dovecot - public, shared folder

 

 

 

 


dovecot v2.x

 

Public Mailboxes

Public mailboxes are created by defining a public namespace and creating the wanted mailboxes under it.

Setting

mail_plugins = ... acl

protocol imap {
    mail_plugins = ... imap_acl
}

plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
}

dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}

namespace {
    type = shared
    separator = /
    prefix = Shared/%%u/
    location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln

    # this namespace should handle its own subscriptions or not.
    subscriptions = yes
    list = children
}


SQL

connect = host=127.0.0.1 port=3306 dbname=vmail user=vmailadmin password=xxxxxxxxxxxxxx
map {
    pattern = shared/shared-boxes/user/$to/$from
    table = share_folder
    value_field = dummy

    fields {
        from_user = $from
        to_user = $to
    }
}

# To share mailbox to anyone, please uncomment 'acl_anyone = allow' in
# dovecot.conf
map {
    pattern = shared/shared-boxes/anyone/$from
    table = anyone_shares
    value_field = dummy
    fields {
        from_user = $from
    }
}

 

list=children: specifies that if no one has shared mailboxes to the user, the "shared" directory isn't listed by the LIST command.
(visible always, you can set list=yes)

 

%%h:  the user's home directory is asked from auth process via auth-userdb socket

 


Dirty Shared Folder

 

ln -s /home/user2/Maildir/.Work /home/user1/Maildir/.shared.user2

ln -s /home/user3/Maildir/.Work /home/user1/Maildir/.shared.user3

With Maildir++ layout it's not possible to automatically share "mailbox and its children".

You'll need to symlink each mailbox separately.

 

 


Set ACL By telnet

 

  • MYRIGHTS <mailbox>: Returns the user's current rights to the mailbox.

  • GETACL <mailbox>: Returns the mailbox's all ACLs.

  • SETACL <mailbox> <id> [+|-]<rights>: Give <id> the specified rights to the mailbox.

  • DELETEACL <mailbox> [-]<id>: Delete <id>'s ACL from the mailbox.

i.e.

# Share folder `Sent` with user testing@domain.ltd,
# with permissions: read (r), lookup (l) and insert (i).

telnet localhost 143

. login from@domain.ltd passwd
. OK [... ACL ..] Logged in
. SETACL Sent testing@domain.ltd rli

After you shared folder with SETACL command, dovecot will insert a record in MySQL database.

 


Set ACL By Roundcube Plugin

 

* Roundcubemail has official plugin acl to manage mailbox sharing.

Setting

// Set to an empty array to exclude all special aci subjects.
//$config['acl_specials'] = array('anyone', 'anonymous');

 

 


ACL backend

 

The ACL code was written to allow multiple ACL backends,
but currently Dovecot supports only virtual ACL files.

Note that using ACLs doesn't grant mail processes any extra filesystem permissions that they already don't have.
You must make sure that the processes have enough permissions to be able to access the mailboxes.

-------------

ACL vfile backend ()

vfile backend supports per-mailbox ACLs and global ACLs.
Per-mailbox ACLs are stored in dovecot-acl named file, which exists in:
maildir: The Maildir's mail directory (eg. ~/Maildir, ~/Maildir/.folder/)

<identifier> <ACLs>

--------------

List cache(dovecot-acl-list)

Location: Maildir/dovecot-acl-list

Format: Size FolderName

dovecot-acl-list file lists all mailboxes that have "l" rights assigned. If you manually add/edit dovecot-acl files, you may need to delete the dovecot-acl-list to get the mailboxes visible.

 


TroubleShoot

 

mail_debug=yes

doveadm acl debug -u user@domain shared/user/box