[Dovecot] Using a Sieve script to handle delivery to public mailboxes

2014-03-15 Thread Alessandro Menti 

Hello everyone,
I'm setting up a Postfix+Dovecot stack with virtual domains and public 
mailboxes.


I set up a shared mailbox "off...@mydomain.com" as described in the 
Dovecot Wiki [1], that is:

- I created the directory "/var/mail/mydomain.com/public/" and inside
  it I created the ".office" mailbox;
- I added an appropriate ACL to allow the account
  "presid...@mydomain.com" to read and edit that mailbox under a public
  namespace;
- I added a Sieve script to handle delivery to the public mailbox (its
  location is /var/mail/mydomain.com/public/.office/.dovecot.sieve).

Some other relevant details about my configuration:
- The backend used by Postfix and Dovecot to handle virtual
  aliases/domains/maps is a MySQL database. Since the virtual user
  table is used by other applications as well, I decided to keep it
  "clean" and to make use of another "virtual mailboxes" table (see
  /etc/dovecot/dovecot-sql.conf.ext below). The password_query setting
  returns only results from the virtual user table (so that only real
  users can authenticate on the IMAP server), while the user_query
  setting returns results from both the virtual user and the virtual
  mailbox table (so that dovecot-lda can choose the correct mailbox).
- The queries saved in password_query and user_query return the correct
  results when executed manually: the home directory for the
  "off...@mydomain.com" virtual mailbox is set to /var/mail/mydomain.com
  /public/.office.
- Delivery from and to the "presid...@mydomain.com" account is regular,
  and that account is able to access the "off...@mydomain.com" virtual
  mailbox (I have tested this by speaking IMAP to the server and by
  performing a manual check using Thunderbird).

I encountered a problem with this setup: when I send a message to the 
"off...@mydomain.com" account, the Postfix logs say it is correctly 
delivered via Dovecot, but the Sieve script says it can not find the 
folder "Public/.office". As a consequence, Dovecot creates a new Maildir 
in /var/mail/mydomain.com/office and delivers the mail there instead of 
saving it in the correct directory (/var/mail/mydomain.com/public/.office).


Is there something I set incorrectly in my configuration? What is 
causing Dovecot not to recognize the correct mailbox during delivery? Is 
there a way to list all mailboxes seen by dovecot-lda itself?


Thanks,
Alessandro Menti

[1] http://wiki2.dovecot.org/SharedMailboxes/Public
-
Dovecot and OS version: 2.0.19, Ubuntu 12.04 LTS
Output of "dovecot -n":

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.0-46-generic i686 Ubuntu 12.04.4 LTS ext4
auth_mechanisms = plain login
login_greeting = IMAP server ready.
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/var/mail/%d/%n/Maildir
mail_plugins = acl
mail_uid = vmail
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:/var/mail/mydomain.com/public
  prefix = Public/
  separator = /
  subscriptions = no
  type = public
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  sieve = ~/.dovecot.sieve
  sieve_before = /var/mail/sieve/
  sieve_dir = ~/sieve
}
postmaster_address = postmas...@mydomain.com
protocols = " imap"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-userdb {
group = vmail
mode = 0660
user = dovecot
  }
}
ssl_cert = 

/etc/dovecot/dovecot-sql.conf.ext:

driver = mysql
connect = host=127.0.0.1 dbname=dbname user=username password=password
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE 
email='%u';
user_query = SELECT home FROM virtual_users WHERE email = '%u' UNION SELECT 
home FROM virtual_shared_mailboxes WHERE email = '%u'


Extract from /var/log/mail.log:

Mar 15 11:43:07 phoenix postfix/pickup[1404]: 3BA221FFD1: uid=0 from=
Mar 15 11:43:07 phoenix postfix/cleanup[4871]: 3BA221FFD1: 
message-id=<20140315104307.3ba221f...@mail.mydomain.com>
Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1: 
from=, size=316, nrcpt=1 (queue active)
Mar 15 11:43:07 phoenix dovecot: auth-worker: mysql(127.0.0.1): Connected to 
database mailserver
Mar 15 11:43:07 phoenix postfix/pipe[4875]: 3BA221FFD1: 
to=, relay=dovecot, delay=0.15, delays=0.05/0.03/0/0.07, 
dsn=2.0.0, status=sent (delivered via dovecot service)
Mar 15 11:43:07 phoenix postfix/qmgr[7691]: 3BA221FFD1: removed


Extract from /var/log/dovecot-lda.log:

Mar 15 11:43:07 lda: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules
Mar 15 11:43:07 lda: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Mar 15 11:43:07 lda: Debug: Module loaded: 
/usr/lib/dovecot/modules/li

Re: [Dovecot] Using a Sieve script to handle delivery to public mailboxes

2014-03-19 Thread Alessandro Menti 
Il 19/03/2014 08:15, Steffen Kaiser ha scritto:
> On Wed, 19 Mar 2014, Steffen Kaiser wrote:
> 
>> IMHO, the behaviour matches your config.
> 
> If my assumption in my previous message is correct, you will have some
> options:
> 
> a) have UserDB return "mail",
> b) make mail_location depend on home via ~
> c) create a symlink default location -> public
> d) forward office to some other user where you use
> "fileinto Public/office"
> e) ...
> 
> -- Steffen Kaiser
> 
> 
Thanks - I mistakenly thought for some unknown reason that returning
just "home" from the UserDB query had effect on the user's mail location
as well.

I added a "mail" column to the database tables and edited the
userdb_query to make it return "user" as well - now everything is fine.

Thank you very much again for your help!
Alessandro Menti
-- 
A neutron walks into a bar and asks how much for a drink.
The bartender replies "for you, no charge".
-- Sheldon Cooper, The Big Bang Theory

Re: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL

2014-04-18 Thread Alessandro Menti 

Il 18/04/2014 19:57, Charles Marcus ha scritto:

Hi all,

Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let me buy some real certs...

Until now, we've been using self-signed certs with the following dovecot
config:

ssl = required
ssl_cert = 
Hi Charles,
the RapidSSL documentation is wrong:
1) as you noted, you should use "ssl_cert" instead of "ssl_cert_file",
   and so on;
2) the file paths should be prefixed by "<", otherwise Dovecot will not
   read the files;
3) the "ssl_ca" setting is *not* used to make Dovecot reference
   intermediate certificates in the trust chain - it is used to specify
   trusted CAs in case you want to perform TLS client certificate
   authentication, which I suppose you do not want to do.

You should:
1) make a backup copy of /etc/ssl/ourNewCerts/mail.ourdomain.com.crt;
2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of
   the file, paste the contents of /etc/ssl/ourNewCerts
   /RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts
   /mail.ourdomain.com.crt should contain the certificate for
   mail.ourdomain.com and the intermediate RapidSSL certificate (in
   that order);
3) use the following settings:
ssl = required
ssl_cert =

Re: [Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL

2014-04-18 Thread Alessandro Menti 

Il 18/04/2014 22:08, Charles Marcus ha scritto:

On 4/18/2014 3:32 PM, Alessandro Menti  wrote:

2) open /etc/ssl/ourNewCerts/mail.ourdomain.com.crt and, at the end of
   the file, paste the contents of /etc/ssl/ourNewCerts
   /RapidSSL_Intermediate.crt; in the end, /etc/ssl/ourNewCerts
   /mail.ourdomain.com.crt should contain the certificate for
   mail.ourdomain.com and the intermediate RapidSSL certificate (in
   that order);


The Intermediate file already contained 2 certs... so, after I added it
to mine, it now contains 3 certs...

Is that right?

That's right.

Regards,
Alessandro Menti