Peter Benko
2014-Jun-24 13:04 UTC
Bug/feature: mail fs pollution on IMAP select namespace/{non-existent}
Hi all,
I have noticed a strange behavior with dovecot (tested with 2.2.13). I use
shared folders to share mailboxes between users. I have a namespace called
"Accounts" that hosts the shared folder for the users (prefix
Accounts/%%n/). However, When I issue an IMAP select command on a random
non-existent mailbox name under "Accounts", dovecot auto-creates it
and pollutes my mail root directory:
Python test code snippet:
imapConn=imaplib.IMAP4_SSL(serverIP, serverPort)
imapConn.login(serverLogin, serverPass)
print imapConn.select("Accounts/NonExistentMailbox")
imapConn.logout()
Resulting in this:
drwxr-x--- 1 vmail vmail 4096 Jun 12 10:00 _attachments_>>> drwx------ 1 vmail vmail 4096 Jun 24 14:27 NonExistentMailbox
<<<
drwxr-x--- 1 vmail vmail 4096 Jun 24 00:54 user1
drwxr-x--- 1 vmail vmail 4096 Jun 24 01:24 user2
...
-rwxr-x--- 1 vmail vmail 72 Jun 24 14:27 shared-mailboxes.db
ls -l NonExistentMailbox/
-rw------- 1 vmail vmail 0 Jun 24 14:27 dovecot-acl-list
drwx------ 1 vmail vmail 4096 Jun 24 14:27 mailboxes <<< (empty)
I attached a debug log and and my sanitized dovecot config.
Please help! Is this a bug or a feature? I assume it might even cause more
serious problems e.g., if I would select "Accounts/_attachments_" or
something similar...
I noticed this behavior with the latest Thunderbird client when I tried to
subscribe to shared folders and it started to pollute my mail dirs (which
signals that Thunderbird might be also buggy as it should not select
non-existent folders under "Accounts"). I just reproduced it for
simplicity with the above python script.
Best regards,
Peter
debug log
---------
Jun 24 14:27:51 efi-backup dovecot: imap-login: Login: user=<user2 at
domain.com>, method=PLAIN, rip=192.168.1.1, lip=192.168.1.3, mpid=10787, TLS,
session=<t36aFpT8ggDAqAEB>
Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Loading modules from directory:
/usr/lib/dovecot/modules
Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib20_zlib_plugin.so
Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Added userdb setting:
plugin/master_user=user2 at domain.com
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Effective
uid=5000, gid=5000, home=/mail/mailboxes/domain.com/user2
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace
: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=mdbox:~
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs:
root=/mail/mailboxes/domain.com/user2, index=, indexpvt=, control=, inbox=,
altJun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl:
initializing backend with data: vfile
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl
username = user2 at domain.com
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner
= 1
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
Global ACLs disabled
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace
: type=shared, prefix=Accounts/%n/, sep=/, inbox=no, hidden=no, list=children,
subscriptions=no
location=mdbox:/mail/mailboxes/%d/%n:INDEX=/mail/mailboxes/%d/%n:INDEXPVT=/mail/mailboxes/domain.com/user2/indexpvt-accounts/%n
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: shared:
root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, altJun 24 14:27:51
efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend
with data: vfile
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl
username = user2 at domain.com
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner
= 0
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
Global ACLs disabled
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs:
root=/mail/mailboxes/domain.com/NonExistentMailbox, index=,
indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox,
control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at
domain.com): Debug: Namespace : /mail/mailboxes/domain.com/NonExistentMailbox
doesn't exist yet, using default permissions
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace
: Using permissions from /mail/mailboxes/domain.com/NonExistentMailbox:
mode=0700 gid=default
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl:
initializing backend with data: vfile
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl
username = user2 at domain.com
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner
= 0
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
Global ACLs disabled
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs:
root=/mail/mailboxes/domain.com/NonExistentMailbox, index=,
indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox,
control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at
domain.com): Debug: acl: initializing backend with data: vfile
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl
username = user2 at domain.com
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner
= 0
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
Global ACLs disabled
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
file
/mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl
not found
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace
Accounts/NonExistentMailbox/: Using permissions from
/mail/mailboxes/domain.com/NonExistentMailbox: mode=0700 gid=default
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile:
file
/mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl
not found
Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Disconnected:
Logged out in=56 out=481
doveconf -n
-----------
# 2.2.13 (38cd37cea8b1): /etc/dovecot/dovecot.conf
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
hostname = mail.domain.com
listen = *
login_greeting = $hostname IMAP server
mail_attachment_dir = /mail/mailboxes/%d/_attachments_
mail_attachment_fs = sis-queue /mail/mailboxes/%d/_attachments_/queue:posix
mail_attachment_min_size = 16 k
mail_debug = yes
mail_location = mdbox:~
mail_plugins = " zlib acl"
mdbox_rotate_interval = 5 days
mdbox_rotate_size = 5 M
namespace {
inbox = yes
location =
prefix =
separator = /
type = private
}
namespace {
list = children
location =
mdbox:/mail/mailboxes/%%d/%%n:INDEX=/mail/mailboxes/%%d/%%n:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%n
prefix = Accounts/%%n/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /mail/config/dovecot/passwd
driver = passwd-file
}
passdb {
args = /mail/config/dovecot/passwd-master
driver = passwd-file
master = yes
pass = yes
}
plugin {
acl = vfile
acl_defaults_from_inbox = yes
acl_shared_dict = file:/mail/mailboxes/%d/shared-mailboxes.db
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmaster at domain.com
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl = required
ssl_cert = </mail/config/public-address-cert.pem
ssl_key = </mail/config/public-address-key.pem
syslog_facility = local6
userdb {
args = uid=vmail gid=vmail master_user=%u home=/mail/mailboxes/%d/%n
driver = static
}
protocol imap {
mail_plugins = " zlib acl imap_acl"
}
remote 192.168.0.0/16/16 {
ssl_cert = </mail/config/private-address-cert.pem
ssl_key = </mail/config/private-address-key.pem
}
Timo Sirainen
2014-Jul-03 18:02 UTC
Bug/feature: mail fs pollution on IMAP select namespace/{non-existent}
On 24.6.2014, at 16.04, Peter Benko <pbopbo at freemail.hu> wrote:> I have noticed a strange behavior with dovecot (tested with 2.2.13). I use shared folders to share mailboxes between users. I have a namespace called "Accounts" that hosts the shared folder for the users (prefix Accounts/%%n/). However, When I issue an IMAP select command on a random non-existent mailbox name under "Accounts", dovecot auto-creates it and pollutes my mail root directory:..> mail_location = mdbox:~..> namespace { > list = children > location = mdbox:/mail/mailboxes/%%d/%%n:INDEX=/mail/mailboxes/%%d/%%n:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%nlocation = mdbox:%%h:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%n This forces Dovecot to do a userdb lookup for the user to get the home dir, which should fail if the user doesn't exist.
Possibly Parallel Threads
- dovecot 2.3.11.3 namespace/ACL shared folder not accessible in sharing-user's Mail folder tree? have a working config?
- ACLs, shared, public, virtual mailboxes not working
- ACLs, shared, public, virtual mailboxes not working
- Different behavior of ACLs in MUA and doveadm
- ACLs, shared, public, virtual mailboxes not working