

We're trying to configure the shared mailbox feature\namespace on a dovecot
2.3 installation .


OS : Ubuntu 22.04 x64

Dovecot : 2:


Our test enviroment is based on a dovecot frontend ( director + proxy ) and
a dovecot backend ( auth  and storage ), later we will think about
increasing the number of backends and frontends ( if we got it right, as we
plan to use multiple backends, we should use imapc in order to bind the
sharer and the accessing user to the same backend )  .


On dovecot backend we've configured the new shared namespace, as stated in
the documentation (
es/#user-shared-mailboxes ) :

-- Dovecot conf --------------------

# Maildir's location is under home dir, which is returned by userdb.

mail_location = maildir:~/Maildir:VOLATILEDIR=/tmp_lock/%2.256Nu/%u


# Quota, mail_log plugins enabled everywhere

mail_plugins = quota notify acl fts fts_lucene mail_log mailbox_alias


# Default namespace

namespace {

  hidden = no

  inbox = yes

  location =

  prefix =

  separator = /

  type = private


mailbox Sent {

   special_use = \Sent

   auto = create


mailbox Trash {

   special_use = \Trash

   auto = create


mailbox Drafts {

   special_use = \Drafts

   auto = create


mailbox SPAM {

   special_use = \Junk

  auto = create




# namespace used by virtual search

namespace {

   prefix = VrtSearch.

   separator = /

   location = virtual:/etc/dovecot-common-backend/virtual:INDEX=~/virtual

         hidden = yes

         subscriptions = no

         inbox = no

         list = no





service dict {

  unix_listener dict {

    mode = 0600

    user = vpopmail

    group = vchkpw




plugin {

  acl = vfile

  acl_ignore_namespace = shared/*

  acl_shared_dict = proxy::acl-mysql



dict {

  acl-mysql = mysql:/etc/dovecot-common-backend/dovecot-dict-sql.conf.ext



# namespace used for IMAP sharing feature

namespace {

  type = shared

  separator = /

  prefix = shared/%%u/

  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

  list = children

  subscriptions = no



-- Dovecot dict sql --------------------


connect = host=x.x.x.x dbname=xxxxxx user=xxxxxx password=xxxxxx

map {

  pattern = shared/shared-boxes/user/$to/$from

  table = imap_user_shares

  value_field = dummy


  fields {

    from_user = $from

    to_user = $to




map {

  pattern = shared/shared-boxes/anyone/$from

  table = imap_anyone_shares

  value_field = dummy


  fields {

    from_user = $from




-- Dict DB contents --------------------

mysql> select * from imap_user_shares;


| from_user                                | to_user
| dummy |


| test.imapshare...@td01.testdomain.it     |
test.imapuse...@td01.testdomain.it     | 1     |




For our tests, we've :

- created two users




- Created two INBOX subfolders on the sharer01 user, giving user01 those
permissions :

subfolder01 giving to user01 Full control

subfolder02ro giving to user01 list and read 


- logging as user01 with thunderbird, we see the shared namespace tree :






we're able to see the contents of each folder, even the INBOX .

Checking the folder properties, thunderbird reports that the user01 has full
control on the INBOX of shared01 .


If we try to check the ACL via python script ( imaplib.gestacl ) or via
doveadm, we can see that the sharer01 INBOX has no rights for user01 .

But via thunderbird ( or other email clients ) we can delete emails .


ACL - sharer01 accessing its folder

('OK', [b'INBOX test.imapshare...@td01.testdomain.it lrwstipekxacd'])

('OK', [b'subfolder01 test.imapuse...@td01.testdomain.it akxeilprwtscd
test.imapshare...@td01.testdomain.it lrwstipekxacd'])

('OK', [b'subfolder02ro test.imapuse...@td01.testdomain.it lr
test.imapshare...@td01.testdomain.it lrwstipekxacd'])


ACL - user01 accessing sharer01 folders

('OK', [b'shared/test.imapshare...@td01.testdomain.it/INBOX'])

('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder01
test.imapuse...@td01.testdomain.it akxeilprwtscd'])

('OK', [b'shared/test.imapshare...@td01.testdomain.it/subfolder02ro
test.imapuse...@td01.testdomain.it lr'])


Testing with doveadm shows the correct ACL :


# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox 'INBOX' is in
namespace 'shared/test.imapshare...@td01.testdomain.it/'

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox path:

doveadm(test.imapuse...@td01.testdomain.it): Info: All message flags are
shared across users in mailbox

doveadm(test.imapuse...@td01.testdomain.it): Info: User
test.imapuse...@td01.testdomain.it has no rights for mailbox

doveadm(test.imapuse...@td01.testdomain.it): Error: User
test.imapuse...@td01.testdomain.it is missing 'lookup' right

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox
shared/test.imapshare...@td01.testdomain.it/INBOX is NOT visible in LIST


# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox 'subfolder01' is
in namespace 'shared/test.imapshare...@td01.testdomain.it/'

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox path:

doveadm(test.imapuse...@td01.testdomain.it): Info: All message flags are
shared across users in mailbox

doveadm(test.imapuse...@td01.testdomain.it): Info: User
test.imapuse...@td01.testdomain.it has rights: lookup read write write-seen
write-deleted insert post expunge create delete admin

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox found from

doveadm(test.imapuse...@td01.testdomain.it): Info: User
test.imapshare...@td01.testdomain.it found from ACL shared dict

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox
shared/test.imapshare...@td01.testdomain.it/subfolder01 is visible in LIST


# doveadm -c /etc/dovecot-backend01/dovecot.conf acl debug -u

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox 'subfolder02ro'
is in namespace 'shared/test.imapshare...@td01.testdomain.it/'

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox path:

doveadm(test.imapuse...@td01.testdomain.it): Info: All message flags are
shared across users in mailbox

doveadm(test.imapuse...@td01.testdomain.it): Info: User
test.imapuse...@td01.testdomain.it has rights: lookup read

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox found from

doveadm(test.imapuse...@td01.testdomain.it): Info: User
test.imapshare...@td01.testdomain.it found from ACL shared dict

doveadm(test.imapuse...@td01.testdomain.it): Info: Mailbox
shared/test.imapshare...@td01.testdomain.it/subfolder02ro is visible in LIST


in the debug log we can see the delete operation :

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: Mailbox opened

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug: acl
vfile: file
/dovecot-acl not found

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox shared/test.imapshare...@td01.testdomain.it: Mailbox opened

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: Adding field flags to cache for the first time (uid=0)

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: saving UID 0: Opened mail because: header Message-ID (Cache
file is unusable)

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: Adding field hdr.Message-ID to cache for the first time

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox shared/test.imapshare...@td01.testdomain.it: UID 1: Expunge

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: Purging (new file_seq=1668506005): creating cache

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox Trash: Purging finished, file_seq changed 0 -> 1668506005, size=0 ->
412, max_uid=0

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Info: copy
from shared/test.imapshare...@td01.testdomain.it: box=Trash, uid=1,

Nov 15 10:53:25 imap(357716 test.imapuse...@td01.testdomain.it):Info:
expunge: box=shared/test.imapshare...@td01.testdomain.it, uid=1,

Nov 15 10:53:26 imap(357716 test.imapuse...@td01.testdomain.it):Debug:
Mailbox shared/test.imapshare...@td01.testdomain.it: UID 1: Mail expunged


After we delete a message, we cannot find it on the Trash folders ( user01
or sharer01 ) .



Are we missing something ?






Reply via email to