbox {
>   inbox = yes
>   location = mdbox:/var/imap/spool/%1n/%n/mdbox
>   mailbox Drafts {
>     auto = subscribe
>     special_use = \Drafts
>   }
>   mailbox Learn {
>     auto = subscribe
>   }
>   mailbox Learn/Ham {
>     auto = subscribe
>   }
>   mailbox Learn/Spam {
>     auto = subscribe
>   }
>   mailbox Sent {
>     auto = subscribe
>     special_use = \Sent
>   }
>   mailbox Spam {
>     auto = subscribe
>     special_use = \Junk
>   }
>   mailbox Trash {
>     auto = subscribe
>     special_use = \Trash
>   }
>   mailbox virtual/All {
>     special_use = \All
>   }
>   mailbox virtual/Flagged {
>     special_use = \Flagged
>   }
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> passdb {
>   args = /etc/dovecot/extra-users
>   driver = passwd-file
> }
> plugin {
>   acl = vfile:/var/imap/global-acls:cache_secs=300
>   acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes
>   fts = lucene
>   fts_autoindex = yes
>   fts_lucene = whitespace_chars=@.
>   lazy_expunge = .EXPUNGED/
>   lazy_expunge_only_last_instance = yes
>   recipient_delimiter = +
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
>   sieve_max_actions = 32
>   sieve_max_redirects = 4
>   sieve_max_script_size = 1M
> }
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> postmaster_address = postmaster at ...
> protocols = imap pop3 lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-userdb {
>     group = vimap
>     mode = 0600
>     user = vimap
>   }
>   user = $default_internal_user
> }
> service imap-login {
>   process_min_avail = 4
>   service_count = 0
> }
> service imap {
>   process_limit = 1024
>   vsz_limit = 256 M
> }
> service lmtp {
>   inet_listener lmtp {
>     address = ...
>     port = 24
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
>   inet_listener sieve_deprecated {
>     port = 2000
>   }
>   service_count = 1
>   vsz_limit = 64 M
> }
> service pop3-login {
>   inet_listener pop3s {
>     port = 995
>     ssl = yes
>   }
>   process_min_avail = 4
>   service_count = 0
> }
> service pop3 {
>   process_limit = 512
> }
> ssl_cert = </etc/dovecot/ssl/...
> ssl_key = </etc/dovecot/ssl/...
> userdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> userdb {
>   args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n
>   driver = static
> }
> protocol lda {
>   mail_plugins = " fts fts_lucene acl sieve"
> }
> protocol imap {
>   mail_max_userip_connections = 20
>   mail_plugins = " fts fts_lucene acl imap_acl"
> }
> protocol lmtp {
>   mail_plugins = " fts fts_lucene acl sieve"
> }
> protocol sieve {
>   mail_max_userip_connections = 10
>   managesieve_implementation_string = Dovecot Pigeonhole
>   managesieve_logout_format = bytes=%i/%o
>   managesieve_max_line_length = 65536
> }
> protocol pop3 {
>   mail_max_userip_connections = 20
> }
> 
"perhaps" related to this

http://wiki2.dovecot.org/Plugins/Lazyexpunge

...
Copy only the last instance (v2.2+)

If mail has multiple copies (via IMAP COPY), each copy is normally moved
to lazy expunge namespace when it's expunged. With v2.2+ you can set
plugin { lazy_expunge_only_last_instance = yes }  to copy only the last
instance and immediately expunge the others. This may be useful if you
want to provide a flat list of all expunged mails without duplicates in
your webmail. With many clients this means that the last instance is
always in the Trash mailbox.
...




Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen

Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Am Dienstag, 20. Mai 2014, 14:00:11 schrieben Sie:
> Hi,
> 
> since migration to Dovecot 2.2 I have troubles with lazy_expunge as soon
> as a user shares a folder. The user the folder is shared to cannot login
> anymore, dovecot logs Fatal: lazy_expunge: Unknown namespace:
> '.EXPUNGED/'
> 
> - When no folder is shared lazy_expunge is working fine, deleted mails are
> moved to the expunged namespace and can be recovered without any
> problems. - Sharing folders works as long as I disable lazy_expunge.
> 
> I have used the config (with minor changes) with dovecot 2.0 for years
> without any problem. Switching to dovecot 2.2.10 (atrps repository) or
> 2.2.12 (dovecot enterprise repo) lazy_expunge and acl do not work together
> anymore.
Hi,

unfortunately I got no response to the acl breaks lazy_expunge problem.

Maybe the developers can give me some feedback?
Is it supposed (not) to work? Will it be fixed?

Currently it prevents me from sucessfully migration from 2.0 to 2.2 without 
losing features.

Thanks,
Florian
> Is it a bug, a known limitation or is something wrong with my config?
> Any hints are welcome.
> 
> Thanks in advance,
> Florian
> 
> dovecot -n
> 
> # 2.2.12.12 (03196f188677): /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-042stab085.20 x86_64 CentOS release 6.5 (Final)
> auth_cache_negative_ttl = 10 mins
> auth_cache_size = 10 M
> auth_cache_ttl = 2 hours
> auth_failure_delay = 10 secs
> auth_mechanisms = plain login
> auth_socket_path = /var/run/dovecot/auth-userdb
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_gid = 105
> first_valid_uid = 105
> hostname = ...
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
> imap_idle_notify_interval = 10 mins
> last_valid_uid = 105
> listen = ...
> lmtp_save_to_detail_mailbox = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c
> mail_gid = vimap
> mail_home = /var/imap/spool/%1n/%n
> mail_location = mdbox:~/mdbox
> mail_plugins = " fts fts_lucene acl"
> mail_temp_dir = /var/imap/tmp
> mail_uid = vimap
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> mbox_write_locks = fcntl
> mdbox_rotate_interval = 1 days
> namespace {
>   list = children
>   location >
mdbox:/var/imap/spool/%%1n/%%n/mdbox:INDEXPVT=/var/imap/spool/%1n/%n/mdbox
> /shared/%%u prefix = User/%%u/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace expunged {
>   hidden = yes
>   list = no
>   location = mdbox:/var/imap/spool/%1n/%n/mdbox:MAILBOXDIR=expunged
>   prefix = .EXPUNGED/
>   separator = /
>   subscriptions = no
>   type = private
> }
> namespace inbox {
>   inbox = yes
>   location = mdbox:/var/imap/spool/%1n/%n/mdbox
>   mailbox Drafts {
>     auto = subscribe
>     special_use = \Drafts
>   }
>   mailbox Learn {
>     auto = subscribe
>   }
>   mailbox Learn/Ham {
>     auto = subscribe
>   }
>   mailbox Learn/Spam {
>     auto = subscribe
>   }
>   mailbox Sent {
>     auto = subscribe
>     special_use = \Sent
>   }
>   mailbox Spam {
>     auto = subscribe
>     special_use = \Junk
>   }
>   mailbox Trash {
>     auto = subscribe
>     special_use = \Trash
>   }
>   mailbox virtual/All {
>     special_use = \All
>   }
>   mailbox virtual/Flagged {
>     special_use = \Flagged
>   }
>   prefix >   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> passdb {
>   args = /etc/dovecot/extra-users
>   driver = passwd-file
> }
> plugin {
>   acl = vfile:/var/imap/global-acls:cache_secs=300
>   acl_shared_dict = file:/var/imap/shared-mailboxes/shared-mailboxes
>   fts = lucene
>   fts_autoindex = yes
>   fts_lucene = whitespace_chars=@.
>   lazy_expunge = .EXPUNGED/
>   lazy_expunge_only_last_instance = yes
>   recipient_delimiter = +
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
>   sieve_max_actions = 32
>   sieve_max_redirects = 4
>   sieve_max_script_size = 1M
> }
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> postmaster_address = postmaster at ...
> protocols = imap pop3 lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-userdb {
>     group = vimap
>     mode = 0600
>     user = vimap
>   }
>   user = $default_internal_user
> }
> service imap-login {
>   process_min_avail = 4
>   service_count = 0
> }
> service imap {
>   process_limit = 1024
>   vsz_limit = 256 M
> }
> service lmtp {
>   inet_listener lmtp {
>     address = ...
>     port = 24
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
>   inet_listener sieve_deprecated {
>     port = 2000
>   }
>   service_count = 1
>   vsz_limit = 64 M
> }
> service pop3-login {
>   inet_listener pop3s {
>     port = 995
>     ssl = yes
>   }
>   process_min_avail = 4
>   service_count = 0
> }
> service pop3 {
>   process_limit = 512
> }
> ssl_cert = </etc/dovecot/ssl/...
> ssl_key = </etc/dovecot/ssl/...
> userdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> userdb {
>   args = uid=vimap gid=vimap home=/var/imap/spool/%1n/%n
>   driver = static
> }
> protocol lda {
>   mail_plugins = " fts fts_lucene acl sieve"
> }
> protocol imap {
>   mail_max_userip_connections = 20
>   mail_plugins = " fts fts_lucene acl imap_acl"
> }
> protocol lmtp {
>   mail_plugins = " fts fts_lucene acl sieve"
> }
> protocol sieve {
>   mail_max_userip_connections = 10
>   managesieve_implementation_string = Dovecot Pigeonhole
>   managesieve_logout_format = bytes=%i/%o
>   managesieve_max_line_length = 65536
> }
> protocol pop3 {
>   mail_max_userip_connections = 20
> }
-- 
Florian Tischler
System Administrator
*Johann Radon Institute for Computational and Applied Mathematics (RICAM)
http://www.ricam.oeaw.ac.at/
florian.tischler at oeaw.ac.at
*Industrial Mathematics Institute
http://www.indmath.uni-linz.ac.at/
tischler at indmath.uni-linz.ac.at
http://www.ricam.oeaw.ac.at/people/page.cgi?firstn=Florian;lastn=Tischler
GPG-Key: http://www.ricam.oeaw.ac.at/gpg/florian_tischler.asc
tel: +43 732 2468 5250
fax: +43 732 2468 5212