Dovecot and user-shared mailboxes issue

NethServer Version: NethServer release 7.4.1708 (Final)
Module: Dovecot mailserver

ISSUE: User-shared mailboxes do not show in any client.

Hey all,

I am running into an issue that has got me puzzled a bit. I installed 2 Nethservers with the following specifics:

server1.example.com => 123.12.1.10 Nethserver on which AD was installed
nsdc.ad.example.com => 123.12.1.11 container running the AD VM
server2.example.com => 123.12.1.15 Nethserver running SOGo

Both server1 and server2 where installed with FQDN as .example.com on the network settings page (CentOS portion of install)
Both server1 and server2 where installed using defaults except for network settings, where I changed IP to fixed and altered the FQDN. I left 8.8.8.8 as DNS server. On install-completion I went through the web-portion of the setup, altered the SSH port to something we use locally for SSH, and ran a full update followed by a reboot cuz I played with Windows too long and it never hurts.

Both servers are in the same state, the only difference being their configured IP and hostname (incl FQDN) at this point.

I proceeded to install the AD account provider on server1, thus creating the domain/realm ad.example.com with virtual server nsdc.ad.example.com. server1 is auto joined, and exists now as server1.example.com and server1.ad.example.com. I created the users user1, user2 and sogobind.

I then proceeded to install SOGo on server2, joined server2 to the just created domain and checked if I could log into the webmail. All is working, I even got the sensible domain @example.com as email domain, instead of the expected @ad.example.com.

NOTE: I did not change the servername (FQDN) in the Nethserver webinterface of server2 prior to joining the domain, nor did I alter the DNS server in any way. The Nethserver webinterface shows only 8.8.8.8 being used as DNS server. I made that 172.16.1.6 now, but that shouldnt be related. A minor irk is not being able to correctly set the FQDN to server.ad.example.com before joining, and thus ending up with server.example.com in the webinterface and this in the Samba info:

servicePrincipalName: HOST/server.example.com
distinguishedName: CN=server,CN=Computers,DC=ad,DC=example,DC=com

Us using user1 and user2 kinda logins, I will require aliases just the same tho. So, after confirming I have the users in SOGo, I created aliases in the form .@example.com

user1@example.com has alias j.doe@example.com
user2@example.com has alias d.johnson@example.com

I connected a mailbox using IMAP and confirmed I can connect j.doe@example.com using user1 for credentials and d.johnson@example.com using user2.
I confirmed the same using EAX.

I altered the webinterface settings to reflect the email j.doe@example.com instead of user1.example.com. This works fine in both sending and receiving mail. Up till now, I am extremely happy as well … as this was done in less then no time at all.
However … once I try to share user1’s mailbox, either by delegating the complete mailbox or by granting every right possible with the webinterface on the INBOX to user2, the fun starts.

As documented I made sure that I had set shared mailboxes to enabled, even tho this is the new default iirc:

config setprop dovecot SharedMailboxesStatus enabled
signal-event nethserver-mail-server-update

… config getprop yada yada returns ‘enabled’, so yay… this is set up like it should.
I checked the dovecot.config, and it has the Shared namespace enabled.

From my understanding, this should now work and I should be able to log into SOGo with user2, and see user1’s mailbox in a now visible and populated Other users folder or something to that degree. I dont.
Nor does it show in Thunderbird or Outlook2016 or Android mail.

When I check permissions using doveadm acl debug -u user2 Shared/user1@example.com/INBOX it tells me the location doesnt exist. Same for Shared/d.johnson@example.com/INBOX.
I do have rights to open Shared/vmail@example.com/INBOX.
I am a bit newish to this, but from my understanding this is correct, correct ?

Whatever I do with the way I logon to the mailboxes (domain\user|user|user@domain|name@domain), from whatever client, I do not see the Shared namespace in the user-mailbox, populated with the user1 shared folders.

Can anybody point me in the right direction ? What does it take to enable this AND make it visible to user2 in this case ? (I already tried setting ACL’s with doveadm acl command. No luck.) I’m not near a work terminal right now but will provide everything but the raw disks if needed … I am going crazy over this one.

I ran into the same issue with the pre-release, but made a mess of the config files while ‘diagnosing’ (erring in hopes of eureka moment) the issue and didnt want to have to build my question on that … however, I am now running a clean install with minimal changes to the config.

I have tried just about every other solution out there … I hope I am just missing something really obvious, as this is kindof the last minor detail that needs fixing before I can migrate our production environment.

Thanks for reading, any suggestion is appreciated!

dovecot.conf part for the shared mailboxes:

.# Shared mailboxes are enabled
namespace SHARED_USERS {
type = shared
disabled = no
separator = /
prefix = Shared/%%n@example.com/
location = maildir:/var/lib/nethserver/vmail/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
subscriptions = no
list = children
}

Output of doveadm acl command:

[root@server2 dovecot]# doveadm acl get -u user2 Shared/vmail@example.com/INBOX

ID Global Rights
authenticated lookup
user=root admin create delete expunge insert lookup post read write write-deleted write-seen

[root@server2 vmail]# doveadm mailbox list -u user1 (user2 looks exactly the same)
Junk
Shared
Shared/vmail@example.com
Shared/vmail@example.com/INBOX
INBOX

[root@server2 vmail]# pwd
/var/lib/nethserver/vmail
[root@server2 vmail]# ls -al
total 4
drwx------ 9 vmail vmail 190 Nov 14 14:47 .
drwxr-xr-x. 9 root root 115 Nov 10 10:21 …
drwx------ 3 vmail vmail 21 Nov 14 14:23 user1
drwx------ 4 vmail vmail 34 Nov 10 12:37 user1@example.com
drwx------ 3 vmail vmail 21 Nov 14 14:47 user2
drwx------ 4 vmail vmail 34 Nov 10 12:26 user2@example.com
drwx------ 3 vmail vmail 21 Nov 10 10:22 root
-rw------- 1 vmail vmail 197 Nov 14 14:47 shared-mailboxes.db
drwx------ 3 vmail vmail 21 Nov 10 10:22 vmail
drwx------ 3 vmail vmail 21 Nov 10 12:20 vmail@example.com
[root@server2 vmail]#

[root@server2 Maildir]# ls -al
total 16
drwx------ 6 vmail vmail 233 Nov 15 11:47 .
drwx------ 3 vmail vmail 21 Nov 14 14:23 …
drwx------ 2 vmail vmail 6 Nov 15 11:47 cur
-rw------- 1 vmail vmail 0 Nov 14 14:47 dovecot-acl-list
-rw------- 1 vmail vmail 40 Nov 15 11:47 dovecot.index.log
-rw------- 1 vmail vmail 24 Nov 15 03:14 dovecot.mailbox.log
-rw------- 1 vmail vmail 8 Nov 15 03:14 dovecot-uidvalidity
-r–r--r-- 1 vmail vmail 0 Nov 15 03:14 dovecot-uidvalidity.5a0ba2f1
drwx------ 5 vmail vmail 108 Nov 15 03:14 .Junk
-rw------- 1 vmail vmail 0 Nov 15 11:47 maildirfolder
drwx------ 2 vmail vmail 6 Nov 15 11:47 new
-rw------- 1 vmail vmail 5 Nov 15 03:14 subscriptions
drwx------ 2 vmail vmail 6 Nov 15 11:47 tmp
[root@server2 Maildir]# ls -al …/…/user2@example.com/Maildir/
total 40
drwx------ 9 vmail vmail 4096 Nov 15 01:09 .
drwx------ 4 vmail vmail 34 Nov 10 12:37 …
drwx------ 2 vmail vmail 314 Nov 14 12:17 cur
-rw------- 1 vmail vmail 24 Nov 13 17:40 dovecot-acl
-rw------- 1 vmail vmail 17 Nov 13 17:40 dovecot-acl-list
-rw------- 1 vmail vmail 6956 Nov 15 01:09 dovecot.index.cache
-rw------- 1 vmail vmail 3556 Nov 14 12:18 dovecot.index.log
-rw------- 1 vmail vmail 96 Nov 14 12:12 dovecot.mailbox.log
-rw------- 1 vmail vmail 327 Nov 14 12:06 dovecot-uidlist
-rw------- 1 vmail vmail 8 Nov 14 12:12 dovecot-uidvalidity
-r–r--r-- 1 vmail vmail 0 Nov 10 12:35 dovecot-uidvalidity.5a058f1d
drwx------ 5 vmail vmail 108 Nov 14 12:12 .Drafts
drwx------ 5 vmail vmail 108 Nov 12 03:21 .Junk
-rw------- 1 vmail vmail 0 Nov 10 12:35 maildirfolder
drwx------ 2 vmail vmail 6 Nov 14 12:06 new
drwx------ 5 vmail vmail 135 Nov 15 01:09 .Sent
-rw------- 1 vmail vmail 23 Nov 14 12:12 subscriptions
drwx------ 2 vmail vmail 6 Nov 14 12:06 tmp
drwx------ 5 vmail vmail 108 Nov 14 09:59 .Trash

Note there being two folders with a maildir and both seem to be used. The @example.com version seems to be related to the SOGo webinterface. The index cache updated once I logged in there.

Given the date/time stamps, the other one is being used by my other mail clients.

Neither have something resembling a shared user-mailbox feature.

Above made me rethink … I have been setting permission using the SOGo webinterface, which seems to use a different folder within the vmail structure. Yesterday I had set permissions on user1 for user2 using webmail, but I also set permissions on user2 for user1, using doveacl. 'lo and behold the output of doveacl when I reverse my terms:

[root@server2 Maildir]# doveadm acl debug -u user2 Shared/user1@example.com/INBOX
doveadm(user2): Error: Mailbox ‘INBOX’ in namespace ‘Shared/user1@example.com/’ doesn’t exist in /var/lib/nethserver/vmail/user1/Maildir
[root@server2 Maildir]# doveadm acl debug -u user2 Shared/user1/INBOX
doveadm(user2): Error: Can’t open mailbox Shared/user1/INBOX: Mailbox doesn’t exist: Shared/user1/INBOX
[root@server2 Maildir]# doveadm acl debug -u user1 Shared/user2/INBOX
doveadm(user1): Error: Can’t open mailbox Shared/user2/INBOX: Mailbox doesn’t exist: Shared/user2/INBOX
[root@server2 Maildir]# doveadm acl debug -u user1 Shared/user2@example.com/INBOX
doveadm(user1): Info: Mailbox ‘INBOX’ is in namespace 'Shared/user2@example.com/'
doveadm(user1): Info: Mailbox path: /var/lib/nethserver/vmail/user2/Maildir
doveadm(user1): Info: Per-user private flags in mailbox: \Seen
doveadm(user1): Info: User user1 has no rights for mailbox
doveadm(user1): Error: User user1 is missing ‘lookup’ right
doveadm(user1): Info: Mailbox Shared/user2@example.com/INBOX is NOT visible in LIST
[root@server2 Maildir]# doveadm acl debug -u user2 Shared/user1@example.com/INBOX
doveadm(user2): Error: Mailbox ‘INBOX’ in namespace ‘Shared/user1@example.com/’ doesn’t exist in /var/lib/nethserver/vmail/user1/Maildir
[root@server2 Maildir]# doveadm acl debug -u user2 Shared/user1/INBOX
doveadm(user2): Error: Can’t open mailbox Shared/user1/INBOX: Mailbox doesn’t exist: Shared/user1/INBOX

So … /me thinks I need to play around with the name used in the config files to iron this out … am I mistaken or still missing something ?

Nobody encountered this yet ?

I solved part of the issue by following this guide:

https://community.nethserver.org/t/sogo-and-ad-brainstorming/8024/34?u=planet_jeroen

I get proper names in /var/lib/nethserver/vmail/ now.
Except that the part that enables user-shared mailboxes in the dovecot config will likely never work like this … will it ?

// Shared mailboxes are { $dovecot{SharedMailboxesStatus} }
namespace SHARED_USERS {
type = shared
disabled = { $dovecot{SharedMailboxesStatus} eq ‘enabled’ ? ‘no’ : ‘yes’ }
separator = /
prefix = Shared/%%n@{{ $DomainName }}/
location = maildir:/var/lib/nethserver/vmail/%%u/Maildir:INDEXPVT=~/Maildir/shared**/%%u**
subscriptions = no
list = children
}

Aside from that, this works like a charm and is much preferred. How do I ever get dovecot to look in the right folder for shared mailboxes tho ?
sogo.log

Nov 17 14:19:49 sogod [9673]: [ERROR] <0x0x5589e2e4f460[NGImap4Connection]> could not select URL: imap://t.account%40example.com@localhost/Shared/: {RawResponse = “{ResponseResult = {description = “Mailbox doesn’t exist: Shared”; result = no; tagId = 6; }; }”; reason = “Mailbox doesn’t exist: Shared”; result = 0; } Nov 17 14:19:49 sogod [9673]: 192.168.50.38 “POST /SOGo/so/lmst01/Mail/0/folderShared/view HTTP/1.1” 500 72/48 0.340 - - 0

This will not ever match afaik … can I implement email like I am trying atm or is this fruitless and a massive waste of time ?

Sorry for not jumping into the thread so far. I don’t have any clue but I can tag these people:
@gg_jr @hucky @rowihei @bruno @gerald_fs @miko10 @transocean @asl @frx44 @flatspin @Pascal_Michard @GOB @kisaacs @wclemo

I’m sorry for not keeping track:

https://community.nethserver.org/t/bug-user-shared-mailboxes-shared-through-sogo-not-working-for-imap-or-sogo/8324/20?u=planet_jeroen