Package: dovecot-core
Version: 1:2.4.1+dfsg1-6
Severity: important
Dear Maintainer,
after upgrading to trixie, I reconfigure dovecot - starting with the
maintainer's
config files due to the complete change of config syntax - and got it working
again
serving the existing mailboxes.
I again configured /var/mail/%{user | username} as mail_inbox_path, at a
separate
location from all other mailboxes at some directory at user's home. All
mailboxes
remain in mbox format as before.
When I set up a mail inbox path in shared namespace, dovecot is attempting to
delete
the lexicographically first user "someotheruser" who is sharing their mailboxes,
whenever a user "someuser" with read access to that mailboxes is updating the
mailbox list:
journalctl output with mail_inbox_path setup for shared namespace
-----------------------------------------------------------------
Aug 16 16:43:59 somehost systemd[1]: Started dovecot.service - Dovecot
IMAP/POP3 email server.
Aug 16 16:44:05 somehost dovecot[65636]: imap-login: Login aborted: Logged out
(no auth attempts in 0 secs) (no_auth_attempts): user=<>, rip=some::ipv6,
lip=some::ipv6, session=<xojHiXw8zKP95iU4WzA7U7on6//+m0as>
Aug 16 16:44:14 somehost auth[65647]: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6
user=someuser
Aug 16 16:44:14 somehost dovecot[65636]: imap-login: Logged in:
user=<someuser>, method=PLAIN, rip=some::ipv6, lip=some::ipv6, mpid=65651, TLS,
session=<0klNinw8fJIqAgkIAbCIAAL////+ESJD>
Aug 16 16:44:14 somehost dovecot[65636]:
imap(someuser)<65651><0klNinw8fJIqAgkIAbCIAAL////+ESJD>: Disconnected: Logged
out in=98 out=1253 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0
body_count=0 body_bytes=0
Aug 16 16:44:14 somehost auth[65647]: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6
user=someuser
Aug 16 16:44:14 somehost dovecot[65636]: imap-login: Logged in:
user=<someuser>, method=PLAIN, rip=some::ipv6, lip=some::ipv6, mpid=65656, TLS,
session=<tE5Oinw8hpIqAgkIAbCIAAL////+ESJD>
Aug 16 16:44:14 somehost dovecot[65636]:
imap(someuser)<65656><tE5Oinw8hpIqAgkIAbCIAAL////+ESJD>: Error:
rmdir(/var/mail/someotheruser) failed: Permission denied
-----------------------------------------------------------------
(Note: the authentication failure listed here appears to come from a certain
pam module that doesn't know someuser, but is cured by another pam module
in the stack that can authenticate someuser)
This otheruser's INBOX will _not_ be displayed in the folder list for someuser,
whereas the INBOX of lexicographically following user is not attempted to rmdir,
and _do_ show up for the authorized someuser.
When, for testing purposes, I remove mail_inbox_path from the shared namespace's
configuration, obviously all otheruser's INBOX'es disappear from the folder list
of someuser. But now dovecat attempts to rmdir someuser's own inbox:
journalctl output with no mail_inbox_path configured for shared namespace,
but only for inbox namespace
----------------------------------------------------------------
Aug 16 16:34:48 mailserver systemd[1]: Started dovecot.service - Dovecot
IMAP/POP3 email server.
Aug 16 16:34:48 mailserver unix_chkpwd[65322]: password check failed for user
(someuser)
Aug 16 16:34:48 mailserver auth[65320]: pam_unix(dovecot:auth): authentication
failure; logname= uid=0 euid=0 tty=dovecot ruser=someuser rhost=some::ipv6
user=someuser
Aug 16 16:34:48 mailserver dovecot[65315]: imap-login: Logged in:
user=<someuser>, method=PLAIN, rip=some::ipv6 lip=some::ipv6, mpid=65324, TLS,
session=<uViUaHw8psgqAgkIAbCIAAL////+ESJD>
Aug 16 16:34:48 mailserver dovecot[65315]:
imap(someuser)<65324><uViUaHw8psgqAgkIAbCIAAL////+ESJD>: Error:
rmdir(/var/mail/someuser) failed: Permission denied
----------------------------------------------------------------
In this case, however someuser's INBOX remains in the folder list.
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- Package-specific info:
dovecot configuration
---------------------
...
mail_driver = mbox
mail_gid = familie
mail_home = /home/%{user | username}
mail_inbox_path = /var/mail/%{user | username}
mail_path = ~/IMail
mail_plugins {
acl = yes
fts = yes
fts_solr = yes
}
mail_privileged_group = mail
...
mail_shared_explicit_inbox = yes
protocols {
imap = yes
sieve = yes
}
passdb pam {
}
userdb passwd {
}
namespace inbox {
mail_driver = mbox
mail_inbox_path = /var/mail/%{user | username}
mail_path = ~/IMail
inbox = yes
subscriptions = yes
type = private
mailbox Drafts {
special_use = "\\Drafts"
}
mailbox Junk {
special_use = "\\Junk"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Sent {
special_use = "\\Sent"
}
mailbox "Sent Messages" {
special_use = "\\Sent"
}
}
namespace shared {
mail_driver = mbox
# this following setting removed for 2nd test
mail_inbox_path = /var/mail/%{owner_user | username }
mail_index_private_path = ~/.dovecot-index/shared/%{owner_user}
mail_path = %{owner_home}/IMail
list = yes
prefix = shared/$username/
separator = /
subscriptions = no
type = shared
}
acl_sharing_map {
dict file {
path = /var/lib/dovecot/db/shared-mailboxes.db
}
}
protocol imap {
mail_plugins {
imap_acl = yes
}
}
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service auth {
unix_listener auth-userdb {
group = users
mode = 0660
user = mail
}
unix_listener auth-exim {
group = sasl
mode = 0660
type = auth-legacy
user = mail
}
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
ssl_server {
cert_file = /etc/letsencrypt/live/mail.flying-snail.de/fullchain.pem
key_file = /etc/letsencrypt/live/mail.flying-snail.de/privkey.pem
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service managesieve {
}
language de {
default = yes
}
language en {
}
fts solr {
url = http://localhost:8983/solr/dovecot/
}
-- System Information:
Debian Release: 13.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.41+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dovecot-core depends on:
ii adduser 3.152
ii dovecot-sieve 1:2.4.1+dfsg1-6
ii init-system-helpers 1.68
ii libapparmor1 4.1.0-1
ii libbz2-1.0 1.0.8-6
ii libc6 2.41-12
ii libcap2 1:2.75-10+b1
ii libcrypt1 1:4.4.38-1
ii libexttextcat-2.0-0 3.4.7-1+b1
ii libicu76 76.1-4
ii liblua5.4-0 5.4.7-1+b2
ii liblz4-1 1.10.0-4
ii libpam-runtime 1.7.0-5
ii libpam0g 1.7.0-5
ii libsodium23 1.0.18-1+b2
ii libssl3t64 3.5.1-1
ii libstemmer0d 2.2.0-4+b2
ii libsystemd0 257.7-1
ii libtirpc3t64 1.3.6+ds-1
ii libunwind8 1.8.1-0.1
ii libzstd1 1.5.7+dfsg-1
ii openssl 3.5.1-1
ii ssl-cert 1.1.3
ii ucf 3.0052
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests:
pn dovecot-flatcurve <none>
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.4.1+dfsg1-6
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
ii dovecot-managesieved 1:2.4.1+dfsg1-6
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
pn dovecot-pop3d <none>
ii dovecot-solr 1:2.4.1+dfsg1-6
pn dovecot-sqlite <none>
pn dovecot-submissiond <none>
pn ntp <none>
Versions of packages dovecot-core is related to:
ii dovecot-core [dovecot-common] 1:2.4.1+dfsg1-6
pn dovecot-dev <none>
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.4.1+dfsg1-6
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
ii dovecot-managesieved 1:2.4.1+dfsg1-6
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
pn dovecot-pop3d <none>
ii dovecot-sieve 1:2.4.1+dfsg1-6
pn dovecot-sqlite <none>
-- Configuration Files:
/etc/default/dovecot changed:
ENABLED=1
ALLOW_COREDUMPS=1
-- debconf information:
dovecot-core/ssl-cert-name: localhost
dovecot-core/create-ssl-cert: false
* dovecot-core/ssl-cert-exists:
