Re: [Dovecot] Plugins: virtuals vs acls

2016-09-20 Thread Leho Kraav 
>On Fri, 2011-09-16 at 14:48 +0300, Leho Kraav wrote:
>
>How can I make `LargeMailbox` readable from a virtual without giving the
>mail client the ability to read all of `LargeMailbox` on its own?


Symlinking a hidden "secret key" mailbox name works:

1. Symlink LargeMailbox -> 
LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si (secret key)

2. Start using `vfile:/etc/dovecot/global-acl`

LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si user=Moi rwsi (hide 
mailbox, but allow modifications)
LargeMailbox.Virtual.30d user=Moi lrwsip (full list + modification permissions)

3. `LargeMailbox.Virtual.30d/dovecot-virtual`

!LargeMailbox.sa0yaiy9Nah0thoo5do9iew1ciJaeXahphoox4si (save to backing mailbox)
  all younger 2592000


Remaining excercise questions:

* any more sensible / simpler techniques available?

* any holes - is it possible for user=Moi to somehow learn the
  "secret key" name of the backing mailbox?

Re: [Dovecot] Plugins: virtuals vs acls

2016-09-19 Thread Leho Kraav 
On Fri, Sep 16, 2011 at 03:03:47PM +0300, Timo Sirainen wrote:
..On Fri, 2011-09-16 at 14:48 +0300, Leho Kraav wrote:
..
..> dovecot-virtual:
..> *
..>all
..> 
..> when dovecot-acl files restrict some subset of * for a user, does 
..> dovecot respect these ACLs when collecting messages for virtual folder? 
..
..If they aren't respected, it's a bug.

(dovecot-2.2.19)

So, 5 years later, I got to implementing `dovecot-virtual` :)

I'd like to set up a `LargeMailbox/Virtual/30d` mailbox that restricts
the view of a hidden, and otherwise inaccessible `LargeMailbox` to "last
30 days" rolling window.

`dovecot-virtual` for that is simple enough, but ACL-s get in the way.

LargeMailbox ACL user=Moi none
LargeMailbox/Virtual/30d ACL user=Moi lrwsip

It looks like `docevot` is correctly restricting reading
`LargeMailbox` - user Moi is able to subscribe the mailbox, but sees
zero messages in there.

How can I make `LargeMailbox` readable from a virtual without giving the
mail client the ability to read all of `LargeMailbox` on its own?

-- 
Leho Kraav, senior technology & marketing architect
Mobile: +372-56-603673
G+: lkoogliz...@gmail.com

[Dovecot] 2.2.12: Panic: file mail-index.c: line 380 (mail_index_keywords_unref): assertion failed: (keywords-refcount 0)

2014-02-23 Thread Leho Kraav 
I upgraded 2.1 - 2.2 something like a week ago because I needed 
INDEXPVT. Not sure if this crash started immediately or not, noticed it 
today looking at journalctl.


Backtrace http://bpaste.net/raw/181944/ and pasted below.

This seems to crash on every IMAP connection made, so any ideas for a 
possible client-level workaround are quite welcome until dovecot code 
improves here.


root@server ~ $ dovecot -n
# 2.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.54-vs2.3.3.5+pf64 x86_64 Gentoo Base System release 2.2 ext4
hostname = *hidden*
listen = 192.168.1.2
log_path = /dev/stderr
log_timestamp =
mail_gid = mail
mail_home = /secure/Maildir/%n
mail_location = Maildir:/secure/Maildir/%n
mail_plugins = acl
mail_privileged_group = mail
mail_uid = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

namespace {
  list = children
  location = 
maildir:/secure/Maildir/%%n:INDEXPVT=/secure/Maildir/%n/shared/%%n

  prefix = Shared.%%n.
  separator = .
  subscriptions = no
  type = shared
}
namespace {
  location = 
maildir:/secure/Maildir/projekt:INDEX=/secure/Maildir/%n/projekt

  prefix = Projekt.
  separator = .
  subscriptions = no
  type = public
}
namespace {
  location = maildir:/secure/Maildir/rss:INDEX=/secure/Maildir/%n/rss
  prefix = RSS.
  separator = .
  subscriptions = no
  type = public
}
namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
  separator = .
  subscriptions = yes
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/secure/Maildir/shared-mailboxes.db
  mail_log_events = mailbox_delete
  sieve = /secure/Maildir/%n/dovecot-sieve
  sieve_dir = /secure/Maildir/%n/sieve
  sieve_global_path = /etc/dovecot/sieve/default.sieve
}
postmaster_address = postmaster
protocols = imap lmtp sieve
service auth {
  unix_listener auth-userdb {
mode = 0600
user = mail
  }
  user = mail
}
service imap-login {
  inet_listener imap {
port = 143
  }
  inet_listener imaps {
port = 993
ssl = yes
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
}
ssl_cert = /etc/ssl/server.crt
ssl_key = /etc/ssl/server.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lda {
  mail_plugins = acl sieve acl
}
protocol imap {
  mail_max_userip_connections = 20
  mail_plugins = acl imap_acl
}
protocol sieve {
  managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date

}

#0  0x7f64da799535 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x7f64da79a9b8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x7f64dab76dc5 in default_fatal_finish (type=optimized out, 
status=status@entry=0) at failures.c:193
backtrace = 0xae54a8 
/usr/lib64/dovecot/libdovecot.so.0(+0x6adcf) [0x7f64dab76dcf] - 
/usr/lib64/dovecot/libdovecot.so.0(+0x6ae2e) [0x7f64dab76e2e] - 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f64dab30d4e] - /usr...
#3  0x7f64dab76e2e in i_internal_fatal_handler (ctx=0x7fffb9d88d00, 
format=optimized out, args=optimized out) at failures.c:657

status = 0
#4  0x7f64dab30d4e in i_panic (format=format@entry=0x7f64dae79848 
file %s: line %d (%s): assertion failed: (%s)) at failures.c:267

ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 
0x7fffb9d88df0, reg_save_area = 0x7fffb9d88d30}}
#5  0x7f64dae59fbc in mail_index_keywords_unref 
(_keywords=optimized out) at mail-index.c:380

keywords = optimized out
__FUNCTION__ = mail_index_keywords_unref
#6  0x7f64dae22657 in mailbox_copy (_ctx=optimized out, 
mail=mail@entry=0xbcf260) at mail-storage.c:2140

ctx = 0xbd3a80
t = 0xbcd580
keywords = 0xbd4a50
pvt_flags = 0
real_mail = optimized out
ret = -1
__FUNCTION__ = mailbox_copy
#7  0x7f64dae2270d in mailbox_move (_ctx=optimized out, 
mail=0xbcf260) at mail-storage.c:2153

ctx = 0xbd3a80
#8  0x0040e72d in fetch_and_copy (copy_count_r=synthetic 
pointer, src_uidset_r=synthetic pointer, search_args=optimized out, 
src_trans_r=0x7fffb9d88e88, t=0xbcd580, move=true, client=0xb0de50) at 
cmd-copy.c:67

search_ctx = 0xbcefe0

[Dovecot] Plugins: virtuals vs acls

2011-09-16 Thread Leho Kraav 

Hi all

dovecot-virtual:
*
  all

when dovecot-acl files restrict some subset of * for a user, does 
dovecot respect these ACLs when collecting messages for virtual folder? 
I'd like a confirmation about what I should be seeing when I start 
implementing this setup.