Peter Benko
2014-Jun-24 13:04 UTC
Bug/feature: mail fs pollution on IMAP select namespace/{non-existent}
Hi all, I have noticed a strange behavior with dovecot (tested with 2.2.13). I use shared folders to share mailboxes between users. I have a namespace called "Accounts" that hosts the shared folder for the users (prefix Accounts/%%n/). However, When I issue an IMAP select command on a random non-existent mailbox name under "Accounts", dovecot auto-creates it and pollutes my mail root directory: Python test code snippet: imapConn=imaplib.IMAP4_SSL(serverIP, serverPort) imapConn.login(serverLogin, serverPass) print imapConn.select("Accounts/NonExistentMailbox") imapConn.logout() Resulting in this: drwxr-x--- 1 vmail vmail 4096 Jun 12 10:00 _attachments_>>> drwx------ 1 vmail vmail 4096 Jun 24 14:27 NonExistentMailbox <<<drwxr-x--- 1 vmail vmail 4096 Jun 24 00:54 user1 drwxr-x--- 1 vmail vmail 4096 Jun 24 01:24 user2 ... -rwxr-x--- 1 vmail vmail 72 Jun 24 14:27 shared-mailboxes.db ls -l NonExistentMailbox/ -rw------- 1 vmail vmail 0 Jun 24 14:27 dovecot-acl-list drwx------ 1 vmail vmail 4096 Jun 24 14:27 mailboxes <<< (empty) I attached a debug log and and my sanitized dovecot config. Please help! Is this a bug or a feature? I assume it might even cause more serious problems e.g., if I would select "Accounts/_attachments_" or something similar... I noticed this behavior with the latest Thunderbird client when I tried to subscribe to shared folders and it started to pollute my mail dirs (which signals that Thunderbird might be also buggy as it should not select non-existent folders under "Accounts"). I just reproduced it for simplicity with the above python script. Best regards, Peter debug log --------- Jun 24 14:27:51 efi-backup dovecot: imap-login: Login: user=<user2 at domain.com>, method=PLAIN, rip=192.168.1.1, lip=192.168.1.3, mpid=10787, TLS, session=<t36aFpT8ggDAqAEB> Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Jun 24 14:27:51 efi-backup dovecot: imap: Debug: Added userdb setting: plugin/master_user=user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Effective uid=5000, gid=5000, home=/mail/mailboxes/domain.com/user2 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~ Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/user2, index=, indexpvt=, control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 1 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : type=shared, prefix=Accounts/%n/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:/mail/mailboxes/%d/%n:INDEX=/mail/mailboxes/%d/%n:INDEXPVT=/mail/mailboxes/domain.com/user2/indexpvt-accounts/%n Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/NonExistentMailbox, index=, indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox, control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : /mail/mailboxes/domain.com/NonExistentMailbox doesn't exist yet, using default permissions Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace : Using permissions from /mail/mailboxes/domain.com/NonExistentMailbox: mode=0700 gid=default Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: fs: root=/mail/mailboxes/domain.com/NonExistentMailbox, index=, indexpvt=/mail/mailboxes/domain.com/user2/indexpvt-accounts/NonExistentMailbox, control=, inbox=, altJun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: initializing backend with data: vfile Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: acl username = user2 at domain.com Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl: owner = 0 Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: Global ACLs disabled Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: file /mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl not found Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: Namespace Accounts/NonExistentMailbox/: Using permissions from /mail/mailboxes/domain.com/NonExistentMailbox: mode=0700 gid=default Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Debug: acl vfile: file /mail/mailboxes/domain.com/NonExistentMailbox/mailboxes/INBOX/dbox-Mails/dovecot-acl not found Jun 24 14:27:51 efi-backup dovecot: imap(user2 at domain.com): Disconnected: Logged out in=56 out=481 doveconf -n ----------- # 2.2.13 (38cd37cea8b1): /etc/dovecot/dovecot.conf auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain hostname = mail.domain.com listen = * login_greeting = $hostname IMAP server mail_attachment_dir = /mail/mailboxes/%d/_attachments_ mail_attachment_fs = sis-queue /mail/mailboxes/%d/_attachments_/queue:posix mail_attachment_min_size = 16 k mail_debug = yes mail_location = mdbox:~ mail_plugins = " zlib acl" mdbox_rotate_interval = 5 days mdbox_rotate_size = 5 M namespace { inbox = yes location = prefix = separator = / type = private } namespace { list = children location = mdbox:/mail/mailboxes/%%d/%%n:INDEX=/mail/mailboxes/%%d/%%n:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%n prefix = Accounts/%%n/ separator = / subscriptions = no type = shared } passdb { args = /mail/config/dovecot/passwd driver = passwd-file } passdb { args = /mail/config/dovecot/passwd-master driver = passwd-file master = yes pass = yes } plugin { acl = vfile acl_defaults_from_inbox = yes acl_shared_dict = file:/mail/mailboxes/%d/shared-mailboxes.db zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster at domain.com protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } ssl = required ssl_cert = </mail/config/public-address-cert.pem ssl_key = </mail/config/public-address-key.pem syslog_facility = local6 userdb { args = uid=vmail gid=vmail master_user=%u home=/mail/mailboxes/%d/%n driver = static } protocol imap { mail_plugins = " zlib acl imap_acl" } remote 192.168.0.0/16/16 { ssl_cert = </mail/config/private-address-cert.pem ssl_key = </mail/config/private-address-key.pem }
Timo Sirainen
2014-Jul-03 18:02 UTC
Bug/feature: mail fs pollution on IMAP select namespace/{non-existent}
On 24.6.2014, at 16.04, Peter Benko <pbopbo at freemail.hu> wrote:> I have noticed a strange behavior with dovecot (tested with 2.2.13). I use shared folders to share mailboxes between users. I have a namespace called "Accounts" that hosts the shared folder for the users (prefix Accounts/%%n/). However, When I issue an IMAP select command on a random non-existent mailbox name under "Accounts", dovecot auto-creates it and pollutes my mail root directory:..> mail_location = mdbox:~..> namespace { > list = children > location = mdbox:/mail/mailboxes/%%d/%%n:INDEX=/mail/mailboxes/%%d/%%n:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%nlocation = mdbox:%%h:INDEXPVT=/mail/mailboxes/%d/%n/indexpvt-accounts/%%n This forces Dovecot to do a userdb lookup for the user to get the home dir, which should fail if the user doesn't exist.
Reasonably Related Threads
- dovecot 2.3.11.3 namespace/ACL shared folder not accessible in sharing-user's Mail folder tree? have a working config?
- ACLs, shared, public, virtual mailboxes not working
- ACLs, shared, public, virtual mailboxes not working
- Different behavior of ACLs in MUA and doveadm
- ACLs, shared, public, virtual mailboxes not working