Tobias Stein
2021-Jan-28 13:15 UTC
Shared mailboxes, users with dots and a bug in subscriptions
Hi,
i'm running Dovecot 2.3.14.alpha0 with shared namespaces
and stumbled across some errors messages logged,
when the list of subscribed mailboxes is queried by a client.
For every distinct account of in the list of subscriptions
two corresponding lines are logged:
Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file:
/etc/dovecot/private/example/users
Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file:
/etc/dovecot/private/example/users
Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file:
/etc/dovecot/private/example/users
Jan 28 11:42:36 mx1 dovecot: imap(example_user at
example.com)<3638><xl6li/O5VsVfWxyn>: Error:
mkdir(/var/run/dovecot/user-not-found/noc at example) failed: Permission denied
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by
0:0 mode=0755)
Jan 28 11:42:36 mx1 dovecot: imap(example_user at
example.com)<3638><xl6li/O5VsVfWxyn>: Error:
mkdir(/var/run/dovecot/user-not-found/info at example) failed: Permission denied
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by
0:0 mode=0755)
Jan 28 11:42:36 mx1 dovecot: imap(example_user at
example.com)<3638><xl6li/O5VsVfWxyn>: Error:
mkdir(/var/run/dovecot/user-not-found/root at example) failed: Permission denied
(euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by
0:0 mode=0755)
Similar messages are logged,
when invalid entries are listed in
'/var/lib/dovecot/db/shared-mailboxes',
which i already pruned and haven't received them anymore since.
I think these errors are caused by an unintended behaviour
when writing "~/Maildir/subscriptions",
which looks (shortened) like this.
V 2
INBOX/INBOX
shared/noc at example com/INBOX
shared/info at example com/INBOX
shared/root at example com/test
shared/root at example com/test test_sub
The subscription-file.c
explodes the name on every hierarchy separator ('.','\0') and
inserts a TAB character. Unfortunately it also explodes on
the DNS label delimiter ?.?. This should probably be fixed
by passing a structure containing the required information
to the formatter to distinguish mailboxes from domain-names.
Subscription in combination with multiple domains and
shared mailboxes seems broken to me. Actually i can't even explain to me,
why it is working in face of the errors. :-)
Unfortunately in Maildir++ the separator dot is hard-coded.
There is a very old thread on this mailing list,
that suggests using ?auth_username_translation?
to replace dots with a different character,
but this idea is getting worse the longer i think about it.
I absolutely dislike the idea to set LAYOUT=fs,
namespace/separator = ? to change the separators
to split on, because this would mean to restructure the
physical layout of all mailboxes (hierarchically) and
mess around with lots of files.
I attached a dovecot-sysreport to reproduce the behaviour.
/etc/dovecot/private/example.com/users looks like this:
### user:password:uid:gid:(gecos):home:(shell):extra_fields
noc:{SSHA512}_hash_::::::
info:{SSHA512}_hash_::::::
root:{SSHA512}_hash_::::::
Please correct me if i'm wrong or
point me to a workaround,
but i think the layout code needs some love. :-)
Best regards
Tobias
Aki Tuomi
2021-Jan-28 13:19 UTC
Shared mailboxes, users with dots and a bug in subscriptions
> On 28/01/2021 15:15 Tobias Stein <tobias_stein at rockstable.it> wrote: > > > Hi, > > i'm running Dovecot 2.3.14.alpha0 with shared namespaces > and stumbled across some errors messages logged, > when the list of subscribed mailboxes is queried by a client. > For every distinct account of in the list of subscriptions > two corresponding lines are logged: > > Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users > Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users > Jan 28 11:42:34 mx1 dovecot: auth: missing passwd file: /etc/dovecot/private/example/users > Jan 28 11:42:36 mx1 dovecot: imap(example_user at example.com)<3638><xl6li/O5VsVfWxyn>: Error: mkdir(/var/run/dovecot/user-not-found/noc at example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) > Jan 28 11:42:36 mx1 dovecot: imap(example_user at example.com)<3638><xl6li/O5VsVfWxyn>: Error: mkdir(/var/run/dovecot/user-not-found/info at example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) > Jan 28 11:42:36 mx1 dovecot: imap(example_user at example.com)<3638><xl6li/O5VsVfWxyn>: Error: mkdir(/var/run/dovecot/user-not-found/root at example) failed: Permission denied (euid=109(vmail) egid=118(vmail) missing +w perm: /var/run/dovecot, dir owned by 0:0 mode=0755) > > Similar messages are logged, > when invalid entries are listed in '/var/lib/dovecot/db/shared-mailboxes', > which i already pruned and haven't received them anymore since. > > I think these errors are caused by an unintended behaviour > when writing "~/Maildir/subscriptions", > which looks (shortened) like this. > > V 2 > > INBOX/INBOX > shared/noc at example com/INBOX > shared/info at example com/INBOX > shared/root at example com/test > shared/root at example com/test test_sub > > The subscription-file.c > explodes the name on every hierarchy separator ('.','\0') and > inserts a TAB character. Unfortunately it also explodes on > the DNS label delimiter ?.?. This should probably be fixed > by passing a structure containing the required information > to the formatter to distinguish mailboxes from domain-names. > > Subscription in combination with multiple domains and > shared mailboxes seems broken to me. Actually i can't even explain to me, > why it is working in face of the errors. :-) > > > Unfortunately in Maildir++ the separator dot is hard-coded. > > There is a very old thread on this mailing list, > that suggests using ?auth_username_translation? > to replace dots with a different character, > but this idea is getting worse the longer i think about it. > > I absolutely dislike the idea to set LAYOUT=fs, > namespace/separator = ? to change the separators > to split on, because this would mean to restructure the > physical layout of all mailboxes (hierarchically) and > mess around with lots of files. > > > I attached a dovecot-sysreport to reproduce the behaviour. > > /etc/dovecot/private/example.com/users looks like this: > ### user:password:uid:gid:(gecos):home:(shell):extra_fields > noc:{SSHA512}_hash_:::::: > info:{SSHA512}_hash_:::::: > root:{SSHA512}_hash_:::::: > > Please correct me if i'm wrong or > point me to a workaround, > but i think the layout code needs some love. :-) > > > Best regards > TobiasYou should probably add :LAYOUT=FS on your mail locations. This will change the folder naming into foo/bar/baz instead of .foo.bar.baz. Aki