1

Topic: ACL (Access Control List) in SOGo

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: CentOS Linux release 7.2.1511 (Core)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? : Yes
- Related log if you're reporting an issue:
====

Hi,

Can we use any sort of ACL while logo? I can see IMAP_ACL plugin is enabled on dovecot.conf as:

protocol imap {
    mail_plugins = $mail_plugins imap_quota imap_acl
    imap_client_workarounds = tb-extra-mailbox-sep

    # Maximum number of IMAP connections allowed for a user from each IP address.
    # NOTE: The username is compared case-sensitively.
    # Default is 10.
    # Increase it to avoid issue like below:
    # "Maximum number of concurrent IMAP connections exceeded"
    mail_max_userip_connections = 30
}

I would like to achieve following things on SOGo.

Users cannot delete any Emails from any folders. They only can read / write/ send emails.
Users cannot export / download Emails.
Users cannot share folders with other users.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: ACL (Access Control List) in SOGo

You can try it with this tutorial, it's very clear:
http://wiki2.dovecot.org/ACL

but i cannot find which permission maps to "export/download emails", "share folder with others". You may need to ask in Dovecot mailing list.

3

Re: ACL (Access Control List) in SOGo

Thanks Zhang for your guidance.

As far as I followed. It turned out that mainly configuration is already there.

I just placed "dovecot-acl" file in user's maildir folder and put

owner lwr

permissions in file. This is perfectly working in roundcube. It is not allowing deletion of any emails.

However the same thing is not working in SOGo.

Moreover If I remove following comment from /etc/dovecot/conf.d/90-acl.conf, can I define access rights for each users so that I do not have to modify dovecot-acl files in everyone's maildir folder?

acl = vfile:/etc/dovecot/global-acls:cache_secs=300

4

Re: ACL (Access Control List) in SOGo

ketan.aagja wrote:

However the same thing is not working in SOGo.

Please turn on debug mode in Dovecot to get some detailed log for troubleshooting.
FYI: http://www.iredmail.org/docs/debug.dovecot.html

ketan.aagja wrote:

Moreover If I remove following comment from /etc/dovecot/conf.d/90-acl.conf, can I define access rights for each users so that I do not have to modify dovecot-acl files in everyone's maildir folder?
acl = vfile:/etc/dovecot/global-acls:cache_secs=300

*) iRedMail doesn't configure Dovecot to use files under /etc/dovecot/conf.d/.
*) You're free to give it a try (maybe with a testing virtual machine)

5 (edited by ketan.aagja 2016-10-08 18:40:39)

Re: ACL (Access Control List) in SOGo

Attached is dovecot log after debug mode.

Post's attachments

dovecot.log 280.04 kb, 1 downloads since 2016-10-08 

You don't have the permssions to download the attachments of this post.

6

Re: ACL (Access Control List) in SOGo

Please extract related log and paste here.

7

Re: ACL (Access Control List) in SOGo

Hi Zhang,

I can only see following logs in dovecot.log:

-----------------------------------------------
Oct 08 11:25:31 imap-login: Info: Login: user=<ketan.aagja@mydomain.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22455, secured, session=<d9lN8lc+IAB/AAAB>
Oct 08 11:25:31 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_mailbox_alias_plugin.so
Oct 08 11:25:31 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_replication_plugin.so
Oct 08 11:25:31 imap: Debug: Added userdb setting: mail=maildir:~/Maildir/
Oct 08 11:25:31 imap: Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 08 11:25:31 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Sent/dovecot-acl not found
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Drafts/dovecot-acl not found
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Trash/dovecot-acl not found
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Junk/dovecot-acl not found
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Info: Disconnected: Logged out in=151 out=1200
Oct 08 11:25:32 imap-login: Info: Login: user=<ketan.aagja@mydomain.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22459, secured, session=<h/pX8lc+KgB/AAAB>
Oct 08 11:25:32 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_mailbox_alias_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_replication_plugin.so
Oct 08 11:25:32 imap: Debug: Added userdb setting: mail=maildir:~/Maildir/
Oct 08 11:25:32 imap: Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:32 imap-login: Info: Login: user=<ketan.aagja@mydomain.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22460, secured, session=<MGNY8lc+LgB/AAAB>
Oct 08 11:25:32 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_mailbox_alias_plugin.so
Oct 08 11:25:32 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_replication_plugin.so
Oct 08 11:25:32 imap: Debug: Added userdb setting: mail=maildir:~/Maildir/
Oct 08 11:25:32 imap: Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Info: Disconnected: Logged out in=145 out=1343
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl
Oct 08 11:25:32 imap(ketan.aagja@mydomain.co.uk): Info: Disconnected: Logged out in=316 out=2093
Oct 08 11:25:36 imap-login: Info: Login: user=<ketan.aagja@mydomain.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=22476, secured, session=<ezGN8lc+YgB/AAAB>
Oct 08 11:25:36 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_mailbox_alias_plugin.so
Oct 08 11:25:36 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_replication_plugin.so
Oct 08 11:25:36 imap: Debug: Added userdb setting: mail=maildir:~/Maildir/
Oct 08 11:25:36 imap: Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: (none)
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Sent/dovecot-acl not found
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Drafts/dovecot-acl not found
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Trash/dovecot-acl not found
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Junk/dovecot-acl not found
Oct 08 11:25:36 imap(ketan.aagja@mydomain.co.uk): Info: Disconnected: Logged out in=151 out=1200
-----------------------------------------------

Hope this helps.

8

Re: ACL (Access Control List) in SOGo

Is the log related to login/operation in SOGo? Does it read your global ACL file?

9

Re: ACL (Access Control List) in SOGo

Yes Zhang,

Dovecot logs shows it is reading global dovecot-acl file however it is still searching for dovecot-acl in Maildir and sub folders.

Oct 10 11:24:22 imap-login: Info: Login: user=<ketan.aagja@mydomain.co.uk>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=15954, secured, session=<c6zYKYA+AAB/AAAB>
Oct 10 11:24:22 imap: Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/INBOX not found
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl not found
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Trash not found
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Trash/dovecot-acl not found
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Info: Disconnected: Logged out in=196 out=1443
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: auth input: ketan.aagja@mydomain.co.uk master_user=ketan.aagja@mydomain.co.uk home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/ mail=maildir:~/Maildir/ quota_rule=*:bytes=0
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Added userdb setting: mail=maildir:~/Maildir/
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Added userdb setting: plugin/master_user=ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Added userdb setting: plugin/quota_rule=*:bytes=0
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10/
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota rule: root=user mailbox=* bytes=0 messages=0
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (100%) messages=0 reverse=no command=quota-warning 100 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (95%) messages=0 reverse=no command=quota-warning 95 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (90%) messages=0 reverse=no command=quota-warning 90 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota warning: bytes=0 (85%) messages=0 reverse=no command=quota-warning 85 ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Quota grace: root=user bytes=0 (10%)
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: dict quota: user=ketan.aagja@mydomain.co.uk, uri=proxy::quotadict, noenforcing=0
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir/
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: maildir++: root=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir, alt=
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 1
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/Shared/%u
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: initializing backend with data: vfile:/etc/dovecot/dovecot-acl
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/ not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/INBOX not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Sent not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Sent/dovecot-acl not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Drafts not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Drafts/dovecot-acl not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Trash not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Trash/dovecot-acl not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Junk not found
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Junk/dovecot-acl
Oct 10 11:24:22 doveadm(ketan.aagja@mydomain.co.uk): Debug: Namespace : Using permissions from /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir: mode=0700 gid=default
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: doveadm-sieve: Iterating Sieve mailbox attributes
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: sieve: Pigeonhole version 0.4.2 initializing
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: sieve-storage: using active sieve script path: /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//sieve/dovecot.sieve
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: sieve-storage: using sieve script storage directory: /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//sieve
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: sieve-storage: using permissions from /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//sieve: mode=0700 gid=-1
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: sieve-storage: relative path to sieve storage in active link:
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/INBOX not found
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/dovecot-acl not found
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Trash not found
Oct 10 11:24:22 dsync-local(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.07.18.27.10//Maildir/.Trash/dovecot-acl not found

10

Re: ACL (Access Control List) in SOGo

ketan.aagja wrote:

Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/INBOX not found
...
Oct 10 11:24:22 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /etc/dovecot/dovecot-acl/Trash not found

Check text in red color. Do you have those directory and ACL files?

11 (edited by ketan.aagja 2016-10-10 21:17:31)

Re: ACL (Access Control List) in SOGo

Yes Zhang, I noticed it. Earlier I thought dovecot-acl would be a file as it states in VFILE: in dovecot.conf.

I created directory dovecot-acl and created INBOX and Trash files in same folder, gave following rights:

user=ketan.aagja@mydomain.co.uk lr

Yes it started working and not allowing email deletion, however it is still trying to find dovecot-acl file in Mail Dir:

Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl: acl username = ketan.aagja@mydomain.co.uk
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl: owner = 0
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: Global ACL directory: /etc/dovecot/dovecot-acl
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /etc/dovecot/dovecot-acl/INBOX
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.10.12.42.40//Maildir/dovecot-acl not found
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /etc/dovecot/dovecot-acl/INBOX
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.10.12.42.40//Maildir/dovecot-acl not found
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /etc/dovecot/dovecot-acl/Junk
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.10.12.42.40//Maildir/.Junk/dovecot-acl not found
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: reading file /etc/dovecot/dovecot-acl/Trash
Oct 10 13:23:04 imap(ketan.aagja@mydomain.co.uk): Debug: acl vfile: file /var/vmail/vmail1/mydomain.co.uk/k/e/t/ketan.aagja-2016.10.10.12.42.40//Maildir/.Trash/dovecot-acl not found

I am seeing dovecot-acl-list file in Maildir, is there any usage of it in ACL case?

I played with some access rules (after referring http://wiki2.dovecot.org/ACL) in acl files like:
in INBOX "owner lrwstipekx" where mail user can delete emails from inbox.

in Trash "anyone lrwsip" where from trash no one can remove emails.

12

Re: ACL (Access Control List) in SOGo

iRedMail configures Dovecot to enable per-user IMAP ACL support in "dict = {}" section (in dovecot.conf), if you don't want per-user IMAP ACL, comment it out and try again.

13

Re: ACL (Access Control List) in SOGo

Hi Zhang,

Are you referring acl line as stated below in dovecot.conf:

dict {
    #expire = db:/var/lib/dovecot/expire/expire.db
    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
    acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}

Just want to confirm before I apply it.

14

Re: ACL (Access Control List) in SOGo

Yes.

You can always build a virtual machine for testing, no need to confirm for every step.