David Mehler
2017-Apr-14 20:53 UTC
several misc questions, public folders and sharing, quota, ssl
Hi Aki, Thanks for your reply. Sorry, hit the reply to and not the reply to all option. So, even when a folder is a public folder I'm still needing to use the acl plugin? The public/TestFolder is showing up, the public/TestFolder1 is not. Thanks. Dave. On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:> Please keep responses on the list. Thank you. =) > > Without ACL plugin there is no way to restrict access, it's free for all. > > my site is a very tiny few user site, but ... > > auth_mechanisms = login plain > mail_attribute_dict = file:%h/Mail/dovecot-attributes > mail_location = sdbox:~/Mail > mail_plugins = stats quota fts fts_lucene > namespace inbox { > inbox = yes > list = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > special_use = \Trash > } > prefix > separator = . > subscriptions = yes > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > fts = lucene > fts_lucene = whitespace_chars=@. > imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve > imapsieve_mailbox1_causes = COPY > imapsieve_mailbox1_name = Spam > imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve > imapsieve_mailbox2_causes = COPY > imapsieve_mailbox2_from = Spam > imapsieve_mailbox2_name = * > quota = count:User quota > quota_vsizes = yes > recipient_delimiter = + > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_extensions = +notify +imapflags > sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve > sieve_plugins = sieve_imapsieve sieve_extprograms > stats_refresh = 30 > } > protocols = imap lmtp > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > user = $default_internal_user > } > service doveadm { > inet_listener http { > address = 127.0.0.1 > port = 38080 > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service lmtp { > inet_listener lmtp { > address = 127.0.0.1 > port = 8025 > } > } > service stats { > fifo_listener stats-mail { > mode = 0666 > } > } > ssl = required > ssl_cert = # > ssl_cipher_list > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA > ssl_dh_parameters_length = 4096 > ssl_key = # > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > submission_host = 127.0.0.1:25 > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol imap { > mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve > } > protocol lmtp { > mail_plugins = stats quota fts fts_lucene sieve > } > protocol lda { > mail_plugins = stats quota fts fts_lucene sieve > } > > Aki > >> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote: >> >> >> Hello Aki, >> >> Thank you for your reply. >> >> I've implemented your changes and thanks for the @STRENGTH reminder, I >> had forgotten about that one. >> >> I'll check out the acl plugin. Is it required when sharing a public >> folder or are public folders usable by all? I know it is for shared >> folders. >> >> The TestFolder1 is still not showing up in public not sure why >> everything looks good. >> >> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports >> along the way. >> >> I was wondering if I could take a look at your dovecot configuration >> files and a doveconf -n output? >> >> Thanks. >> Dave. >> >> >> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >> > >> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com> >> >> wrote: >> >> >> >> >> >> Hello, >> >> >> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to >> >> optimize how the system is running and have a few misc questions. >> >> >> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to >> >> ensure these cipherlist is appropriate: >> >> >> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH >> >> >> > >> > I would add @STRENGTH to the end, so it'll get sorted by strengthness. >> > >> >> Next, a new feature that I'm trying for is virtual folders that store >> >> All messages. My understanding of this is that it stores a version of >> >> every received message in one place? I've got the virtual plugin >> >> loaded and have: >> >> >> >> mailbox virtual/All { >> >> comment = All my messages >> >> special_use = \All >> >> } >> >> >> >> I've got a directory /home/vmail/example.com/username/virtual under >> >> which is an ALL folder both directories are accessible to the vmail >> >> user, yet there's no contents in this folder and it's showing up >> >> nowhere. >> >> >> > >> > Configuring virtual all folder: >> > >> > namespace { >> > prefix = virtual >> > location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual >> > comment = All my messages >> > special_use = \All >> > mailbox All { >> > auto = subscribe >> > } >> > } >> > >> > ==== /etc/dovecot/virtual/All/dovecot-virtual ===>> > * >> > all >> > ==== EOF ==>> > >> >> Next, quota warnings, are not being sent at all. I set up a testuser >> >> with a quota of 2 mb, then sent a message to that user getting the box >> >> to 95% full, and no message. Took the user overquota with the next >> >> message, still nothing, and a third message did trigger my custom >> >> quota exceeded message and the message was bounced. >> >> >> > >> > I would recommend you using >> > >> > mail_plugins = $mail_plugins quota quota_clone >> > >> > plugin { >> > quota = count:User quota >> > quota_clone_dict = proxy::sqlquota >> > quota_vsizes = true >> > } >> > >> > Also, >> > >> > "Note that the warning is ONLY executed at the exact time when the limit >> > is >> > being crossed, so when you're testing it you have to do it by crossing >> > the >> > limit by saving a new mail. If something else besides Dovecot updates >> > quota >> > so that the limit is crossed, the warning is never executed." >> > >> >> I'm wanting to implement public folders. My mailboxes are all >> >> virtual, and they are stored under /home/vmail/example.com/username >> >> and /home/vmail/example.org/username in the maildir format. I've got >> >> one user uid and gid of 999 name of vmail who owns all the mailboxes. >> >> I've separated out public folders storing them under >> >> /home/vmail/public. I've created one mailbox called TestFolder and >> >> new, cur, and tmp directories under it. This is what it looks like: >> > >> > <snip /> >> > >> >> The public/TestFolder is showing up fine and I can switch to it. The >> >> public/TestFolder1 is not showing up at all so I'm not seeing it and >> >> can't switch to it. Any ideas? >> >> >> > >> > Not sure why it's not showing up, *but*, you could add >> > :INDEXPVT=%h/public >> > to the folder, to keep per-user indexes separate. >> > >> >> My second question involves public folders and domain sharing. Are >> >> public folders accessible to all users and all domains? I've got two >> >> domains example.com and example.org i'd like to create a folder that >> >> some users in example.com can share with some users in example.org, >> >> not necessarily all users in those domains should be able to see the >> >> folders. >> >> >> > >> > Dovecot does not, as per such, care about your domains. It cares about >> > user >> > names. If you want to do this kind of thing, please consult ACL plugin. >> > https://wiki2.dovecot.org/ACL >> > >> >> Ideas welcome. >> >> >> >> Thanks. >> >> Dave. >> >> >> > >> > Some other comments, if you are using SSL, you can drop cram-md5 as >> > auth >> > mech, it's not storage-safe. >> > >> > you should use mail_location = maildir:~/maildir:LAYOUT=fs >> > >> > to avoid your other things in user's home being interprepted as mail >> > directories. >> > >> > why are you setting these? >> > maildir_broken_filename_sizes = yes >> > maildir_empty_new = yes >> > maildir_very_dirty_syncs = yes >> > >> > and in general I see lots of overconfiguring, dovecot defaults are >> > usually >> > right, and setting various things just for the fun of it, can cause >> > problems. >> > >> > Aki >> > >
Aki Tuomi
2017-Apr-14 21:11 UTC
several misc questions, public folders and sharing, quota, ssl
Can you try turning mail_debug=yes and posting logs? Also if possible, can you try telnetting to the server and issuing a LOGIN username password a SELECT public/TestFolder1 with debug turned on? ACL plugin is needed *iff* you want to *restrict* access. Aki> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com> wrote: > > > Hi Aki, > > Thanks for your reply. Sorry, hit the reply to and not the reply to all option. > > So, even when a folder is a public folder I'm still needing to use the > acl plugin? > > > The public/TestFolder is showing up, the public/TestFolder1 is not. > > Thanks. > Dave. > > > On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > Please keep responses on the list. Thank you. =) > > > > Without ACL plugin there is no way to restrict access, it's free for all. > > > > my site is a very tiny few user site, but ... > > > > auth_mechanisms = login plain > > mail_attribute_dict = file:%h/Mail/dovecot-attributes > > mail_location = sdbox:~/Mail > > mail_plugins = stats quota fts fts_lucene > > namespace inbox { > > inbox = yes > > list = yes > > location > > mailbox Drafts { > > special_use = \Drafts > > } > > mailbox Sent { > > special_use = \Sent > > } > > mailbox "Sent Messages" { > > special_use = \Sent > > } > > mailbox Spam { > > auto = subscribe > > special_use = \Junk > > } > > mailbox Trash { > > special_use = \Trash > > } > > prefix > > separator = . > > subscriptions = yes > > type = private > > } > > passdb { > > args = /etc/dovecot/dovecot-sql.conf.ext > > driver = sql > > } > > plugin { > > fts = lucene > > fts_lucene = whitespace_chars=@. > > imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve > > imapsieve_mailbox1_causes = COPY > > imapsieve_mailbox1_name = Spam > > imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve > > imapsieve_mailbox2_causes = COPY > > imapsieve_mailbox2_from = Spam > > imapsieve_mailbox2_name = * > > quota = count:User quota > > quota_vsizes = yes > > recipient_delimiter = + > > sieve = ~/.dovecot.sieve > > sieve_dir = ~/sieve > > sieve_extensions = +notify +imapflags > > sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute > > sieve_pipe_bin_dir = /usr/lib/dovecot/sieve > > sieve_plugins = sieve_imapsieve sieve_extprograms > > stats_refresh = 30 > > } > > protocols = imap lmtp > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > mode = 0666 > > } > > user = $default_internal_user > > } > > service doveadm { > > inet_listener http { > > address = 127.0.0.1 > > port = 38080 > > } > > } > > service imap-login { > > inet_listener imap { > > port = 143 > > } > > inet_listener imaps { > > port = 993 > > ssl = yes > > } > > } > > service lmtp { > > inet_listener lmtp { > > address = 127.0.0.1 > > port = 8025 > > } > > } > > service stats { > > fifo_listener stats-mail { > > mode = 0666 > > } > > } > > ssl = required > > ssl_cert = # > > ssl_cipher_list > > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA > > ssl_dh_parameters_length = 4096 > > ssl_key = # > > ssl_prefer_server_ciphers = yes > > ssl_protocols = !SSLv2 !SSLv3 > > submission_host = 127.0.0.1:25 > > userdb { > > args = /etc/dovecot/dovecot-sql.conf.ext > > driver = sql > > } > > protocol imap { > > mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve > > } > > protocol lmtp { > > mail_plugins = stats quota fts fts_lucene sieve > > } > > protocol lda { > > mail_plugins = stats quota fts fts_lucene sieve > > } > > > > Aki > > > >> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote: > >> > >> > >> Hello Aki, > >> > >> Thank you for your reply. > >> > >> I've implemented your changes and thanks for the @STRENGTH reminder, I > >> had forgotten about that one. > >> > >> I'll check out the acl plugin. Is it required when sharing a public > >> folder or are public folders usable by all? I know it is for shared > >> folders. > >> > >> The TestFolder1 is still not showing up in public not sure why > >> everything looks good. > >> > >> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports > >> along the way. > >> > >> I was wondering if I could take a look at your dovecot configuration > >> files and a doveconf -n output? > >> > >> Thanks. > >> Dave. > >> > >> > >> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> > > >> >> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com> > >> >> wrote: > >> >> > >> >> > >> >> Hello, > >> >> > >> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to > >> >> optimize how the system is running and have a few misc questions. > >> >> > >> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to > >> >> ensure these cipherlist is appropriate: > >> >> > >> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH > >> >> > >> > > >> > I would add @STRENGTH to the end, so it'll get sorted by strengthness. > >> > > >> >> Next, a new feature that I'm trying for is virtual folders that store > >> >> All messages. My understanding of this is that it stores a version of > >> >> every received message in one place? I've got the virtual plugin > >> >> loaded and have: > >> >> > >> >> mailbox virtual/All { > >> >> comment = All my messages > >> >> special_use = \All > >> >> } > >> >> > >> >> I've got a directory /home/vmail/example.com/username/virtual under > >> >> which is an ALL folder both directories are accessible to the vmail > >> >> user, yet there's no contents in this folder and it's showing up > >> >> nowhere. > >> >> > >> > > >> > Configuring virtual all folder: > >> > > >> > namespace { > >> > prefix = virtual > >> > location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual > >> > comment = All my messages > >> > special_use = \All > >> > mailbox All { > >> > auto = subscribe > >> > } > >> > } > >> > > >> > ==== /etc/dovecot/virtual/All/dovecot-virtual ===> >> > * > >> > all > >> > ==== EOF ==> >> > > >> >> Next, quota warnings, are not being sent at all. I set up a testuser > >> >> with a quota of 2 mb, then sent a message to that user getting the box > >> >> to 95% full, and no message. Took the user overquota with the next > >> >> message, still nothing, and a third message did trigger my custom > >> >> quota exceeded message and the message was bounced. > >> >> > >> > > >> > I would recommend you using > >> > > >> > mail_plugins = $mail_plugins quota quota_clone > >> > > >> > plugin { > >> > quota = count:User quota > >> > quota_clone_dict = proxy::sqlquota > >> > quota_vsizes = true > >> > } > >> > > >> > Also, > >> > > >> > "Note that the warning is ONLY executed at the exact time when the limit > >> > is > >> > being crossed, so when you're testing it you have to do it by crossing > >> > the > >> > limit by saving a new mail. If something else besides Dovecot updates > >> > quota > >> > so that the limit is crossed, the warning is never executed." > >> > > >> >> I'm wanting to implement public folders. My mailboxes are all > >> >> virtual, and they are stored under /home/vmail/example.com/username > >> >> and /home/vmail/example.org/username in the maildir format. I've got > >> >> one user uid and gid of 999 name of vmail who owns all the mailboxes. > >> >> I've separated out public folders storing them under > >> >> /home/vmail/public. I've created one mailbox called TestFolder and > >> >> new, cur, and tmp directories under it. This is what it looks like: > >> > > >> > <snip /> > >> > > >> >> The public/TestFolder is showing up fine and I can switch to it. The > >> >> public/TestFolder1 is not showing up at all so I'm not seeing it and > >> >> can't switch to it. Any ideas? > >> >> > >> > > >> > Not sure why it's not showing up, *but*, you could add > >> > :INDEXPVT=%h/public > >> > to the folder, to keep per-user indexes separate. > >> > > >> >> My second question involves public folders and domain sharing. Are > >> >> public folders accessible to all users and all domains? I've got two > >> >> domains example.com and example.org i'd like to create a folder that > >> >> some users in example.com can share with some users in example.org, > >> >> not necessarily all users in those domains should be able to see the > >> >> folders. > >> >> > >> > > >> > Dovecot does not, as per such, care about your domains. It cares about > >> > user > >> > names. If you want to do this kind of thing, please consult ACL plugin. > >> > https://wiki2.dovecot.org/ACL > >> > > >> >> Ideas welcome. > >> >> > >> >> Thanks. > >> >> Dave. > >> >> > >> > > >> > Some other comments, if you are using SSL, you can drop cram-md5 as > >> > auth > >> > mech, it's not storage-safe. > >> > > >> > you should use mail_location = maildir:~/maildir:LAYOUT=fs > >> > > >> > to avoid your other things in user's home being interprepted as mail > >> > directories. > >> > > >> > why are you setting these? > >> > maildir_broken_filename_sizes = yes > >> > maildir_empty_new = yes > >> > maildir_very_dirty_syncs = yes > >> > > >> > and in general I see lots of overconfiguring, dovecot defaults are > >> > usually > >> > right, and setting various things just for the fun of it, can cause > >> > problems. > >> > > >> > Aki > >> > > >
Robert Moskowitz
2017-Apr-16 03:06 UTC
several misc questions, public folders and sharing, quota, ssl
On 04/14/2017 05:11 PM, Aki Tuomi wrote:> Can you try turning mail_debug=yes and posting logs? > > Also if possible, can you try telnetting to the server and issuingIf you only allow secure connections, you may need instead of telnet: openssl s_client -connect your_host_tld:993 or openssl s_client -connect your_host_tld:143 -starttls imap> > a LOGIN username password > a SELECT public/TestFolder1 > > with debug turned on? > > ACL plugin is needed *iff* you want to *restrict* access. > > > Aki > >> On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com> wrote: >> >> >> Hi Aki, >> >> Thanks for your reply. Sorry, hit the reply to and not the reply to all option. >> >> So, even when a folder is a public folder I'm still needing to use the >> acl plugin? >> >> >> The public/TestFolder is showing up, the public/TestFolder1 is not. >> >> Thanks. >> Dave. >> >> >> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >>> Please keep responses on the list. Thank you. =) >>> >>> Without ACL plugin there is no way to restrict access, it's free for all. >>> >>> my site is a very tiny few user site, but ... >>> >>> auth_mechanisms = login plain >>> mail_attribute_dict = file:%h/Mail/dovecot-attributes >>> mail_location = sdbox:~/Mail >>> mail_plugins = stats quota fts fts_lucene >>> namespace inbox { >>> inbox = yes >>> list = yes >>> location >>> mailbox Drafts { >>> special_use = \Drafts >>> } >>> mailbox Sent { >>> special_use = \Sent >>> } >>> mailbox "Sent Messages" { >>> special_use = \Sent >>> } >>> mailbox Spam { >>> auto = subscribe >>> special_use = \Junk >>> } >>> mailbox Trash { >>> special_use = \Trash >>> } >>> prefix >>> separator = . >>> subscriptions = yes >>> type = private >>> } >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> } >>> plugin { >>> fts = lucene >>> fts_lucene = whitespace_chars=@. >>> imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve >>> imapsieve_mailbox1_causes = COPY >>> imapsieve_mailbox1_name = Spam >>> imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve >>> imapsieve_mailbox2_causes = COPY >>> imapsieve_mailbox2_from = Spam >>> imapsieve_mailbox2_name = * >>> quota = count:User quota >>> quota_vsizes = yes >>> recipient_delimiter = + >>> sieve = ~/.dovecot.sieve >>> sieve_dir = ~/sieve >>> sieve_extensions = +notify +imapflags >>> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute >>> sieve_pipe_bin_dir = /usr/lib/dovecot/sieve >>> sieve_plugins = sieve_imapsieve sieve_extprograms >>> stats_refresh = 30 >>> } >>> protocols = imap lmtp >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> mode = 0666 >>> } >>> user = $default_internal_user >>> } >>> service doveadm { >>> inet_listener http { >>> address = 127.0.0.1 >>> port = 38080 >>> } >>> } >>> service imap-login { >>> inet_listener imap { >>> port = 143 >>> } >>> inet_listener imaps { >>> port = 993 >>> ssl = yes >>> } >>> } >>> service lmtp { >>> inet_listener lmtp { >>> address = 127.0.0.1 >>> port = 8025 >>> } >>> } >>> service stats { >>> fifo_listener stats-mail { >>> mode = 0666 >>> } >>> } >>> ssl = required >>> ssl_cert = # >>> ssl_cipher_list >>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA >>> ssl_dh_parameters_length = 4096 >>> ssl_key = # >>> ssl_prefer_server_ciphers = yes >>> ssl_protocols = !SSLv2 !SSLv3 >>> submission_host = 127.0.0.1:25 >>> userdb { >>> args = /etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> } >>> protocol imap { >>> mail_plugins = stats quota fts fts_lucene imap_stats imap_sieve >>> } >>> protocol lmtp { >>> mail_plugins = stats quota fts fts_lucene sieve >>> } >>> protocol lda { >>> mail_plugins = stats quota fts fts_lucene sieve >>> } >>> >>> Aki >>> >>>> On April 14, 2017 at 7:21 PM David Mehler <dave.mehler at gmail.com> wrote: >>>> >>>> >>>> Hello Aki, >>>> >>>> Thank you for your reply. >>>> >>>> I've implemented your changes and thanks for the @STRENGTH reminder, I >>>> had forgotten about that one. >>>> >>>> I'll check out the acl plugin. Is it required when sharing a public >>>> folder or are public folders usable by all? I know it is for shared >>>> folders. >>>> >>>> The TestFolder1 is still not showing up in public not sure why >>>> everything looks good. >>>> >>>> My configuration was migrated from 2.0 to 2.1 then 2.2, various ports >>>> along the way. >>>> >>>> I was wondering if I could take a look at your dovecot configuration >>>> files and a doveconf -n output? >>>> >>>> Thanks. >>>> Dave. >>>> >>>> >>>> On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >>>>>> On April 14, 2017 at 3:04 AM David Mehler <dave.mehler at gmail.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to >>>>>> optimize how the system is running and have a few misc questions. >>>>>> >>>>>> First ssl, is my cipher list good? I'm trying for pfs and wanting to >>>>>> ensure these cipherlist is appropriate: >>>>>> >>>>>> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH >>>>>> >>>>> I would add @STRENGTH to the end, so it'll get sorted by strengthness. >>>>> >>>>>> Next, a new feature that I'm trying for is virtual folders that store >>>>>> All messages. My understanding of this is that it stores a version of >>>>>> every received message in one place? I've got the virtual plugin >>>>>> loaded and have: >>>>>> >>>>>> mailbox virtual/All { >>>>>> comment = All my messages >>>>>> special_use = \All >>>>>> } >>>>>> >>>>>> I've got a directory /home/vmail/example.com/username/virtual under >>>>>> which is an ALL folder both directories are accessible to the vmail >>>>>> user, yet there's no contents in this folder and it's showing up >>>>>> nowhere. >>>>>> >>>>> Configuring virtual all folder: >>>>> >>>>> namespace { >>>>> prefix = virtual >>>>> location = virtual:/etc/dovecot/virtual:INDEX=%h/virtual >>>>> comment = All my messages >>>>> special_use = \All >>>>> mailbox All { >>>>> auto = subscribe >>>>> } >>>>> } >>>>> >>>>> ==== /etc/dovecot/virtual/All/dovecot-virtual ===>>>>> * >>>>> all >>>>> ==== EOF ==>>>>> >>>>>> Next, quota warnings, are not being sent at all. I set up a testuser >>>>>> with a quota of 2 mb, then sent a message to that user getting the box >>>>>> to 95% full, and no message. Took the user overquota with the next >>>>>> message, still nothing, and a third message did trigger my custom >>>>>> quota exceeded message and the message was bounced. >>>>>> >>>>> I would recommend you using >>>>> >>>>> mail_plugins = $mail_plugins quota quota_clone >>>>> >>>>> plugin { >>>>> quota = count:User quota >>>>> quota_clone_dict = proxy::sqlquota >>>>> quota_vsizes = true >>>>> } >>>>> >>>>> Also, >>>>> >>>>> "Note that the warning is ONLY executed at the exact time when the limit >>>>> is >>>>> being crossed, so when you're testing it you have to do it by crossing >>>>> the >>>>> limit by saving a new mail. If something else besides Dovecot updates >>>>> quota >>>>> so that the limit is crossed, the warning is never executed." >>>>> >>>>>> I'm wanting to implement public folders. My mailboxes are all >>>>>> virtual, and they are stored under /home/vmail/example.com/username >>>>>> and /home/vmail/example.org/username in the maildir format. I've got >>>>>> one user uid and gid of 999 name of vmail who owns all the mailboxes. >>>>>> I've separated out public folders storing them under >>>>>> /home/vmail/public. I've created one mailbox called TestFolder and >>>>>> new, cur, and tmp directories under it. This is what it looks like: >>>>> <snip /> >>>>> >>>>>> The public/TestFolder is showing up fine and I can switch to it. The >>>>>> public/TestFolder1 is not showing up at all so I'm not seeing it and >>>>>> can't switch to it. Any ideas? >>>>>> >>>>> Not sure why it's not showing up, *but*, you could add >>>>> :INDEXPVT=%h/public >>>>> to the folder, to keep per-user indexes separate. >>>>> >>>>>> My second question involves public folders and domain sharing. Are >>>>>> public folders accessible to all users and all domains? I've got two >>>>>> domains example.com and example.org i'd like to create a folder that >>>>>> some users in example.com can share with some users in example.org, >>>>>> not necessarily all users in those domains should be able to see the >>>>>> folders. >>>>>> >>>>> Dovecot does not, as per such, care about your domains. It cares about >>>>> user >>>>> names. If you want to do this kind of thing, please consult ACL plugin. >>>>> https://wiki2.dovecot.org/ACL >>>>> >>>>>> Ideas welcome. >>>>>> >>>>>> Thanks. >>>>>> Dave. >>>>>> >>>>> Some other comments, if you are using SSL, you can drop cram-md5 as >>>>> auth >>>>> mech, it's not storage-safe. >>>>> >>>>> you should use mail_location = maildir:~/maildir:LAYOUT=fs >>>>> >>>>> to avoid your other things in user's home being interprepted as mail >>>>> directories. >>>>> >>>>> why are you setting these? >>>>> maildir_broken_filename_sizes = yes >>>>> maildir_empty_new = yes >>>>> maildir_very_dirty_syncs = yes >>>>> >>>>> and in general I see lots of overconfiguring, dovecot defaults are >>>>> usually >>>>> right, and setting various things just for the fun of it, can cause >>>>> problems. >>>>> >>>>> Aki >>>>>
Maybe Matching Threads
- several misc questions, public folders and sharing, quota, ssl
- several misc questions, public folders and sharing, quota, ssl
- several misc questions, public folders and sharing, quota, ssl
- ACLs, shared, public, virtual mailboxes not working
- Doveadm sync: Can't create mailbox mail_public/public: Permission denied if synchronize all the available namespaces