dovecot - Feb 2016 - shared folders not working with . separator

Hi,

I've been trying this for weeks and never managed to get my mail client
to see shared folders.
Apparently imap_acl works fine as I can see these entries in the
dovecot-acl-list files and the correct entries persist in the client.
This is my first dovecot setup so I hope I've configured it right.
Everything else works beautifully, thanks.

# dovecot -n
# 2.2.21 (5345f22): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.11 (6ddf62b87f60+)
# OS: Linux 4.3.5-300.fc23.x86_64 x86_64 Fedora release 23 (Twenty Three)
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
imap_client_workarounds = tb-extra-mailbox-sep
listen = *
log_path = /var/log/dovecot.log
mail_access_groups = mail, vmail
mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:~/mail
mail_plugins = virtual, acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
mbox_write_locks = fcntl
namespace {
  location = virtual:/var/mail/vhosts/%d/%n/virtual
  prefix = virtual.
  separator = .
}
namespace {
  list = children
  location
maildir:/var/mail/vhosts/%%d/%%n/mail:INDEX=/var/mail/vhosts/%d/%n/shared/%%u:CONTROL=/var/mail/vhosts/%d/%n/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location   mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  mailbox virtual/All {
    comment = All my messages
    special_use = \All
  }
  mailbox virtual/Flagged {
    comment = All my flagged messages
    special_use = \Flagged
  }
  prefix }
passdb {
  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
  driver = passwd-file
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/mail/vhosts/shared-mailboxes.db
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_global_dir = /var/mail/vhosts/sieve-global
}
protocols = imap lmtp sieve
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 0
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 0
  }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.cert.pem
ssl_cipher_list = PROFILE=SYSTEM
ssl_key = </etc/pki/dovecot/private/dovecot.key.pem
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}
protocol lmtp {
  mail_plugins = virtual, acl , sieve
}
protocol lda {
  mail_plugins = virtual, acl , sieve
}
protocol imap {
  mail_plugins = virtual, acl , imap_acl
}

Hugh Bragg wrote:
> I've been trying this for weeks and never managed to get my mail client
> to see shared folders.
> Apparently imap_acl works fine as I can see these entries in the
> dovecot-acl-list files and the correct entries persist in the client.
> This is my first dovecot setup so I hope I've configured it right.
> Everything else works beautifully, thanks.
Are they shown with telnet? e.g.

http://www.anta.net/misc/telnet-troubleshooting/imap.shtml

On 18/02/2016 5:22 AM, Chris wrote:
> Hugh Bragg wrote:
>> I've been trying this for weeks and never managed to get my mail
client
>> to see shared folders.
>> Apparently imap_acl works fine as I can see these entries in the
>> dovecot-acl-list files and the correct entries persist in the client.
>> This is my first dovecot setup so I hope I've configured it right.
>> Everything else works beautifully, thanks.
> Are they shown with telnet? e.g.
>
> http://www.anta.net/misc/telnet-troubleshooting/imap.shtml
Absolutely nothing for shared only the usual. Very frustrating.

On 2016-02-17 18:23, Hugh Bragg wrote:
> Hi,
> 
> I've been trying this for weeks and never managed to get my mail client
> to see shared folders.
> Apparently imap_acl works fine as I can see these entries in the
> dovecot-acl-list files and the correct entries persist in the client.
> This is my first dovecot setup so I hope I've configured it right.
> Everything else works beautifully, thanks.
What client do you use?

Are there folders shared from user1 to user2?

what does dovecadm acl get -u <user> -m shared.<user>.mailbox show?

doveadm debug -u user2 -m shared.<user1>.mailbox

Whats in your logs? Enable debug log and look for errors.
> # dovecot -n
> # 2.2.21 (5345f22): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.11 (6ddf62b87f60+)
> # OS: Linux 4.3.5-300.fc23.x86_64 x86_64 Fedora release 23 (Twenty 
> Three)
> auth_mechanisms = plain login
> auth_socket_path = /var/run/dovecot/auth-userdb
> imap_client_workarounds = tb-extra-mailbox-sep
> listen = *
> log_path = /var/log/dovecot.log
> mail_access_groups = mail, vmail
> mail_home = /var/mail/vmail/%d/%n
> mail_location = maildir:~/mail
> mail_plugins = virtual, acl
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> mbox_write_locks = fcntl
> namespace {
>   location = virtual:/var/mail/vhosts/%d/%n/virtual
>   prefix = virtual.
>   separator = .
> }
> namespace {
>   list = children
>   location >
maildir:/var/mail/vhosts/%%d/%%n/mail:INDEX=/var/mail/vhosts/%d/%n/shared/%%u:CONTROL=/var/mail/vhosts/%d/%n/shared/%%u
>   prefix = shared.%%u.
>   separator = .
>   subscriptions = yes
>   type = shared
> }
According to http://wiki2.dovecot.org/SharedMailboxes/Shared the "list = 
Children" hides the namespace from the imap list command, if there is no 
folder shared to the user. Try to set list = yes that should show the 
shared namespace in the imap list.

Also scroll down to shared mailbox listing, you should setup a dict so 
that dovecot knows which folders are shared.
> namespace inbox {
>   inbox = yes
>   location >   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   mailbox virtual/All {
>     comment = All my messages
>     special_use = \All
>   }
>   mailbox virtual/Flagged {
>     comment = All my flagged messages
>     special_use = \Flagged
>   }
I have my virtual mailboxes configuration in the virtual namespace { } 
section, not in the general inbox namespace.
>   prefix > }
> passdb {
>   args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
>   driver = passwd-file
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = file:/var/mail/vhosts/shared-mailboxes.db
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
>   sieve_global_dir = /var/mail/vhosts/sieve-global
> }
> protocols = imap lmtp sieve
> service auth-worker {
>   user = vmail
> }
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0660
>     user = vmail
>   }
> }
> service imap-login {
>   inet_listener imap {
>     port = 143
>   }
>   inet_listener imaps {
>     port = 0
>     ssl = yes
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
> }
> service pop3-login {
>   inet_listener pop3 {
>     port = 0
>   }
>   inet_listener pop3s {
>     port = 0
>   }
> }
> ssl = required
> ssl_cert = </etc/pki/dovecot/certs/dovecot.cert.pem
> ssl_cipher_list = PROFILE=SYSTEM
> ssl_key = </etc/pki/dovecot/private/dovecot.key.pem
> userdb {
>   args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
>   driver = static
> }
> protocol lmtp {
>   mail_plugins = virtual, acl , sieve
> }
> protocol lda {
>   mail_plugins = virtual, acl , sieve
> }
> protocol imap {
>   mail_plugins = virtual, acl , imap_acl
> }
-- 
  Christian Kivalo

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 18 Feb 2016, Hugh Bragg wrote:
> namespace {
>  location = virtual:/var/mail/vhosts/%d/%n/virtual
>  prefix = virtual.
>  separator = .
> }
> namespace {
>  list = children
>  location >
maildir:/var/mail/vhosts/%%d/%%n/mail:INDEX=/var/mail/vhosts/%d/%n/shared/%%u:CONTROL=/var/mail/vhosts/%d/%n/shared/%%u
>  prefix = shared.%%u.
>  separator = .
>  subscriptions = yes
>  type = shared
> }
you have two namespaces with the same name, put some string before the 
{'s.
> namespace inbox {
like here.

==
Then check out the advices of Christian & Chris (telnet) as well

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVsV62Xz1H7kL/d9rAQKirwf+IvDtS2sbdJczMdzo3j95SWj/qAk6G+Rg
X0vBCYK4z1KKabSLU+eDqS/FfW+pSRqaUlKa/XYdwzGCR1B3s0zFUd1K2Brtagd4
knDSVTCTQz3L4bcxEriZ6N9zvFKWFR5FQzUV5sq7ObhY24cNyUk4kFSU8LGZVjVz
pxZ1V+TyjhI76EjxoxTDdTEVHYuGkSFRgomyGYDcQ8scVW22mL5H8RaXvS+TNJac
tp04E8ibCn4zzm0ui7RRhFuzfOJ8z2rMFe+7RTTMstkzEAp9CegRgtcA545n3gga
X2hR/rFGeNGtAElD6UM3cd2VsuWskbnbK8EF3gZwx4YAHmVGFRguAw==D7Vs
-----END PGP SIGNATURE-----

Thanks, this helped.
I added namespace virtual and removed the virtual references from inbox
namespace and added list = yes so now I can see shared folder in the client.
There's still nothing in there though.

I followed Christian's advice, debug shows this very strange behaviour.
doveadm acl debug -u user1 at domain1.com.au shared.user2 at domain2.com.au
doveadm(user1 at domain1.com.au): Error: Mailbox 'com.au' in namespace
'shared.user2 at domain2.' doesn't exist in
/var/mail/vhosts/domain2/user2/mail/.com.au
There are no errors in the log.

This looks like a bug. I was seeing this before I got the shared folder
working when I saw dovecot had created these extra folders and added
dovecot-acl-list file there.
I suppose if I'd used the / separator, this would work fine, but there
was nothing about this on the wiki so I didn't expect this.

Hugh

On 18/02/2016 6:03 PM, Steffen Kaiser wrote:
> On Thu, 18 Feb 2016, Hugh Bragg wrote:
>
> > namespace {
> >  location = virtual:/var/mail/vhosts/%d/%n/virtual
> >  prefix = virtual.
> >  separator = .
> > }
> > namespace {
> >  list = children
> >  location > >
>
maildir:/var/mail/vhosts/%%d/%%n/mail:INDEX=/var/mail/vhosts/%d/%n/shared/%%u:CONTROL=/var/mail/vhosts/%d/%n/shared/%%u
> >  prefix = shared.%%u.
> >  separator = .
> >  subscriptions = yes
> >  type = shared
> > }
>
> you have two namespaces with the same name, put some string before the
> {'s.
>
> > namespace inbox {
>
> like here.
>
> ==>
> Then check out the advices of Christian & Chris (telnet) as well
>
> -- Steffen Kaiser