I am migrating from courier. Migration worked well so far, I can access my maildirs with roundcube, with quota and sieve filters fully functionnal. Now I need to enable maildir sharing and can't figure out how to properly configure dovecot since my setup is a little different.
First the setup
Virtual users. Maildirs are in /var/vmail/domain.tld/username/. There is no Maildir subdirectory, the Maildir is directly layed out in the home directory. So we have : home = maildir. In the configuration it is translated as :
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
driver = static
}
mail_location = Maildir:~/
The Maildir for a.chaouche looks like this :
root@messagerie[10.10.10.20] /var/vmail/domain.tld/a.chaouche # lsa
total 1.9M
drwx------ 26 vmail vmail 4.0K May 8 11:33 .
drwxr-xr-x 5 vmail vmail 4.0K Apr 7 14:31 ..
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .Coupures Streaming
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .Coupures Streaming.JILFM_ZIK_WR
drwxr-xr-x 2 vmail vmail 4.0K Jun 15 2015 courierimaphieracl
drwx------ 2 vmail vmail 4.0K Mar 24 16:05 courierimapkeywords
-rw-r--r-- 1 vmail vmail 342 Apr 25 17:43 courierimapsubscribed
-rw-r--r-- 1 vmail vmail 460K Apr 25 17:47 courierimapuiddb
drwx------ 2 vmail vmail 728K Apr 27 18:24 cur
-rw------- 1 vmail vmail 0 May 8 11:33 dovecot-acl-list
-rw------- 1 vmail vmail 73K Apr 27 14:57 dovecot.index
-rw------- 1 vmail vmail 32K May 8 10:52 dovecot.index.cache
-rw------- 1 vmail vmail 8.5K May 4 10:21 dovecot.index.log
-rw------- 1 vmail vmail 31 Apr 27 15:12 dovecot-keywords
-rw------- 1 vmail vmail 96 Apr 27 10:06 dovecot.mailbox.log
lrwxrwxrwx 1 vmail vmail 21 Apr 27 16:19 .dovecot.sieve -> sieve/roundcube.sieve
-rw------- 1 vmail vmail 197 Apr 27 18:23 .dovecot.svbin
-rw------- 1 vmail vmail 466K Apr 27 18:24 dovecot-uidlist
drwx------ 6 vmail vmail 4.0K Apr 27 10:10 .Drafts
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .Flux audio
-rw-rw---- 1 vmail vmail 136 Mar 27 14:32 ispconfig_mailsize
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .Je dois repondre
drwx------ 6 vmail vmail 4.0K Apr 27 15:17 .Junk
-rw------- 1 vmail vmail 27 May 5 14:16 maildirsize
drwx------ 2 vmail vmail 4.0K Apr 27 18:24 new
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.Imrpimantes
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.Kaspersky
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.Netia
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.R&AOk-seau
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.Streaming
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.SYSTEM
drwx------ 6 vmail vmail 4.0K Apr 27 10:09 .notifs.Webradios
drwx------ 6 vmail vmail 4.0K Apr 27 18:24 .PRTG
drwx------ 6 vmail vmail 4.0K Apr 27 15:17 .Sent
drwx------ 3 vmail vmail 4.0K Apr 27 18:22 sieve
-rw------- 1 vmail vmail 234 Apr 27 10:08 subscriptions
drwx------ 6 vmail vmail 4.0K Apr 27 18:24 .TEST
-rw-r--r-- 1 vmail vmail 0 Apr 5 15:29 testfile
drwx------ 2 vmail vmail 4.0K May 4 10:21 tmp
drwx------ 6 vmail vmail 4.0K Apr 27 18:24 .Trash
root@messagerie[10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche #
You can tell I am migrating from courier because courier's files are still there, in addition to dovecot's.
.notifs is a folder containing many subfolders like .notifs.Webradios, .notifs.Kaspersky etc.
Next the folder I wish to access
so [email protected] wants to access a folder that belongs a.chaouche@backup.domain.tld to another virtual user, that is in another (virtual) domain (still on the same computer though)
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # lsa
total 4.7M
drwx------ 15 root root 4.0K May 8 11:12 .
drwxr-xr-x 3 root root 4.0K May 5 16:16 ..
drwx------ 6 root root 4.0K May 5 16:16 .Archive
drwx------ 6 root root 4.0K May 5 16:16 .Archive.Coupures Streaming
drwx------ 6 root root 4.0K May 5 16:16 .Archive.Flux audio
drwx------ 6 root root 4.0K May 5 16:16 .Archive.notifs
drwx------ 6 root root 4.0K May 5 16:16 .Archive.PRTG
-rw-r--r-- 1 root root 80 May 5 16:16 courierimapacl
drwx------ 2 root root 4.0K May 5 16:16 courierimapkeywords
-rw-r--r-- 1 root root 1015K May 5 16:16 courierimapuiddb
drwx------ 2 root root 1.6M May 5 16:17 cur
-rw-r--r-- 1 root root 37 May 8 11:12 dovecot-acl
-rw-r--r-- 1 root root 36 May 8 11:12 dovecot-acl~
drwx------ 5 root root 4.0K May 5 16:16 .Drafts
-rw-r----- 1 root root 254 May 5 16:16 ispconfig_mailsize
drwx------ 5 root root 4.0K May 5 16:16 .Junk
-rw-r----- 1 root root 1.9K May 5 16:16 maildirsize
drwx------ 2 root root 2.1M May 5 16:17 new
drwx------ 6 root root 4.0K May 5 16:16 .Sent
drwx------ 2 root root 4.0K May 5 16:17 tmp
drwx------ 5 root root 4.0K May 5 16:16 .Trash
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche #
You can see I have put a dovecot-acl file in there, here's its content :
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # cat dovecot-acl
[email protected] lr
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche #
Now the configuration
Here I have enabled the acl plugin for lmtp and imap
mail_plugins = " quota acl"
protocol lmtp {
mail_plugins = " quota acl sieve quota"
}
protocol lda {
mail_plugins = " quota acl sieve"
}
protocol imap {
mail_plugins = " quota acl imap_quota imap_acl"
}
Here's how my users database is configured
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
driver = static
}
Here I specify that acl should be enforeced with vfile (dovecot-acl file)
plugin {
acl = vfile
[...]
}
Here I tried to a shared namespace called partage, I'm not sure what I did here was correct :
namespace partage {
location = maildir:%%h:INDEX=~/%%u
prefix = shared.%%u.
separator = .
type = shared
}
is the location allright ? is the INDEX allright (I don't know what that's for)
Finally, here's how mail_location is configured.
mail_location = Maildir:~/
Full configuration file
can be seen in this paste
Errors
No errors in the logs, except I don't have the desired behaviour.
The desired behaviour is :
The behaviour I get instead is :
Here's what I did :
If I didn't change the dots they would appear as subfolder separators to dovecot (Maildir++ specs ? )
If you do this then [email protected] can do whatever he wants with [email protected] mailbox. We don't want this. We want him to only read the mail, not delete it. For this, he needs two permissions : reading of course and listing, because he needs to list the emails in order to choose which one he wants to read. If he doesn't have the listing permission then the MUA would get an error when it tries to list all the messages in the inbox.
We do this by adding a dovecot-acl file in the mailbox we want to share :
This says that user [email protected] has the "l" right (listing) and the "r" right (reading).
You can make sure that it's setup as expected with the acl tool :
You can read more on my wiki page