thr3ads.net - dovecot - ACLs, shared, public, virtual mailboxes not working [Feb 2018]

If this information is useful, please help other people find it:
Share via:

David Mehler

2018-Feb-15 16:11 UTC

ACLs, shared, public, virtual mailboxes not working

Hello,

Thank you for your reply. Here's my acl files:


public/TestFolder dovecot-acl
anyone lr
user=user1 akxeilprwts
-user=user1
user=user2 lr

public/TestFolder1 dovecot-acl
user=user1 lr
user=user2 lr

public/dovecot-acl
user=user1 lr
user=user2 lr

and I have another dovecot-acl file in shared/office folder:

user=user1 at domain.com lrwstipekxa
user=user2 at domain.com lrwstipekxa

Thanks.
Dave.


On 2/15/18, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:> Hi!
>
> It seems you are running 2.2.33.2 =)
>
> Also,
>
> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
> /home/vmail/public/TestFolder/dovecot-acl
> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading file
> /home/vmail/public/dovecot-acl
>
> it seems there are some folder specific ACLs, can you check these?
>
> Aki
>
> On 15.02.2018 10:40, David Mehler wrote:
>> Hello,
>>
>> I'm running Dovecot 2.2.3, and am having issues with my public
>> folders, shared folders, and virtual/ALl folders apparently ACLs are
>> on that list as well.
>>
>> I was debugging an unrelated problem with my smtp server and got the
>> following dovecot debug log output. Below is also a doveconf -n output
>> as well as my shared-folder definition file and my global-acls file.
>>
>> What I'm trying to accomplish is:
>>
>> 1. Have a public folder that any user on the system can put messages
>> into and respond to.
>> 2. Have a shared folder in which user1 at example.com and
>> user1 at example2.com can exchange messages.
>> 3. For each user on the system give them a Virtual/All folder for *all
>> of their messages.
>>
>> I'd appreciate any help. As an aside if anyone sees an issue with
my
>> SSL ciphers list i'd appreciate knowing that as well, in brief
I'm
>> trying to get the most secure list, pfs, and not worrying about
>> backware compatibility. If it's not TLS 1.2 I don't touch it.
>>
>> Thanks.
>> Dave.
>> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib01_acl_plugin.so
>> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
>> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
>> Feb 12 08:48:40 imap(user at example.com): Debug: Effective uid=999,
>> gid=999, home=/home/vmail/example.com/user
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace inbox:
>> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/home/vmail/example.com/user/mail, index=, indexpvt=, control=,
>> inbox=/home/vmail/example.com/user/mail, alt>> Feb 12 08:48:40
imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes
>>
location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/home/vmail/public,
>> index=/home/vmail/example.com/user/mail/public,
>> indexpvt=/home/vmail/example.com/user/mail/public,
>> control=/home/vmail/example.com/user/mail/public, inbox=, alt>>
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
>> Feb 12 08:48:40 imap(user at example.com): Debug: shared:
>> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt>>
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no, list=yes,
>> subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
>> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
>> inbox=, alt>> Feb 12 08:48:40 imap(user at example.com): Debug:
acl: initializing
>> backend with data:
>> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl username
>> user at example.com
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: Global ACL
>> file: /usr/local/etc/dovecot/global-acls
>> Feb 12 08:48:40 imap(user at example.com): Debug: quota:
quota_over_flag
>> check: quota_over_script unset - skipping
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Spam/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Trash/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Sent/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Archives/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/logcheck/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/public/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl not
>> found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/virtual/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Junk/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/ham/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/fail2ban/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Sent/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/.Trash/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Maildir/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Maildir/public/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>>
/home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl
>> not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Deleted Items/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Archive/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /home/vmail/example.com/user/mail/Junk/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading
file
>> /home/vmail/public/TestFolder/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading
file
>> /home/vmail/public/TestFolder1/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading
file
>> /home/vmail/public/dovecot-acl
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: No lookup right
to
>> mailbox: public/TestFolder1
>> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace shared/:
>> Using permissions from : mode=0700 gid=default
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /usr/local/etc/dovecot/virtual/dovecot-acl not found
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
>> /usr/local/etc/dovecot/virtual/All/dovecot-acl not found
>>
>> doveconf -n
>> # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.21 (92477967)
>> # OS: FreeBSD 11.1-RELEASE-p4 amd64
>> auth_default_realm = example.com
>> auth_mechanisms = plain login
>> auth_realms = example.com example2.com
>> dict {
>>   acl = mysql:/usr/local/etc/dovecot/shared-folders.conf
>>   sqlquota = mysql:/usr/local/etc/dovecot/quota.conf
>> }
>> first_valid_gid = 999
>> first_valid_uid = 999
>> hostname = mail.example.com
>> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
>> tb-lsub-flags
>> last_valid_gid = 999
>> last_valid_uid = 999
>> lda_mailbox_autocreate = yes
>> lda_mailbox_autosubscribe = yes
>> listen = 127.0.0.1 xxx.xxx.xxx.xxx
>> lmtp_rcpt_check_quota = yes
>> mail_access_groups = vmail
>> mail_fsync = never
>> mail_gid = vmail
>> mail_home = /home/vmail/%d/%n
>> mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome
>> zlib
>> mail_server_admin = mailto:postmaster at example.com
>> mail_uid = vmail
>> mailbox_list_index = yes
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
>> namespace {
>>   hidden = no
>>   list = yes
>>   location >>
maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>>   mailbox TestFolder {
>>     auto = subscribe
>>     comment = Public Folder for message sharing
>>   }
>>   prefix = public/
>>   separator = /
>>   subscriptions = yes
>>   type = public
>> }
>> namespace {
>>   list = yes
>>   location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
>>   prefix = shared/%%u/
>>   separator = /
>>   subscriptions = yes
>>   type = shared
>> }
>> namespace {
>>   location = virtual:/usr/local/etc/dovecot/virtual
>>   mailbox All {
>>     auto = subscribe
>>     comment = All my messages
>>     special_use = \All
>>   }
>>   prefix = virtual/
>>   separator = /
>> }
>> namespace inbox {
>>   inbox = yes
>>   location >>   mailbox Archive {
>>     auto = no
>>     special_use = \Archive
>>   }
>>   mailbox Archives {
>>     auto = subscribe
>>     special_use = \Archive
>>   }
>>   mailbox "Deleted Messages" {
>>     auto = no
>>     autoexpunge = 30 days
>>     special_use = \Trash
>>   }
>>   mailbox Drafts {
>>     auto = subscribe
>>     special_use = \Drafts
>>   }
>>   mailbox Junk {
>>     auto = no
>>     autoexpunge = 30 days
>>     special_use = \Junk
>>   }
>>   mailbox "Junk E-mail" {
>>     auto = no
>>     autoexpunge = 30 days
>>     special_use = \Junk
>>   }
>>   mailbox Sent {
>>     auto = subscribe
>>     special_use = \Sent
>>   }
>>   mailbox "Sent Items" {
>>     auto = no
>>     special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>>     auto = no
>>     special_use = \Sent
>>   }
>>   mailbox Spam {
>>     auto = subscribe
>>     autoexpunge = 30 days
>>     special_use = \Junk
>>   }
>>   mailbox Trash {
>>     auto = subscribe
>>     autoexpunge = 30 days
>>     special_use = \Trash
>>   }
>>   prefix >>   separator = /
>>   type = private
>> }
>> passdb {
>>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>   driver = sql
>> }
>> plugin {
>>   acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>>   acl_anyone = allow
>>   acl_shared_dict = proxy::acl
>>   imapsieve_mailbox1_before >>
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
>>   imapsieve_mailbox1_causes = COPY
>>   imapsieve_mailbox1_name = Spam
>>   imapsieve_mailbox2_before >>
file:/usr/local/lib/dovecot/sieve/report-ham.sieve
>>   imapsieve_mailbox2_causes = COPY
>>   imapsieve_mailbox2_from = Spam
>>   imapsieve_mailbox2_name = *
>>   mail_log_events = delete undelete expunge copy mailbox_delete
>> mailbox_rename
>>   mail_log_fields = uid box msgid size
>>   quota = count:User quota
>>   quota_clone_dict = proxy::sqlquota
>>   quota_exceeded_message = Storage quota for this account has been
>> exceeded, please try again later.
>>   quota_grace = 10%%
>>   quota_status_nouser = DUNNO
>>   quota_status_overquota = 552 5.2.2 Mailbox is full
>>   quota_status_success = DUNNO
>>   quota_vsizes = true
>>   quota_warning = storage=100%% quota-exceeded 100 %u
>>   quota_warning2 = storage=95%% quota-warning 95 %u
>>   quota_warning3 = storage=90%% quota-warning 90 %u
>>   quota_warning4 = storage=85%% quota-warning 85 %u
>>   quota_warning5 = storage=75%% quota-warning 75 %u
>>   sieve = ~/.dovecot.sieve
>>   sieve_before = /home/vmail/sieve/before.d
>>   sieve_default = /home/vmail/sieve/default.sieve
>>   sieve_dir = ~/sieve
>>   sieve_extensions = +notify +imapflags
>>   sieve_global_dir = /home/vmail/sieve
>>   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
>>   sieve_max_redirects = 30
>>   sieve_max_script_size = 1M
>>   sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
>>   sieve_plugins = sieve_imapsieve sieve_extprograms
>>   sieve_user_log = /home/vmail/sieve/sieve_error.log
>>   trash = /usr/local/etc/dovecot/trash.conf
>>   welcome_script = welcome %u
>>   welcome_wait = yes
>> }
>> postmaster_address = postmaster at example.com
>> protocols = imap lmtp sieve
>> sendmail_path = /usr/local/sbin/sendmail
>> service auth-worker {
>>   user = $default_internal_user
>> }
>> service auth {
>>   unix_listener /var/spool/postfix/private/auth {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>>   unix_listener auth-userdb {
>>     group = vmail
>>     mode = 0666
>>     user = vmail
>>   }
>> }
>> service dict {
>>   unix_listener dict {
>>     group = vmail
>>     mode = 0660
>>     user = vmail
>>   }
>> }
>> service imap-login {
>>   inet_listener imap {
>>     address = 127.0.0.1
>>     port = 143
>>   }
>>   inet_listener imaps {
>>     address = xxx.xxx.xxx.xxx
>>     port = 993
>>     ssl = yes
>>   }
>> }
>> service imap {
>>   executable = imap
>> }
>> service lmtp {
>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>> }
>> service managesieve-login {
>>   inet_listener sieve {
>>     address = 127.0.0.1
>>     port = 4190
>>   }
>> }
>> service quota-status {
>>   client_limit = 1
>>   executable = quota-status -p postfix
>>   unix_listener /var/spool/postfix/private/dovecot-quota {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>> }
>> service quota-warning {
>>   executable = script /usr/local/etc/dovecot/quota-warning.sh
>>   unix_listener quota-warning {
>>     group = vmail
>>     mode = 0660
>>     user = vmail
>>   }
>>   user = vmail
>> }
>> service welcome {
>>   executable = script /usr/local/etc/dovecot/welcome.sh
>>   unix_listener welcome {
>>     user = vmail
>>   }
>>   user = vmail
>> }
>> ssl = required
>> ssl_cert = </usr/local/etc/ssl/acme/example.com/fullchain.pem
>> ssl_cipher_list >>
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
at STRENGTH
>> ssl_dh_parameters_length = 2048
>> ssl_key =  # hidden, use -P to show it
>> ssl_options = no_compression
>> ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>> userdb {
>>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>   driver = sql
>> }
>> protocol lmtp {
>>   mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib quota sieve
>> }
>> protocol lda {
>>   mail_fsync = optimized
>>   mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib sieve
>> }
>> protocol imap {
>>   mail_plugins = acl mail_log notify quota quota_clone trash virtual
>> welcome zlib imap_acl imap_quota imap_sieve imap_zlib last_login
>> }
>>
>> shared-folders.conf
>> connect = DatabaseConnectionParameters
>> # For shared mailboxes
>> map {
>>   pattern = shared/shared-boxes/user/$to/$from
>>   table = user_shares
>>   value_field = dummy
>>
>>   fields {
>>     from_user = $from
>>     to_user = $to
>>   }
>> }
>>
>> # To share mailbox to anyone uncomment acl_anyone=allow in
>> # 90-acl.conf
>> map {
>>   pattern = shared/shared-boxes/anyone/$from
>>   table = anyone_shares
>>   value_field = dummy
>>
>>   fields {
>>     from_user = $from
>>   }
>> }
>>
>> global-acls
>> public/TestFolder user=user lrwstipekxa
>
>

Aki Tuomi

2018-Feb-15 17:58 UTC

head link

ACLs, shared, public, virtual mailboxes not working

Since you have obfuscated your data it is hard to tell what's going on,
especially as in your previous log you have 'user=user' and now you have
user1 and user2.

You can try

doveadm rights -u victim folder

to see what sort of rights dovecot thinks it's seeing.

Aki
> On 15 February 2018 at 18:11 David Mehler <dave.mehler at gmail.com>
wrote:
> 
> 
> Hello,
> 
> Thank you for your reply. Here's my acl files:
> 
> 
> public/TestFolder dovecot-acl
> anyone lr
> user=user1 akxeilprwts
> -user=user1
> user=user2 lr
> 
> public/TestFolder1 dovecot-acl
> user=user1 lr
> user=user2 lr
> 
> public/dovecot-acl
> user=user1 lr
> user=user2 lr
> 
> and I have another dovecot-acl file in shared/office folder:
> 
> user=user1 at domain.com lrwstipekxa
> user=user2 at domain.com lrwstipekxa
> 
> Thanks.
> Dave.
> 
> 
> On 2/15/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> > Hi!
> >
> > It seems you are running 2.2.33.2 =)
> >
> > Also,
> >
> > Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
> > 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
> > Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading
file
> > /home/vmail/public/TestFolder/dovecot-acl
> > Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: reading
file
> > /home/vmail/public/dovecot-acl
> >
> > it seems there are some folder specific ACLs, can you check these?
> >
> > Aki
> >
> > On 15.02.2018 10:40, David Mehler wrote:
> >> Hello,
> >>
> >> I'm running Dovecot 2.2.3, and am having issues with my public
> >> folders, shared folders, and virtual/ALl folders apparently ACLs
are
> >> on that list as well.
> >>
> >> I was debugging an unrelated problem with my smtp server and got
the
> >> following dovecot debug log output. Below is also a doveconf -n
output
> >> as well as my shared-folder definition file and my global-acls
file.
> >>
> >> What I'm trying to accomplish is:
> >>
> >> 1. Have a public folder that any user on the system can put
messages
> >> into and respond to.
> >> 2. Have a shared folder in which user1 at example.com and
> >> user1 at example2.com can exchange messages.
> >> 3. For each user on the system give them a Virtual/All folder for
*all
> >> of their messages.
> >>
> >> I'd appreciate any help. As an aside if anyone sees an issue
with my
> >> SSL ciphers list i'd appreciate knowing that as well, in brief
I'm
> >> trying to get the most secure list, pfs, and not worrying about
> >> backware compatibility. If it's not TLS 1.2 I don't touch
it.
> >>
> >> Thanks.
> >> Dave.
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
> >> /usr/local/lib/dovecot/lib01_acl_plugin.so
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Module loaded:
> >> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Effective
uid=999,
> >> gid=999, home=/home/vmail/example.com/user
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace inbox:
> >> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
> >> subscriptions=yes location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
> >> root=/home/vmail/example.com/user/mail, index=, indexpvt=,
control=,
> >> inbox=/home/vmail/example.com/user/mail, alt> >> Feb 12
08:48:40 imap(user at example.com): Debug: acl: initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username > >> user at example.com
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
> >> type=public, prefix=public/, sep=/, inbox=no, hidden=no, list=yes,
> >> subscriptions=yes
> >>
location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
> >> root=/home/vmail/public,
> >> index=/home/vmail/example.com/user/mail/public,
> >> indexpvt=/home/vmail/example.com/user/mail/public,
> >> control=/home/vmail/example.com/user/mail/public, inbox=, alt>
>> Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username > >> user at example.com
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
> >> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no,
list=yes,
> >> subscriptions=yes
location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
> >> Feb 12 08:48:40 imap(user at example.com): Debug: shared:
> >> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=,
alt> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl:
initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username > >> user at example.com
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 0
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
> >> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no,
list=yes,
> >> subscriptions=yes location=virtual:/usr/local/etc/dovecot/virtual
> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
> >> root=/usr/local/etc/dovecot/virtual, index=, indexpvt=, control=,
> >> inbox=, alt> >> Feb 12 08:48:40 imap(user at
example.com): Debug: acl: initializing
> >> backend with data:
> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username > >> user at example.com
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner = 1
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
> >> file: /usr/local/etc/dovecot/global-acls
> >> Feb 12 08:48:40 imap(user at example.com): Debug: quota:
quota_over_flag
> >> check: quota_over_script unset - skipping
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Spam/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Trash/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Sent/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Archives/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/logcheck/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/public/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
> >> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl
not
> >> found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/virtual/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/.Junk/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/ham/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/fail2ban/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/.Sent/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/.Trash/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Maildir/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Maildir/public/dovecot-acl not
found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >>
/home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl
> >> not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Deleted Items/dovecot-acl not
found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Archive/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /home/vmail/example.com/user/mail/Junk/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
> >> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
> >> /home/vmail/public/TestFolder/dovecot-acl
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
> >> /home/vmail/public/TestFolder1/dovecot-acl
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
> >> /home/vmail/public/dovecot-acl
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: No lookup
right to
> >> mailbox: public/TestFolder1
> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace
shared/:
> >> Using permissions from : mode=0700 gid=default
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /usr/local/etc/dovecot/virtual/dovecot-acl not found
> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile: file
> >> /usr/local/etc/dovecot/virtual/All/dovecot-acl not found
> >>
> >> doveconf -n
> >> # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
> >> # Pigeonhole version 0.4.21 (92477967)
> >> # OS: FreeBSD 11.1-RELEASE-p4 amd64
> >> auth_default_realm = example.com
> >> auth_mechanisms = plain login
> >> auth_realms = example.com example2.com
> >> dict {
> >>   acl = mysql:/usr/local/etc/dovecot/shared-folders.conf
> >>   sqlquota = mysql:/usr/local/etc/dovecot/quota.conf
> >> }
> >> first_valid_gid = 999
> >> first_valid_uid = 999
> >> hostname = mail.example.com
> >> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> >> tb-lsub-flags
> >> last_valid_gid = 999
> >> last_valid_uid = 999
> >> lda_mailbox_autocreate = yes
> >> lda_mailbox_autosubscribe = yes
> >> listen = 127.0.0.1 xxx.xxx.xxx.xxx
> >> lmtp_rcpt_check_quota = yes
> >> mail_access_groups = vmail
> >> mail_fsync = never
> >> mail_gid = vmail
> >> mail_home = /home/vmail/%d/%n
> >> mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
> >> mail_plugins = acl mail_log notify quota quota_clone trash virtual
welcome
> >> zlib
> >> mail_server_admin = mailto:postmaster at example.com
> >> mail_uid = vmail
> >> mailbox_list_index = yes
> >> managesieve_notify_capability = mailto
> >> managesieve_sieve_capability = fileinto reject envelope
> >> encoded-character vacation subaddress comparator-i;ascii-numeric
> >> relational regex imap4flags copy include variables body enotify
> >> environment mailbox date index ihave duplicate mime foreverypart
> >> extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
> >> namespace {
> >>   hidden = no
> >>   list = yes
> >>   location > >>
maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
> >>   mailbox TestFolder {
> >>     auto = subscribe
> >>     comment = Public Folder for message sharing
> >>   }
> >>   prefix = public/
> >>   separator = /
> >>   subscriptions = yes
> >>   type = public
> >> }
> >> namespace {
> >>   list = yes
> >>   location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
> >>   prefix = shared/%%u/
> >>   separator = /
> >>   subscriptions = yes
> >>   type = shared
> >> }
> >> namespace {
> >>   location = virtual:/usr/local/etc/dovecot/virtual
> >>   mailbox All {
> >>     auto = subscribe
> >>     comment = All my messages
> >>     special_use = \All
> >>   }
> >>   prefix = virtual/
> >>   separator = /
> >> }
> >> namespace inbox {
> >>   inbox = yes
> >>   location > >>   mailbox Archive {
> >>     auto = no
> >>     special_use = \Archive
> >>   }
> >>   mailbox Archives {
> >>     auto = subscribe
> >>     special_use = \Archive
> >>   }
> >>   mailbox "Deleted Messages" {
> >>     auto = no
> >>     autoexpunge = 30 days
> >>     special_use = \Trash
> >>   }
> >>   mailbox Drafts {
> >>     auto = subscribe
> >>     special_use = \Drafts
> >>   }
> >>   mailbox Junk {
> >>     auto = no
> >>     autoexpunge = 30 days
> >>     special_use = \Junk
> >>   }
> >>   mailbox "Junk E-mail" {
> >>     auto = no
> >>     autoexpunge = 30 days
> >>     special_use = \Junk
> >>   }
> >>   mailbox Sent {
> >>     auto = subscribe
> >>     special_use = \Sent
> >>   }
> >>   mailbox "Sent Items" {
> >>     auto = no
> >>     special_use = \Sent
> >>   }
> >>   mailbox "Sent Messages" {
> >>     auto = no
> >>     special_use = \Sent
> >>   }
> >>   mailbox Spam {
> >>     auto = subscribe
> >>     autoexpunge = 30 days
> >>     special_use = \Junk
> >>   }
> >>   mailbox Trash {
> >>     auto = subscribe
> >>     autoexpunge = 30 days
> >>     special_use = \Trash
> >>   }
> >>   prefix > >>   separator = /
> >>   type = private
> >> }
> >> passdb {
> >>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
> >>   driver = sql
> >> }
> >> plugin {
> >>   acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
> >>   acl_anyone = allow
> >>   acl_shared_dict = proxy::acl
> >>   imapsieve_mailbox1_before > >>
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
> >>   imapsieve_mailbox1_causes = COPY
> >>   imapsieve_mailbox1_name = Spam
> >>   imapsieve_mailbox2_before > >>
file:/usr/local/lib/dovecot/sieve/report-ham.sieve
> >>   imapsieve_mailbox2_causes = COPY
> >>   imapsieve_mailbox2_from = Spam
> >>   imapsieve_mailbox2_name = *
> >>   mail_log_events = delete undelete expunge copy mailbox_delete
> >> mailbox_rename
> >>   mail_log_fields = uid box msgid size
> >>   quota = count:User quota
> >>   quota_clone_dict = proxy::sqlquota
> >>   quota_exceeded_message = Storage quota for this account has been
> >> exceeded, please try again later.
> >>   quota_grace = 10%%
> >>   quota_status_nouser = DUNNO
> >>   quota_status_overquota = 552 5.2.2 Mailbox is full
> >>   quota_status_success = DUNNO
> >>   quota_vsizes = true
> >>   quota_warning = storage=100%% quota-exceeded 100 %u
> >>   quota_warning2 = storage=95%% quota-warning 95 %u
> >>   quota_warning3 = storage=90%% quota-warning 90 %u
> >>   quota_warning4 = storage=85%% quota-warning 85 %u
> >>   quota_warning5 = storage=75%% quota-warning 75 %u
> >>   sieve = ~/.dovecot.sieve
> >>   sieve_before = /home/vmail/sieve/before.d
> >>   sieve_default = /home/vmail/sieve/default.sieve
> >>   sieve_dir = ~/sieve
> >>   sieve_extensions = +notify +imapflags
> >>   sieve_global_dir = /home/vmail/sieve
> >>   sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
> >>   sieve_max_redirects = 30
> >>   sieve_max_script_size = 1M
> >>   sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
> >>   sieve_plugins = sieve_imapsieve sieve_extprograms
> >>   sieve_user_log = /home/vmail/sieve/sieve_error.log
> >>   trash = /usr/local/etc/dovecot/trash.conf
> >>   welcome_script = welcome %u
> >>   welcome_wait = yes
> >> }
> >> postmaster_address = postmaster at example.com
> >> protocols = imap lmtp sieve
> >> sendmail_path = /usr/local/sbin/sendmail
> >> service auth-worker {
> >>   user = $default_internal_user
> >> }
> >> service auth {
> >>   unix_listener /var/spool/postfix/private/auth {
> >>     group = postfix
> >>     mode = 0660
> >>     user = postfix
> >>   }
> >>   unix_listener auth-userdb {
> >>     group = vmail
> >>     mode = 0666
> >>     user = vmail
> >>   }
> >> }
> >> service dict {
> >>   unix_listener dict {
> >>     group = vmail
> >>     mode = 0660
> >>     user = vmail
> >>   }
> >> }
> >> service imap-login {
> >>   inet_listener imap {
> >>     address = 127.0.0.1
> >>     port = 143
> >>   }
> >>   inet_listener imaps {
> >>     address = xxx.xxx.xxx.xxx
> >>     port = 993
> >>     ssl = yes
> >>   }
> >> }
> >> service imap {
> >>   executable = imap
> >> }
> >> service lmtp {
> >>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> >>     group = postfix
> >>     mode = 0660
> >>     user = postfix
> >>   }
> >> }
> >> service managesieve-login {
> >>   inet_listener sieve {
> >>     address = 127.0.0.1
> >>     port = 4190
> >>   }
> >> }
> >> service quota-status {
> >>   client_limit = 1
> >>   executable = quota-status -p postfix
> >>   unix_listener /var/spool/postfix/private/dovecot-quota {
> >>     group = postfix
> >>     mode = 0660
> >>     user = postfix
> >>   }
> >> }
> >> service quota-warning {
> >>   executable = script /usr/local/etc/dovecot/quota-warning.sh
> >>   unix_listener quota-warning {
> >>     group = vmail
> >>     mode = 0660
> >>     user = vmail
> >>   }
> >>   user = vmail
> >> }
> >> service welcome {
> >>   executable = script /usr/local/etc/dovecot/welcome.sh
> >>   unix_listener welcome {
> >>     user = vmail
> >>   }
> >>   user = vmail
> >> }
> >> ssl = required
> >> ssl_cert = </usr/local/etc/ssl/acme/example.com/fullchain.pem
> >> ssl_cipher_list > >>
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
at STRENGTH
> >> ssl_dh_parameters_length = 2048
> >> ssl_key =  # hidden, use -P to show it
> >> ssl_options = no_compression
> >> ssl_prefer_server_ciphers = yes
> >> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >> userdb {
> >>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
> >>   driver = sql
> >> }
> >> protocol lmtp {
> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
> >> welcome zlib quota sieve
> >> }
> >> protocol lda {
> >>   mail_fsync = optimized
> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
> >> welcome zlib sieve
> >> }
> >> protocol imap {
> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
> >> welcome zlib imap_acl imap_quota imap_sieve imap_zlib last_login
> >> }
> >>
> >> shared-folders.conf
> >> connect = DatabaseConnectionParameters
> >> # For shared mailboxes
> >> map {
> >>   pattern = shared/shared-boxes/user/$to/$from
> >>   table = user_shares
> >>   value_field = dummy
> >>
> >>   fields {
> >>     from_user = $from
> >>     to_user = $to
> >>   }
> >> }
> >>
> >> # To share mailbox to anyone uncomment acl_anyone=allow in
> >> # 90-acl.conf
> >> map {
> >>   pattern = shared/shared-boxes/anyone/$from
> >>   table = anyone_shares
> >>   value_field = dummy
> >>
> >>   fields {
> >>     from_user = $from
> >>   }
> >> }
> >>
> >> global-acls
> >> public/TestFolder user=user lrwstipekxa
> >
> >

David Mehler

2018-Feb-15 19:58 UTC

head link

ACLs, shared, public, virtual mailboxes not working

Hello,

The user1 is my original user, user2 is the second user that I want to
have access to the public and shared folder.

I am not seeing a subcommand rights for doveadm

Thanks.
DAve.


On 2/15/18, Aki Tuomi <aki.tuomi at dovecot.fi>
wrote:> Since you have obfuscated your data it is hard to tell what's going on,
> especially as in your previous log you have 'user=user' and now you
have
> user1 and user2.
>
> You can try
>
> doveadm rights -u victim folder
>
> to see what sort of rights dovecot thinks it's seeing.
>
> Aki
>
>> On 15 February 2018 at 18:11 David Mehler <dave.mehler at
gmail.com> wrote:
>>
>>
>> Hello,
>>
>> Thank you for your reply. Here's my acl files:
>>
>>
>> public/TestFolder dovecot-acl
>> anyone lr
>> user=user1 akxeilprwts
>> -user=user1
>> user=user2 lr
>>
>> public/TestFolder1 dovecot-acl
>> user=user1 lr
>> user=user2 lr
>>
>> public/dovecot-acl
>> user=user1 lr
>> user=user2 lr
>>
>> and I have another dovecot-acl file in shared/office folder:
>>
>> user=user1 at domain.com lrwstipekxa
>> user=user2 at domain.com lrwstipekxa
>>
>> Thanks.
>> Dave.
>>
>>
>> On 2/15/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> > Hi!
>> >
>> > It seems you are running 2.2.33.2 =)
>> >
>> > Also,
>> >
>> > Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> > 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
>> > Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
>> > /home/vmail/public/TestFolder/dovecot-acl
>> > Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
>> > /home/vmail/public/dovecot-acl
>> >
>> > it seems there are some folder specific ACLs, can you check these?
>> >
>> > Aki
>> >
>> > On 15.02.2018 10:40, David Mehler wrote:
>> >> Hello,
>> >>
>> >> I'm running Dovecot 2.2.3, and am having issues with my
public
>> >> folders, shared folders, and virtual/ALl folders apparently
ACLs are
>> >> on that list as well.
>> >>
>> >> I was debugging an unrelated problem with my smtp server and
got the
>> >> following dovecot debug log output. Below is also a doveconf
-n output
>> >> as well as my shared-folder definition file and my global-acls
file.
>> >>
>> >> What I'm trying to accomplish is:
>> >>
>> >> 1. Have a public folder that any user on the system can put
messages
>> >> into and respond to.
>> >> 2. Have a shared folder in which user1 at example.com and
>> >> user1 at example2.com can exchange messages.
>> >> 3. For each user on the system give them a Virtual/All folder
for *all
>> >> of their messages.
>> >>
>> >> I'd appreciate any help. As an aside if anyone sees an
issue with my
>> >> SSL ciphers list i'd appreciate knowing that as well, in
brief I'm
>> >> trying to get the most secure list, pfs, and not worrying
about
>> >> backware compatibility. If it's not TLS 1.2 I don't
touch it.
>> >>
>> >> Thanks.
>> >> Dave.
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Module
loaded:
>> >> /usr/local/lib/dovecot/lib01_acl_plugin.so
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Module
loaded:
>> >> /usr/local/lib/dovecot/lib02_imap_acl_plugin.so
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Effective
uid=999,
>> >> gid=999, home=/home/vmail/example.com/user
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace
inbox:
>> >> type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
>> >> subscriptions=yes
location=maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> >> root=/home/vmail/example.com/user/mail, index=, indexpvt=,
control=,
>> >> inbox=/home/vmail/example.com/user/mail, alt>> >>
Feb 12 08:48:40 imap(user at example.com): Debug: acl: initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username >> >> user at example.com
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner =
1
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
>> >> file: /usr/local/etc/dovecot/global-acls
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> >> type=public, prefix=public/, sep=/, inbox=no, hidden=no,
list=yes,
>> >> subscriptions=yes
>> >>
location=maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> >> root=/home/vmail/public,
>> >> index=/home/vmail/example.com/user/mail/public,
>> >> indexpvt=/home/vmail/example.com/user/mail/public,
>> >> control=/home/vmail/example.com/user/mail/public, inbox=,
alt>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl:
initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username >> >> user at example.com
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner =
0
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
>> >> file: /usr/local/etc/dovecot/global-acls
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> >> type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no,
list=yes,
>> >> subscriptions=yes
location=maildir:~/mail/:INDEX=~/mail/shared/%Ld/%Ln
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: shared:
>> >> root=/var/run/dovecot, index=, indexpvt=, control=, inbox=,
alt>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl:
initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username >> >> user at example.com
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner =
0
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
>> >> file: /usr/local/etc/dovecot/global-acls
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace :
>> >> type=private, prefix=virtual/, sep=/, inbox=no, hidden=no,
list=yes,
>> >> subscriptions=yes
location=virtual:/usr/local/etc/dovecot/virtual
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: fs:
>> >> root=/usr/local/etc/dovecot/virtual, index=, indexpvt=,
control=,
>> >> inbox=, alt>> >> Feb 12 08:48:40 imap(user at
example.com): Debug: acl: initializing
>> >> backend with data:
>> >> vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: acl
username >> >> user at example.com
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: owner =
1
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
Global ACL
>> >> file: /usr/local/etc/dovecot/global-acls
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: quota:
quota_over_flag
>> >> check: quota_over_script unset - skipping
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Drafts/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Spam/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Trash/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Sent/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Archives/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/logcheck/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/public/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> >> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >>
/home/vmail/example.com/user/mail/public/TestFolder/dovecot-acl not
>> >> found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/virtual/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/.Junk/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/ham/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/fail2ban/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/.Sent/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/.Trash/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Maildir/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Maildir/public/dovecot-acl
not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >>
/home/vmail/example.com/user/mail/Maildir/public/.TestFolder/dovecot-acl
>> >> not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Deleted Items/dovecot-acl
not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Archive/dovecot-acl not
found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /home/vmail/example.com/user/mail/Junk/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Mailbox
>> >> 'public/TestFolder' matches global ACL pattern
'public/TestFolder'
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
>> >> /home/vmail/public/TestFolder/dovecot-acl
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
>> >> /home/vmail/public/TestFolder1/dovecot-acl
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
reading file
>> >> /home/vmail/public/dovecot-acl
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl: No
lookup right to
>> >> mailbox: public/TestFolder1
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: Namespace
shared/:
>> >> Using permissions from : mode=0700 gid=default
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /usr/local/etc/dovecot/virtual/dovecot-acl not found
>> >> Feb 12 08:48:40 imap(user at example.com): Debug: acl vfile:
file
>> >> /usr/local/etc/dovecot/virtual/All/dovecot-acl not found
>> >>
>> >> doveconf -n
>> >> # 2.2.33.2 (d6601f4ec): /usr/local/etc/dovecot/dovecot.conf
>> >> # Pigeonhole version 0.4.21 (92477967)
>> >> # OS: FreeBSD 11.1-RELEASE-p4 amd64
>> >> auth_default_realm = example.com
>> >> auth_mechanisms = plain login
>> >> auth_realms = example.com example2.com
>> >> dict {
>> >>   acl = mysql:/usr/local/etc/dovecot/shared-folders.conf
>> >>   sqlquota = mysql:/usr/local/etc/dovecot/quota.conf
>> >> }
>> >> first_valid_gid = 999
>> >> first_valid_uid = 999
>> >> hostname = mail.example.com
>> >> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
>> >> tb-lsub-flags
>> >> last_valid_gid = 999
>> >> last_valid_uid = 999
>> >> lda_mailbox_autocreate = yes
>> >> lda_mailbox_autosubscribe = yes
>> >> listen = 127.0.0.1 xxx.xxx.xxx.xxx
>> >> lmtp_rcpt_check_quota = yes
>> >> mail_access_groups = vmail
>> >> mail_fsync = never
>> >> mail_gid = vmail
>> >> mail_home = /home/vmail/%d/%n
>> >> mail_location = maildir:~/mail/:LAYOUT=fs:INDEX=~/mail/
>> >> mail_plugins = acl mail_log notify quota quota_clone trash
virtual
>> >> welcome
>> >> zlib
>> >> mail_server_admin = mailto:postmaster at example.com
>> >> mail_uid = vmail
>> >> mailbox_list_index = yes
>> >> managesieve_notify_capability = mailto
>> >> managesieve_sieve_capability = fileinto reject envelope
>> >> encoded-character vacation subaddress
comparator-i;ascii-numeric
>> >> relational regex imap4flags copy include variables body
enotify
>> >> environment mailbox date index ihave duplicate mime
foreverypart
>> >> extracttext imapflags notify imapsieve vnd.dovecot.imapsieve
>> >> namespace {
>> >>   hidden = no
>> >>   list = yes
>> >>   location >> >>
maildir:/home/vmail/public/:LAYOUT=fs:CONTROL=~/mail/public:INDEXPVT=~/mail/public:INDEX=~/mail/public
>> >>   mailbox TestFolder {
>> >>     auto = subscribe
>> >>     comment = Public Folder for message sharing
>> >>   }
>> >>   prefix = public/
>> >>   separator = /
>> >>   subscriptions = yes
>> >>   type = public
>> >> }
>> >> namespace {
>> >>   list = yes
>> >>   location = maildir:~/mail/:INDEX=~/mail/shared/%%Ld/%%Ln
>> >>   prefix = shared/%%u/
>> >>   separator = /
>> >>   subscriptions = yes
>> >>   type = shared
>> >> }
>> >> namespace {
>> >>   location = virtual:/usr/local/etc/dovecot/virtual
>> >>   mailbox All {
>> >>     auto = subscribe
>> >>     comment = All my messages
>> >>     special_use = \All
>> >>   }
>> >>   prefix = virtual/
>> >>   separator = /
>> >> }
>> >> namespace inbox {
>> >>   inbox = yes
>> >>   location >> >>   mailbox Archive {
>> >>     auto = no
>> >>     special_use = \Archive
>> >>   }
>> >>   mailbox Archives {
>> >>     auto = subscribe
>> >>     special_use = \Archive
>> >>   }
>> >>   mailbox "Deleted Messages" {
>> >>     auto = no
>> >>     autoexpunge = 30 days
>> >>     special_use = \Trash
>> >>   }
>> >>   mailbox Drafts {
>> >>     auto = subscribe
>> >>     special_use = \Drafts
>> >>   }
>> >>   mailbox Junk {
>> >>     auto = no
>> >>     autoexpunge = 30 days
>> >>     special_use = \Junk
>> >>   }
>> >>   mailbox "Junk E-mail" {
>> >>     auto = no
>> >>     autoexpunge = 30 days
>> >>     special_use = \Junk
>> >>   }
>> >>   mailbox Sent {
>> >>     auto = subscribe
>> >>     special_use = \Sent
>> >>   }
>> >>   mailbox "Sent Items" {
>> >>     auto = no
>> >>     special_use = \Sent
>> >>   }
>> >>   mailbox "Sent Messages" {
>> >>     auto = no
>> >>     special_use = \Sent
>> >>   }
>> >>   mailbox Spam {
>> >>     auto = subscribe
>> >>     autoexpunge = 30 days
>> >>     special_use = \Junk
>> >>   }
>> >>   mailbox Trash {
>> >>     auto = subscribe
>> >>     autoexpunge = 30 days
>> >>     special_use = \Trash
>> >>   }
>> >>   prefix >> >>   separator = /
>> >>   type = private
>> >> }
>> >> passdb {
>> >>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>> >>   driver = sql
>> >> }
>> >> plugin {
>> >>   acl =
vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300
>> >>   acl_anyone = allow
>> >>   acl_shared_dict = proxy::acl
>> >>   imapsieve_mailbox1_before >> >>
file:/usr/local/lib/dovecot/sieve/report-spam.sieve
>> >>   imapsieve_mailbox1_causes = COPY
>> >>   imapsieve_mailbox1_name = Spam
>> >>   imapsieve_mailbox2_before >> >>
file:/usr/local/lib/dovecot/sieve/report-ham.sieve
>> >>   imapsieve_mailbox2_causes = COPY
>> >>   imapsieve_mailbox2_from = Spam
>> >>   imapsieve_mailbox2_name = *
>> >>   mail_log_events = delete undelete expunge copy
mailbox_delete
>> >> mailbox_rename
>> >>   mail_log_fields = uid box msgid size
>> >>   quota = count:User quota
>> >>   quota_clone_dict = proxy::sqlquota
>> >>   quota_exceeded_message = Storage quota for this account has
been
>> >> exceeded, please try again later.
>> >>   quota_grace = 10%%
>> >>   quota_status_nouser = DUNNO
>> >>   quota_status_overquota = 552 5.2.2 Mailbox is full
>> >>   quota_status_success = DUNNO
>> >>   quota_vsizes = true
>> >>   quota_warning = storage=100%% quota-exceeded 100 %u
>> >>   quota_warning2 = storage=95%% quota-warning 95 %u
>> >>   quota_warning3 = storage=90%% quota-warning 90 %u
>> >>   quota_warning4 = storage=85%% quota-warning 85 %u
>> >>   quota_warning5 = storage=75%% quota-warning 75 %u
>> >>   sieve = ~/.dovecot.sieve
>> >>   sieve_before = /home/vmail/sieve/before.d
>> >>   sieve_default = /home/vmail/sieve/default.sieve
>> >>   sieve_dir = ~/sieve
>> >>   sieve_extensions = +notify +imapflags
>> >>   sieve_global_dir = /home/vmail/sieve
>> >>   sieve_global_extensions = +vnd.dovecot.pipe
+vnd.dovecot.execute
>> >>   sieve_max_redirects = 30
>> >>   sieve_max_script_size = 1M
>> >>   sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
>> >>   sieve_plugins = sieve_imapsieve sieve_extprograms
>> >>   sieve_user_log = /home/vmail/sieve/sieve_error.log
>> >>   trash = /usr/local/etc/dovecot/trash.conf
>> >>   welcome_script = welcome %u
>> >>   welcome_wait = yes
>> >> }
>> >> postmaster_address = postmaster at example.com
>> >> protocols = imap lmtp sieve
>> >> sendmail_path = /usr/local/sbin/sendmail
>> >> service auth-worker {
>> >>   user = $default_internal_user
>> >> }
>> >> service auth {
>> >>   unix_listener /var/spool/postfix/private/auth {
>> >>     group = postfix
>> >>     mode = 0660
>> >>     user = postfix
>> >>   }
>> >>   unix_listener auth-userdb {
>> >>     group = vmail
>> >>     mode = 0666
>> >>     user = vmail
>> >>   }
>> >> }
>> >> service dict {
>> >>   unix_listener dict {
>> >>     group = vmail
>> >>     mode = 0660
>> >>     user = vmail
>> >>   }
>> >> }
>> >> service imap-login {
>> >>   inet_listener imap {
>> >>     address = 127.0.0.1
>> >>     port = 143
>> >>   }
>> >>   inet_listener imaps {
>> >>     address = xxx.xxx.xxx.xxx
>> >>     port = 993
>> >>     ssl = yes
>> >>   }
>> >> }
>> >> service imap {
>> >>   executable = imap
>> >> }
>> >> service lmtp {
>> >>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> >>     group = postfix
>> >>     mode = 0660
>> >>     user = postfix
>> >>   }
>> >> }
>> >> service managesieve-login {
>> >>   inet_listener sieve {
>> >>     address = 127.0.0.1
>> >>     port = 4190
>> >>   }
>> >> }
>> >> service quota-status {
>> >>   client_limit = 1
>> >>   executable = quota-status -p postfix
>> >>   unix_listener /var/spool/postfix/private/dovecot-quota {
>> >>     group = postfix
>> >>     mode = 0660
>> >>     user = postfix
>> >>   }
>> >> }
>> >> service quota-warning {
>> >>   executable = script /usr/local/etc/dovecot/quota-warning.sh
>> >>   unix_listener quota-warning {
>> >>     group = vmail
>> >>     mode = 0660
>> >>     user = vmail
>> >>   }
>> >>   user = vmail
>> >> }
>> >> service welcome {
>> >>   executable = script /usr/local/etc/dovecot/welcome.sh
>> >>   unix_listener welcome {
>> >>     user = vmail
>> >>   }
>> >>   user = vmail
>> >> }
>> >> ssl = required
>> >> ssl_cert =
</usr/local/etc/ssl/acme/example.com/fullchain.pem
>> >> ssl_cipher_list >> >>
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
at STRENGTH
>> >> ssl_dh_parameters_length = 2048
>> >> ssl_key =  # hidden, use -P to show it
>> >> ssl_options = no_compression
>> >> ssl_prefer_server_ciphers = yes
>> >> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>> >> userdb {
>> >>   args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>> >>   driver = sql
>> >> }
>> >> protocol lmtp {
>> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
>> >> welcome zlib quota sieve
>> >> }
>> >> protocol lda {
>> >>   mail_fsync = optimized
>> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
>> >> welcome zlib sieve
>> >> }
>> >> protocol imap {
>> >>   mail_plugins = acl mail_log notify quota quota_clone trash
virtual
>> >> welcome zlib imap_acl imap_quota imap_sieve imap_zlib
last_login
>> >> }
>> >>
>> >> shared-folders.conf
>> >> connect = DatabaseConnectionParameters
>> >> # For shared mailboxes
>> >> map {
>> >>   pattern = shared/shared-boxes/user/$to/$from
>> >>   table = user_shares
>> >>   value_field = dummy
>> >>
>> >>   fields {
>> >>     from_user = $from
>> >>     to_user = $to
>> >>   }
>> >> }
>> >>
>> >> # To share mailbox to anyone uncomment acl_anyone=allow in
>> >> # 90-acl.conf
>> >> map {
>> >>   pattern = shared/shared-boxes/anyone/$from
>> >>   table = anyone_shares
>> >>   value_field = dummy
>> >>
>> >>   fields {
>> >>     from_user = $from
>> >>   }
>> >> }
>> >>
>> >> global-acls
>> >> public/TestFolder user=user lrwstipekxa
>> >
>> >
>

Apparently Analagous Threads

Search for more seemingly similar threads

dovecot - Feb 2018 - ACLs, shared, public, virtual mailboxes not working

ACLs, shared, public, virtual mailboxes not working

ACLs, shared, public, virtual mailboxes not working

ACLs, shared, public, virtual mailboxes not working

Apparently Analagous Threads