Timo Sirainen <t...@iki.fi> wrote:
> On 23.11.2012, at 13.27, Alessio Cecchi wrote:
>> Il 23/11/2012 08:07, Timo Sirainen ha scritto:
>>> BTW. Do you have multiple Dovecot backend servers? Director works
>>> only when you're not using shared mailboxes..
>> I'm not happy to hear that, so if today we are running one dovecot
>> server with shared mailbox enabled and tomorrow we will switch to a
>> more complex installation with Director we will be unable to still
>> provide shared mailbox to our customers?
> You can't reliably do it if the mailboxes are accessed directly via
> NFS. The current idea to solve this is to use imapc backend with
> master users, so the actual mailbox access for each user is always
> done by only one server. I think someone already managed to configure
> such a setup.
This was me.
It works (with one minor quirk, more on this later) in my current test
setup like so:
a) 1 to X user-servers with the users mailboxes on them
b) 1 shared-server with the shared mailboxes on them
On the user-servers I have namespace like this:
namespace {
list = yes
location = imapc:~/imapc-shared
prefix = IMAPShared/
separator = /
subscriptions = no
type = public
}
and a userdb like this:
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields = uid=virtmail gid=virtmail home=/srv/mail/%2MLn/%Ln/
imapc_password=%w quota_rule2=Trash:ignore
driver = ldap
}
Note the "imapc_password=%w" in the default_fields. This is needed to
pass the users login-password to the shared-server.
The imapc proxy code is configured like this:
imapc_host = m-st-sh-01.example.com
imapc_master_user = %u
imapc_user = shared
This uses the original user as the master-user and a fixed user with the
original users password to login into the shared-server.
Note: You CANNOT have ACLs activated on the users-servers, because this
will interfere with the permissions of ht IMAPShared namespace,
rendering the mailboxes located in there unavailable for your users.
The shared-storage then uses a static passdb for the user "shared":
passdb {
args = user=shared password=complicatedpasswordhere
driver = static
}
and a static userdb for the virtual-user:
userdb {
args = uid=virtmail gid=virtmail home=/srv/mail/%Ln
driver = static
}
and additional a passdb for the "master" users:
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
master = yes
pass = yes
}
which are pulled from LDAP, just like on the user-servers.
Now the mentioned quirk: Because all connections on the shared-server
are made to the same user "shared" and are coming from very few IPs
(the 1 to X user-servers), you need to set a very high
mail_max_userip_connections value.
I set mine to 1000 just to be sure.
---> But: I have NOT configured login_trusted_networks, so this may be
my error in that case.
And, a second quirk: You can only offer admin-provided shared folders,
your users CANNOT share folders themselves, because there is quite some
manual work involved in creating and setting them up on the central
shared-server.
For example: To provide a Mailbox with the Name "Test.3" in IMAPShared I
need the following directory structure on m-st-sh-01.example.com:
/srv/mail/shared/mdbox/mailboxes/Test.3/
In .../Test.3/ there is the dbox-Mails folder with the indexes and other
meta information. The admin needs to create the dovecot-acl file to
configure the access permissions:
root@m-st-sh-01:/srv/mail/shared/mdbox/mailboxes/Test.3/dbox-Mails# cat
dovecot-acl
user=gbgr14 lrwstipek
user=bbgr99 lrwstipek
The users are then able to see those folders as IMAPShared/Test.3/,
subscriptions are managed inside the users own subscription file on
their respective "home" server, while flages and tags are shared.
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
