1 Topic by Pafnucy

  • Pafnucy
  • Member
  • Offline
  • Registered: 2012-07-27
  • Posts: 3

Topic: Improving ACL's to iRedAdmin

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL): v0.1.6 (MySQL)
- Linux/BSD distribution name and version: Ubuntu 10.04
- Any related log? Log is helpful for troubleshooting. - no
====

I would like to improve ACL's into my mail system. I was trying to do dhis with wiki2.dovecot.org/ACL but the server is not respondeng when I "turn on" ACL's. Is there any solution on int?

Regards,
Pafnucy

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Improving ACL's to iRedAdmin

Reference: http://www.iredmail.org/wiki/index.php? … MAP.Folder

3 Reply by Pafnucy

  • Pafnucy
  • Member
  • Offline
  • Registered: 2012-07-27
  • Posts: 3

Re: Improving ACL's to iRedAdmin

I was trying with that reference, but when I apply that setting nobody can login into theirs accounts...: sad

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Improving ACL's to iRedAdmin

Apply what setting? Any related error log in Dovecot log file (/var/log/dovecot.log)?

5 Reply by Pafnucy (edited by Pafnucy 2012-07-29 00:14:23)

  • Pafnucy
  • Member
  • Offline
  • Registered: 2012-07-27
  • Posts: 3

Re: Improving ACL's to iRedAdmin

Yes... There is problem with namespace. Namespace configured but mailbox is missing... When I don't set any namespace is working quite OK on clients like Thunderbird. It means that deleted message isn't shown in thunderbird but in Roundcube is visible with symbol like "stopping forbidden" on the road wink And when I delete a message with roundcube it's deleted permanently.

My dovecot.conf is now like this:

#
# File generated by iRedMail (2011.12.07.13.10.54):
#
# Version:  0.7.4-rc3
# Project:  [url]http://www.iredmail.org/[/url]
#
# Community: [url]http://www.iredmail.org/forum/[/url]
#


# Listen addresses.
#   - '*' means all available IPv4 addresses.
#   - '[::]' means all available IPv6 addresses.
# Use below setting to listen on all available addresses:
#listen = *, [::]
listen = *
mail_plugins = " lazy_expunge"
#base_dir = /var/run/dovecot

# Enabled mail protocols.
protocols = imap sieve

# User/group who owns the message files:
mail_uid = 1001
mail_gid = 1001

# Assign uid to virtual users.
first_valid_uid = 1001
last_valid_uid = 1001

# Logging. Reference: [url]http://wiki2.dovecot.org/Logging[/url]
log_path = /var/log/dovecot.log
mail_debug = no
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
# Possible values: no, plain, sha1.
auth_verbose_passwords = no

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# [url]http://wiki2.dovecot.org/SSL/DovecotConfiguration[/url]
ssl = yes
verbose_ssl = no
#ssl_cert = </etc/ssl/certs/iRedMail_CA.pem
ssl_cert = </etc/ssl/supportit.waw.pl/supportit.waw.pl.crt
#ssl_key = </etc/ssl/private/iRedMail.key
ssl_key = </etc/ssl/supportit.waw.pl/supportit.waw.pl.key

ssl_ca = </etc/ssl/supportit.waw.pl/gs_intermediate_ca.crt
ssl_verify_client_cert = yes



disable_plaintext_auth = no

# Mail location and mailbox format.
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/

# Authentication related settings.
# Append this domain name if client gives empty realm.
auth_default_realm = 

# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN

service auth {
    unix_listener /var/spool/postfix/dovecot-auth {
        user = postfix
        group = postfix
        mode = 0666
    }
    unix_listener auth-master {
        user = vmail
        group = vmail
        mode = 0666
    }
}

# Virtual mail accounts.
userdb {
    args = /etc/dovecot/dovecot-mysql.conf
    driver = sql
}
passdb {
    args = /etc/dovecot/dovecot-mysql.conf
    driver = sql
}

# namespaces for lazy_expunge plugin:
#namespace private {
#    prefix = /
#    separator = /
#    location = maildir:/%Lh/Maildir/
#namespace private {
#    prefix = .EXPUNGED/
#    separator = /
#    location = maildir:/%Lh/Maildir/expunged
#}
#namespace private {
#    prefix = .DELETED/
#    separator = /
#    location = maildir:/%Lh/Maildir/deleted
#}    
#namespace private {
#    prefix = .DELETED/.EXPUNGED/
#    separator = /
#    location = maildir:/%Lh/Maildir/deleted/expunged
#}

#namespace {
#  hidden = yes
#  list = no
#  location = maildir:/%Lh/Maildir/expunged:INDEX=/%Lh/Maildir/expunged
#}

#plugin {
#    lazy_expunge = .EXPUNGED/ .DELETED/ # .DELETED/.EXPUNGED/
#}

plugin {
    auth_socket_path = /var/run/dovecot/auth-master

    quota = dict:user::proxy::quotadict
    quota_rule = *:storage=1G
    #quota_rule2 = *:messages=0
    #quota_rule3 = Trash:storage=1G
    #quota_rule4 = Junk:ignore

    # Quota warning.
    # If user suddenly receives a huge mail and the quota jumps from
    # 85% to 95%, only the 95% script is executed.
    quota_warning = storage=85%% quota-warning 85 %u
    quota_warning2 = storage=90%% quota-warning 90 %u
    quota_warning3 = storage=95%% quota-warning 95 %u

    # Plugin: autocreate. Create and subscribe to default IMAP folders.
    autocreate = INBOX
    autocreate2 = Sent
    autocreate3 = Trash
    autocreate4 = Drafts
    autocreate5 = Junk
    autosubscribe = INBOX
    autosubscribe2 = Sent
    autosubscribe3 = Trash
    autosubscribe4 = Drafts
    autosubscribe5 = Junk

    # Plugin: expire.
    expire = Trash 7 Trash/* 7 Junk 30
    expire_dict = proxy::expire

    # Pigeonhole managesieve service.
    # Reference: [url]http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration[/url]
    # Per-user sieve settings.
    sieve_dir = /%Lh/sieve
    sieve = /%Lh/sieve/dovecot.sieve

    # Global sieve settings.
    sieve_global_dir = /var/vmail/sieve
    sieve_global_path = /var/vmail/sieve/dovecot.sieve
    #sieve_before =
    #sieve_after =
}
#plugin {
  # Without global ACLs:
  #acl = vfile

  # With global ACLs in /etc/dovecot/acls/ directory:
 # acl = vfile:/etc/dovecot/acls/
#}
service quota-warning {
    executable = script /usr/local/bin/dovecot-quota-warning.sh
    unix_listener quota-warning {
        user = vmail
        group = vmail
        mode = 0660
    }
}

service dict {
    unix_listener dict {
        mode = 0660
        user = vmail
        group = vmail
    }
}

dict {
    expire = db:/var/lib/dovecot/expire/expire.db
    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}

protocol lda {
    # Reference: [url]http://wiki2.dovecot.org/LDA[/url]
    mail_plugins = quota sieve autocreate # acl
    auth_socket_path = /var/run/dovecot/auth-master
    log_path = /var/log/sieve.log
    lda_mailbox_autocreate = yes
    postmaster_address = root
}
protocol imap {
    imap_client_workarounds = tb-extra-mailbox-sep
    mail_plugins = quota imap_quota autocreate lazy_expunge # imap_acl
}
protocol pop3 {
    mail_plugins = quota
    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
    pop3_uidl_format = %08Xu%08Xv
}
ssl_listen = *

When I uncomment any namespace or a part of them (there are namespaces from a few forum threads wink ) My server stops working correctly.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Improving ACL's to iRedAdmin

iRedMail doesn't enable lazy_expunge plugin by default, so i suggest you post this issue to Dovecot mailing list instead.